Tor Exit Relay: Block WordPress Comment-Spam with iptables

Achtung! Dieser Artikel ist älter als ein Jahr. Der Inhalt ist möglicherweise nicht mehr aktuell!

I’ve seen in network traces that my Tor exit relay is heavily used by spammer. Normally it’s the „victims“ job to secure their comment section but I want to help by rejecting WordPress comments over my relay.

My first idea was to route the Tor traffic through a proxy. But while researching I found out that iptables is capable of doing some basic kind of traffic inspection.

Checking

Since Friday 9 o’Clock I reject every POST request to a HTTP server over my exit relay. This was done using the following rule:

iptables -I OUTPUT -s 31.220.45.6 -p tcp --dport 80 -m string --string 'POST /' --algo bm -j REJECT --reject-with tcp-reset -m comment --comment "Tor POST block"

Since that, this rule was used for round about 616.000 times and rejected 380 MB traffic. It’s of course not very usefull since every POST request is blocked (like when solving captchas) and not just WordPress comment submissions.

Hint: Only unencrypted HTTP is affected by this rule. Encrytped HTTP over TLS/SSL can’t be filtered without getting noticed by the user. I’m glad for that :-)

Solution

The solution is pretty easy. You just have to extend the search string:

iptables -I OUTPUT -s 31.220.45.6 -p tcp --dport 80 -m string --string 'POST /wp-comments-post.php' --algo bm -j REJECT --reject-with tcp-reset -m comment --comment "Tor POST to wordpress block"

Now it’s not possible in the standard way to post WordPress comments. I did some tests and there were no side effects while normal browsing and using the web except for posting WordPress comments. I’ll update this article in a few days and post some statistics.


Du hast einen Kommentar, einen Wunsch oder eine Verbeserung? Schreib mir doch eine E-Mail! Die Infos dazu stehen hier.

🖇️ = Link zu anderer Webseite
🔐 = Webseite nutzt HTTPS (verschlüsselter Transportweg)
Zurück