http://www.torproject.org/eff/tor-dmca-response.html
Always go there and do not copy/paste from an old DMCA response. The EFF will always keep an updated DMCA response on the Tor Project homepage. Trust me, you are better off rejecting most exit node traffic and better off rejecting IRC traffic because I've seen so much IRC abuse from a Tor exit node. You will not be involved in DDoS attacks because although it's possible, it's not practical to launch a DDoS through Tor - folks are having an easy enough time using their options to attack other computers and networks. They do not need Tor to help them in attacking other networks.
Saturday, August 14, 2010
Running A Tor Exit Node on a VPS
This is a cheap and easy way to run a Tor exit node.
First, we cruise LowEndBox.com for a cheap special. Since most likely, we will get an abuse complaint rather quickly and an irrational admin will opt to remove us, we find something cheap. You can find a VPS server on there for as low as $4-5/mo with about 3TB of transfer on a 100Mbps shared connection. Unfortunately, it's about 512mb of RAM and 20gb of hard drive space, but this is way more than enough for a Tor exit node.
If we look at the provider's TOS and AUP about services then see if it says anything specific about Tor or a proxy service, we should be OK because Tor provides a cut and paste response if you get a DMCA complaint. It's very likely you get one because I got one and most providers get them.
When I purchase a VPS server, I usually opt for Debian rather than Ubuntu or any other operating system. Also, OpenVZ systems work better than Xen if you get a VPS. Tor doesn't work well on a Xen system.
When you login as root, issue the following commands:
apt-get update && apt-get install netselect-apt && netselect-apt
mv sources.list /etc/apt/
apt-get update && apt-get dist-upgrade
apt-get install build-essentials tor nano apache2 wget
Let all those install
nano /etc/tor/torrc
We need the following in the configuration file:
Nickname (come up with something stupid, it doesn't matter)
Address (IP address of VPS or specific IP on a multiple IP VPS)
ORPort 9001
DirPort 9030
ExitPolicy accept *:80,accept *:110,reject *:*
Hit Ctrl + O to save, then Ctrl + X to save. The last part on ExitPolicy, I opt'd to reject all traffic because someone might try to download a BitTorrent file through Tor - this will discourage them. Also, blocking IRC traffic is worth it because it will definitely cut down on an abuse complaint about your IP address. It looks very good to your provider too.
You can enable IRC traffic with ExitPolicy accept *:80,accept *:110,accept *:6660-6667,accept *:6697,reject *.*
That allows web traffic, POP3 email, IRC ports and the IRC SSL port then rejects the rest of the traffic that might want to exit your Tor node. If you do not have a reject policy, you will get complaints very quickly! You might also want to limit your bandwidth. You decide how much you want to dedicate to your monthly limit. On VPS servers that get 1TB/1000GB of transfer a month, I put a daily limit of 30gb so I can have extra bandwidth in my quota if I need to update the system or host some files on a webserver.
** Note: I read on Tor's blog that if you do not specify a reject policy, you will get a DMCA email very quickly from someone using BitTorrent. This is the easiest way to run a Tor exit node without detection from your ISP or interruption from them investigating an abuse complaint. An abuse complaint investigation takes about 2 days.
I had a VPS receive a DMCA complaint from CBS/MediaSentry because someone downloaded CSI: Miami Season 4 through my VPS because I left the ExitPolicy misconfigured. The fellow downloaded about 9 gigabytes through the VPS and MediaSentry caught it.
They emailed Cogent, my VPS provider's bandwidth provider, then that got emailed to the VPS provider then to me. About 2 days later after I emailed the generic DMCA reply from Tor's website, the provider let me go back online and I explained that I would be more specific in the ExitPolicy and will reject *:* to prevent this from happening again.
I got no response but my server is still online so I guess it is fine! I also asked for a reverse DNS (rDNS) to have tor-exit-node.domain as my reverse DNS. This would probably stop a MediaSentry goon from emailing an abuse complaint rather than looking up an IP address because he knows it's a Tor exit node.
After we put that in the /etc/tor/torrc file, we restart Tor with /etc/init.d/tor restart - wait a few minutes then check the Tor log file with nano /var/log/tor/log.
Aug 14 18:18:05.788 [notice] Performing bandwidth self-test...done.
Aug 14 18:13:21.047 [notice] Interrupt: will shut down in 30 seconds. Interrupt again to exit now.
Aug 14 18:13:51.982 [notice] Clean shutdown finished. Exiting.
Aug 14 18:13:54.895 [notice] Tor 0.2.0.35 opening log file.
Aug 14 18:13:55.169 [notice] Your Tor server's identity key fingerprint is 'SERVER-NAME FINGERPRINT'
Aug 14 18:14:00.294 [notice] We now have enough directory information to build circuits.
Aug 14 18:14:01.354 [notice] Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor.
Aug 14 18:14:02.919 [notice] Tor has successfully opened a circuit. Looks like client functionality is working.
Aug 14 18:15:03.481 [notice] Self-testing indicates your DirPort is reachable from the outside. Excellent.
Aug 14 18:15:11.214 [notice] Performing bandwidth self-test...done.
This means everything is fine and Tor is running as an exit node on your system. Wait a few minutes and type netstat -a in your command prompt. You will see a lot of connections meaning that Tor is working.
Folks might ask questions about why do I run a Tor exit node. I do this mainly because people in countries where Internet is censored can use my simple $5 donation to access information that a country is illegally blocking from it's people. It might be a person in country where news is heavily censored by state media outlets who would like to see information from outside sources but is unable to because the state country government blocks all outside news sources.
Tor allows that person to bypass the filtering and get the information they seek!
Countries that routinely censor the Internet are China, Vietnam, Thailand, and Cuba. It's so easy for someone to block the flow of information to people. Your Internet Service Provider (ISP) could easily block your flow to information. This is why I have donated a few Tor exit servers in a variety of places and different countries. If you have spare bandwidth on a low traffic VPS, want to donate your home Internet connection, your business connection or have an unmetered server - you should donate your spare bandwidth to the Tor project!
First, we cruise LowEndBox.com for a cheap special. Since most likely, we will get an abuse complaint rather quickly and an irrational admin will opt to remove us, we find something cheap. You can find a VPS server on there for as low as $4-5/mo with about 3TB of transfer on a 100Mbps shared connection. Unfortunately, it's about 512mb of RAM and 20gb of hard drive space, but this is way more than enough for a Tor exit node.
If we look at the provider's TOS and AUP about services then see if it says anything specific about Tor or a proxy service, we should be OK because Tor provides a cut and paste response if you get a DMCA complaint. It's very likely you get one because I got one and most providers get them.
When I purchase a VPS server, I usually opt for Debian rather than Ubuntu or any other operating system. Also, OpenVZ systems work better than Xen if you get a VPS. Tor doesn't work well on a Xen system.
When you login as root, issue the following commands:
apt-get update && apt-get install netselect-apt && netselect-apt
mv sources.list /etc/apt/
apt-get update && apt-get dist-upgrade
apt-get install build-essentials tor nano apache2 wget
Let all those install
nano /etc/tor/torrc
We need the following in the configuration file:
Nickname (come up with something stupid, it doesn't matter)
Address (IP address of VPS or specific IP on a multiple IP VPS)
ORPort 9001
DirPort 9030
ExitPolicy accept *:80,accept *:110,reject *:*
Hit Ctrl + O to save, then Ctrl + X to save. The last part on ExitPolicy, I opt'd to reject all traffic because someone might try to download a BitTorrent file through Tor - this will discourage them. Also, blocking IRC traffic is worth it because it will definitely cut down on an abuse complaint about your IP address. It looks very good to your provider too.
You can enable IRC traffic with ExitPolicy accept *:80,accept *:110,accept *:6660-6667,accept *:6697,reject *.*
That allows web traffic, POP3 email, IRC ports and the IRC SSL port then rejects the rest of the traffic that might want to exit your Tor node. If you do not have a reject policy, you will get complaints very quickly! You might also want to limit your bandwidth. You decide how much you want to dedicate to your monthly limit. On VPS servers that get 1TB/1000GB of transfer a month, I put a daily limit of 30gb so I can have extra bandwidth in my quota if I need to update the system or host some files on a webserver.
** Note: I read on Tor's blog that if you do not specify a reject policy, you will get a DMCA email very quickly from someone using BitTorrent. This is the easiest way to run a Tor exit node without detection from your ISP or interruption from them investigating an abuse complaint. An abuse complaint investigation takes about 2 days.
I had a VPS receive a DMCA complaint from CBS/MediaSentry because someone downloaded CSI: Miami Season 4 through my VPS because I left the ExitPolicy misconfigured. The fellow downloaded about 9 gigabytes through the VPS and MediaSentry caught it.
They emailed Cogent, my VPS provider's bandwidth provider, then that got emailed to the VPS provider then to me. About 2 days later after I emailed the generic DMCA reply from Tor's website, the provider let me go back online and I explained that I would be more specific in the ExitPolicy and will reject *:* to prevent this from happening again.
I got no response but my server is still online so I guess it is fine! I also asked for a reverse DNS (rDNS) to have tor-exit-node.domain as my reverse DNS. This would probably stop a MediaSentry goon from emailing an abuse complaint rather than looking up an IP address because he knows it's a Tor exit node.
After we put that in the /etc/tor/torrc file, we restart Tor with /etc/init.d/tor restart - wait a few minutes then check the Tor log file with nano /var/log/tor/log.
Aug 14 18:18:05.788 [notice] Performing bandwidth self-test...done.
Aug 14 18:13:21.047 [notice] Interrupt: will shut down in 30 seconds. Interrupt again to exit now.
Aug 14 18:13:51.982 [notice] Clean shutdown finished. Exiting.
Aug 14 18:13:54.895 [notice] Tor 0.2.0.35 opening log file.
Aug 14 18:13:55.169 [notice] Your Tor server's identity key fingerprint is 'SERVER-NAME FINGERPRINT'
Aug 14 18:14:00.294 [notice] We now have enough directory information to build circuits.
Aug 14 18:14:01.354 [notice] Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor.
Aug 14 18:14:02.919 [notice] Tor has successfully opened a circuit. Looks like client functionality is working.
Aug 14 18:15:03.481 [notice] Self-testing indicates your DirPort is reachable from the outside. Excellent.
Aug 14 18:15:11.214 [notice] Performing bandwidth self-test...done.
This means everything is fine and Tor is running as an exit node on your system. Wait a few minutes and type netstat -a in your command prompt. You will see a lot of connections meaning that Tor is working.
Folks might ask questions about why do I run a Tor exit node. I do this mainly because people in countries where Internet is censored can use my simple $5 donation to access information that a country is illegally blocking from it's people. It might be a person in country where news is heavily censored by state media outlets who would like to see information from outside sources but is unable to because the state country government blocks all outside news sources.
Tor allows that person to bypass the filtering and get the information they seek!
Countries that routinely censor the Internet are China, Vietnam, Thailand, and Cuba. It's so easy for someone to block the flow of information to people. Your Internet Service Provider (ISP) could easily block your flow to information. This is why I have donated a few Tor exit servers in a variety of places and different countries. If you have spare bandwidth on a low traffic VPS, want to donate your home Internet connection, your business connection or have an unmetered server - you should donate your spare bandwidth to the Tor project!
Subscribe to:
Posts (Atom)