TorBlock catches Tor relay node
Closed, ResolvedPublic

Description

Author: king.of.hearts.wiki

Description:
173.164.206.181 is a Tor relay node and not a Tor exit node, as it appears from http://torstatus.blutmagie.de/router_detail.php?FP=25871bf90689b270bb6fe873f9c72760ab026dd1. However, it is blocked automatically by TorBlock as an exit node. The operator states that he has never run a Tor exit node on that IP before. Could you check on how this IP managed to be affected by TorBlock?


Version: unspecified
Severity: major

bzimport set Reference to bz47626.
bzimport created this task.Via LegacyApr 25 2013, 2:53 AM
Reedy added a comment.Via ConduitApr 26 2013, 1:08 AM

I'm presuming this is "broken" on Wikimedia wikis?

bzimport added a comment.Via ConduitApr 26 2013, 1:11 AM

king.of.hearts.wiki wrote:

Yes, because it is a global block imposed by the software.

Akeron added a comment.Via ConduitApr 28 2013, 3:32 PM

I received an e-mail from an user blocked by this extension, he is running a relay (not an exit node), I gived him an IP block exempt on french Wikipedia. This is the first time I see this problem, maybe something changed recently ?

Aklapper added a comment.Via ConduitApr 29 2013, 10:08 AM

agarrett: Could you take a look at this?

Legoktm added a comment.Via ConduitMay 2 2013, 4:58 PM

Bumping up the priority on this, there are a bunch of users coming on IRC/via OTRS who are running relay nodes and being caught.

Reedy added a comment.Via ConduitMay 2 2013, 5:01 PM

(In reply to comment #4)

agarrett: Could you take a look at this?

Most likely probably not

bzimport added a comment.Via ConduitMay 2 2013, 5:05 PM

haakonn wrote:

This is my Tor relay: http://torstatus.blutmagie.de/router_detail.php?FP=08290c45ad407034c17ea9e6650689b5fe98996a

It is not an exit node, and it never has been or will be. I would like to be able to edit Wikipedia, which I have been doing for 10 years prior to this.

Reedy added a comment.Via ConduitMay 2 2013, 5:09 PM

There has been pretty much no development done to the extension anytime recently (since January maybe?).

I made some changes recently, but that was configuration changes to allow us to make the request using a proxy.

Does anyone know if anything has changed upstream? With the lack of changes here, and it seemingly suddenly breaking, the probably would seemingly be from where the information source is..

csteipp added a comment.Via ConduitMay 2 2013, 5:36 PM

I'm guessing with access to the proxy, the onionoo list has started to be loaded where it previously wasn't. It looks like the code is blocking everything on that list, without checking if they're exit nodes or not.

Can we block onionoo.torproject.org at the proxy for now, so it falls back to check.torproject.org for now?

Parent5446 added a comment.Via ConduitMay 2 2013, 6:14 PM

Hmm, this was my mistake. It seems I misread the documentation for Onionoo. When you access the summary documents, it seems Onionoo lists all IP addresses for all nodes, rather than just exit addresses.

Currently, I have a patch here: https://gerrit.wikimedia.org/r/53917
This should fix the problem because it uses the detailed summary and only checks exit_addresses, but it's a pretty big patch and does more than just fix this bug. I will work on splitting it up into individual commits so it can be reviewed faster.

Reedy added a comment.Via ConduitMay 2 2013, 6:59 PM

(In reply to comment #9)

I'm guessing with access to the proxy, the onionoo list has started to be
loaded where it previously wasn't. It looks like the code is blocking
everything on that list, without checking if they're exit nodes or not.

Interesting. Hume should have been able to contact it anyway...

gerritbot added a comment.Via ConduitMay 2 2013, 7:44 PM

Related URL: https://gerrit.wikimedia.org/r/62025 (Gerrit Change Ib15a9ab41ed2d3c2b6e39067e1bd9076a8b6888f)

Parent5446 added a comment.Via ConduitMay 4 2013, 9:34 PM

The fix has been merged, so marking as resolved. If somebody could verify when it's next deployed to WMF that'd be great.

Reedy added a comment.Via ConduitMay 4 2013, 9:45 PM

In theory, it should now be fixed in production..

If anyone can test and confirm whether this is indeed fixed for you, it'd be appreciated

Nemo_bis added a comment.Via ConduitMay 4 2013, 9:47 PM

Is this bug yet another example of how bug 30716 would be a good thing?

Parent5446 added a comment.Via ConduitMay 4 2013, 9:50 PM

(In reply to comment #15)

Is this bug yet another example of how bug 30716 would be a good thing?

Nah, this bug was just a fluke in a previous patch of mine that messed things up because I read documentation wrong.

bzimport added a comment.Via ConduitMay 4 2013, 10:11 PM

haakonn wrote:

Confirming that it now works for me, thank you very much.

Add Comment

Column Prototype
This is a very early prototype of a persistent column. It is not expected to work yet, and leaving it open will activate other new features which will break things. Press "\" (backslash) on your keyboard to close it now.