Error 403 - Primitive Security Measures on the Forum
-
TOR isn't all about "naughty players doing naughty things". What a naive point of view. TOR is used by law enforcement, journalists, people in repressive countries, and so on.
When a exit node has lots of people on it, some of them get up to no good and ruin it for everybody.
As an example, when I first got TOR working I google'd "how do I know TOR is working?", and I came across a thread that had some excellent advice on using TOR. After several useful posts, a member posted comments extremely derogatory towards black people. I was disappointed, but was sure a mod would warn or ban this user shortly and moved on, only to find the thread devolve from being a useful source of information on anonymity to one where dozens of members supported this individual and included their own terrible thoughts on gays, Jews and Asians.
It was only then I realised I was on stormfront.com, a known white supremacist community. I was fortunate in two ways, one by not having my real IP associated with a hate group and two, as I am neither heterosexual or caucasian, for not revealing my IP to said hate group (not that I stayed to register and comment of course).
TOR is a tool and will be used in as many different ways as people can find to apply it. Reputation tools such as Project Honeypot exist to defend the resources they protect. Many tools used in security such as IPS, IP blocklists or even just a simple firewall simply perform as they are supposed to - they do not block by the human intent of the traffic, only the behavior of it. If your TOR exit nodes' IP was blocked, you could say so and request for it to be unblocked on those grounds:
http://www.projecthoneypot.org/ip_77.247.181.163
Honey Pot System commented…
WHITELIST NOTICE: This IP has been whitelisted. Future bad activity will result in automatic removal.
December 03 2013 02:50 AM
Honey Pot System commented...
WHITELIST NOTICE: This IP has been marked to be included on Project Honey Pot whitelists. The whitelist is scheduled with a delay of 00:10:25. Documented reason for whitelist: Mistaken Listing
December 03 2013 02:35 AM
A.ATLAS HILL commented...
This is the IP of a Tor Exit Node. Blacklisting this IP causes a lot of false positives, preventing some Tor users from visiting Project HoneyPot-protected sites.
November 13 2013 07:56 AM -
KOM, I am voicing my concern about this. If it's offensive to you, that's a shame. I am trying to get feedback on the nature of the forum, versus the firewall, to determine whether it's worth investigating the firewall. Of course I am not going to tell you which category of TOR user I am, nor why I use it. And Yes, I use it for everything, including mail, IRC, and so on. Feel free to underestimate me.
jonesr, yours is the most reasoned and non-psychotic of the responses here. Sure, alot of websites are shielded by CloudFront, which is a nuisance but sometimes it's worth it for me to answer their question. Same on those few occasions when I use G**gle. But I am completely excluded from this forum by "Project Honey Pot", and that is just senseless. And in the case of "Project Honey Pot" (nice name…), they got one of the lists of TOR exit nodes and added to their blacklist, on General Principles, simply because it is TOR. I did click through and it gives the "list as a source of spam or other malicious activity. To resolve this problem, first clean your computer of viruses and other malware." Fools. They haven't even tried. It's useless to try and whitelist IPs on "Project Honey Pot" because there are so many and they change all the time, and I wouldn't waste my time anyway as they are so primitive.
jonesr, it is encouraging that someone like you endorses pfSense. I do see alot of bad signs here though.
-
How do you know they didn't try it or that actual activity didn't get it added to the list?
-
Because no other forums make such a foolish move.
-
I am trying to get feedback on the nature of the forum, versus the firewall
pfSense shares no code with SMF, as far as I know. It's kind of a silly question, dosed with a heavy helping of attitude. Do you barge into parties and immediately insult the hosts at the top of your lungs everywhere you go? Or is it only places where you think you're anonymous?
-
My experience is that if you run a open proxy a big enough percentage of people abuse it such that the activity present on that IP lands it on block lists.
For every 10 people using that IP for legit purposes, there is one abusing it. 10% stacks up pretty fast when the bandwidth of the IP in question is high enough.
I'm not against proxy, I just understand how they end up getting banned.
-
I, too, run a high-speed node. At the moment I don't feel like dealing with running an exit node so it's transit-only.
-
So "Derelict", you think I think I'm anonymous…
And I keep seeing ESF and SMF here, with no explanation of what these symbols might be. Not worth it to look up, coming from you. So you run a "high-speed" node, heh? lolkejianshi, that is true, but no other forum, in fact no other website that I've found in the years I've run TOR, has found it necessary to summarily block a whole category of TOR users like this. Any system can be abused. Are there no moderators who can block usernames and email addresses?
-
Electric Sheep Fencing
Gotta keep the sheeples safe.
-
@Quantum`:
So "Derelict", you think I think I'm anonymous…
And I keep seeing ESF and SMF here, with no explanation of what these symbols might be. Not worth it to look up, coming from you. So you run a "high-speed" node, heh? lolYeah. In a datacenter on multiple-gigabit. You?
ESF: They develop pfSense
SMF: Simple Machines Forum - see the bottom of this page.If you want people to hold your hand when you cross the street, you might try not being such a childish prick.
-
Yeah. In a datacenter on multiple-gigabit. You?
Nice, but this has nothing to do with TOR. I am trying to tell you that you have your terminology wrong, as you pretend to participate in TOR.
-
Oh goodie. My first smite. I feel like I'm somebody now.
-
In defense of derelict
TOR system elects nodes based on bandwidth.
Side note:
Probably the easiest way to subvert TOR is to establish a bunch of very high bandwidth nodes.
But who has the money for that right? I mean you would have to have deep pockets, alot of bandwidth, a big bunch of hardware…
Who could or would do such a thing just to subvert an anonymity system? Geeeeee.... I'm drawing a blank...
Wanna see something funny? Look at a map of tor nodes world wide.
Now, look at your map and find the two highest concentrations of nodes and highest bandwidth. Where are they?
Tor is easily owned by who ever has the most money.
-
Well "Derelict" doesn't know the first thing about TOR terminology. His put-up is a Fail.
So you know, a 'group' created a slew of exit nodes recently and were immediately recognized and busted by TOR devs. Instantly excluded.
And, I am not here to bicker, in any case. NO MORE SOUP FOR fanboyz.
-
TOR is cool and everything - It fills a need.
However, if you want to run EVERYTHING through a proxy/vpn, I'd suggest buying a VPS or setting up a private machine somewhere in a place that values privacy and limiting its use to only you and a maybe a few you trust. Then you probably won't run into very many roadblocks on the internet. After lots and lots of headaches with public proxies and vpns, I slowly eventually realized if I want my stuff to work well, I had to make my own and limit the users on it.
-
:'( :'( :'( I got smited :'( :'( :'(
-
Like, for like. Machts nichs to me.
-
I think I've only ever did one smite. It wasn't you.
I feel your pain, but I understand completely why a TOR exit node IP can end up a everyone's shit list.
-
@Quantum`:
Well "Derelict" doesn't know the first thing about TOR terminology. His put-up is a Fail.
For someone claiming to know everything about the subject, you do know it's Tor, not TOR right?
Been using "Tor" since before it (and probably you) existed. A Canadian Company called "Zero Knowledge" did something similar in the pre-Tor days. Ran one of their nodes too. I won't apologize that my life doesn't revolve around it as, apparently, yours does.
-
@Quantum`:
…and in the case of "Project Honey Pot" (nice name...), they got one of the lists of TOR exit nodes and added to their blacklist, on General Principles, simply because it is TOR. I did click through and it gives the "list as a source of spam or other malicious activity".
I am genuinely interested in how you came to this conclusion. On the link I provided it states clearly the activity that triggered the IP address to be blocked, provided examples, and showed willingness to whitelist the IP when reported as an exit node. I think it much more likely the node was blocked due to the actions of the unfortunate minority that used it, over the project deliberately seeking to undermine the altruistic aims of TOR.
It's useless to try and whitelist IPs on "Project Honey Pot" because there are so many and they change all the time.
I don't doubt it is hard to get unblocked from Honeypot, just as it is hard to get yourself removed from an IP blocklist or SMTP blacklist. This is as it should be, otherwise malicious groups would simply ask nicely to be removed.
As I said I once made the mistake of believing that to block my TOR traffic was automatically an attack on my dignity and human rights. The lesson I learned from that mistake is that, especially with something emotionally charged as TOR can be, it was intoxicating to see myself as a righteous martyr and extremely humbling to realise that my "adversaries" were in fact simply uninterested, or even unaware, of my existence. It is easier to believe you have been wronged than to admit no one cares.
I am trying to get feedback on the nature of the forum, versus the firewall, to determine whether it's worth investigating the firewall.
Ideology aside, I absolutely recommend pfSense and I support the project and community where I can. More importantly to you however, as others have already said the pfSense project and the pfSense forum hosting service are not the same thing. Whatever policy Simple Machines have regarding their forum service is does not impact your installation of your pfSense. Whatever the views of the members of this community, they do not impact your installation of your pfSense. Your pfSense installation is an inanimate object, you are free to configure and to study it however you see fit and I hope you find it as rewarding as I have.
edit:
…you do know it's Tor, not TOR right?
Oops, so it is.
-
It's a private house. The owner can permit and deny access to anyone based on any criteria that suits them. Freedom of association.
If you come from a known questionable part of town (Internet), you may be required show some additional ID.If you don't like it you are entitle to your view/opinion. But if you want to participate in the hosts' private party you have to ad-hear to the hosts' criteria and rules.
Your seemingly desire to leap to conclusions about the pfSense router/firewall quality based on the security measures used for this web site forum does not afford much credibility.
Wow, I am surprised that with such limited amount of knowledge of the host (newbie first post) you know them so well. Almost as well as a used car salesman that knows this is the car for you before they even know your transportation needs.
-
KOM, I am voicing my concern about this.
It's all in how you say it. You basically came in as a brand-new user and called the pfSense team a bunch of idiots, and did so in a way that displayed arrogant ignorance. Honestly, what were you expecting? If you would have but simply said "I've found this and I'm concerned. What does everyone else think or can someone help out…", it would have gotten you a load of assistance. Flies & honey and all that.
At the moment I don't feel like dealing with running an exit node so it's transit-only.
A simple filter in your config will limit everything to safe ports. When I first started out, I had it wide open and it was only a matter of days before Linode was respectfully bugging me due to reported bogies on my node. After I filtered, I haven't had a report since.
-
I know. I'm just not in the mood. :) It runs fine and I'm moving enough traffic to feel I'm helping the cause enough as it is.
-
Well. This was certainly a 'worthwhile' use of my time.
jonesr thanks for the input. Frankly I'm pretty put off at this point by the complete lack of any apparent knowledge or discussion of the actual technical characteristics of pfSense. They act like a Windows crowd, or a high school locker room here. I'm glad to learn that this forum is not run by the same team as pfSense though.
PS - "Derelict", correctly it is 'TOR', regardless of the capitalization on their website which it appears you go by without knowing its meaning. ("The Onion Router") ;) And although it is very impressive that you'd like to associate yourself with TOR, do not pretend you run a node. You haven't known what it's actually called up to this point.
-
Note: even though it originally came from an acronym, Tor is not spelled "TOR". Only the first letter is capitalized. In fact, we can usually spot people who haven't read any of our website (and have instead learned everything they know about Tor from news articles) by the fact that they spell it wrong.
https://www.torproject.org/docs/faq.html.en
I guess you know more about Tor than the project maintainers themselves.
-
@Quantum`:
Frankly I'm pretty put off at this point by the complete lack of any apparent knowledge or discussion of the actual technical characteristics of pfSense.
Your very first post here:
@Quantum`:Wow, I am surprised and disappointed with the elementary security measures on the pfSense forum.
This is supposed to be an advanced firewall, and yet you rely on Project Honeypot for the forum? Which blocks the TOR browser? And what's with the dumb questions at the bottom of every new post which never change? ("What is 5 + 6?" "Are you a spammer? (yes / no)" "What is 10 + 5?")
I hope the firewall isn't maintained by the same guys who run the forums. I'm not sure at this point if I want to learn the firewall, if it's by amateurs.
Entering a forum with inflammatory and demeaning accusations right from the start with your very first post is not the way to elicit a discussion. But it's a pretty effective means of picking a fight.
-
:o)
We should just let the troll toddler die of starvation and keep this thread from going to three pages.
-
Better yet, can someone press the lock button, please?
-
Thats so primitive…
-
Thats so primitive…
-
@Quantum`:
Frankly I'm pretty put off at this point by the complete lack of any apparent knowledge or discussion of the actual technical characteristics of pfSense.
Beyond mentioning it is based on FreeBSD 10.1 and a fork of the m0n0wall project in response to your comments about Windows, and repeating there is some arms-length between the actual firewall product and the forum hosting service, it is a broad subject. You don't appear to have asked any questions regarding pfSense itself, what is it you wanted to discuss?
-
Anyone else's Smite counts going through the roof lately? I've had 4 since yesterday even after I stopped responding to Quantum. I have a feeling that this Quantum guy is still having a tantrum and is coming here just to smite anyone who told him off. So childish.
-
Yeah,
56 so far from the little skin flutist. -
Yep, I'm up to 17 now. Was at 11 or 12 this morning. He is literally going over every single post of ours and smiting them.
Jim, Chris or Steve, can you please do something about this guy?
-
@KOM:
Anyone else's Smite counts going through the roof lately? I've had 4 since yesterday even after I stopped responding to Quantum. I have a feeling that this Quantum guy is still having a tantrum and is coming here just to smite anyone who told him off. So childish.
Yeah,
56 so far from the little skin flutist.@KOM:
Yep, I'm up to 17 now. Was at 11 or 12 this morning. He is literally going over every single post of ours and smiting them.
Jim, Chris or Steve, can you please do something about this guy?
Well maybe if you all didn't have such a need to be right all the time… ;) ...you would get along better with others and trolls. ;) Nobody likes a know-it-all. ;)
-
Well maybe if you all didn't have such a need to be right all the time… ;)
Being right is why karma here goes up.
Nobody likes a know-it-all. ;)
Exactly.
-
Nobody likes a know-it-all.
I don't know anything. Just ask my wife.
Oh look, I'm up to 18 now. And by wild coincidence, Quantum logged in recently.
Anyway, I'm done with this thread.
-
In this life… there are the smarter ones; and then there are the dumber ones.
Just an abstract philosophical observation.
I've told the ones who matter what my plans are now for my Xen system, and what role (if any) that pfSense will play. Most of you don't want to know though.
Bye.
-
@Quantum`:
In this life… there are the smarter ones; and then there are the dumber ones.
Just an abstract philosophical observation.
I've told the ones who matter what my plans are now for my Xen system, and what role (if any) that pfSense will play. Most of you don't want to know though.
Bye.
Bear in mind that there will always be smarter and dumber than you…Just an abstract philosophical observation.
F.
-
@Quantum`:
I've told the ones who matter what my plans are now for my Xen system, and what role (if any) that pfSense will play. Most of you don't want to know though.
Bye.
Not if you are unable to express it without insults. Which could be a significant indicator of your place on the smarter / dumber scale.
Wow. More than 100 smites per post so far, and no applause.