TOR blocklist retrieved incomplete

[dardan]

Hello.
I am being hammered from anonymous TOR ips.
I have enabled the TOR blocklist and it's working.
I can read at lfd.log "Retrieved and blocking blocklist TOR IP address ranges"
But I am still being hammered with SQLInyections from that IPs.
When I inspect the iptables rules, I see that the TOR chain is incomplete, with 1961 entries. While at the torproject website the list is of arround 2200 IPs.
The amount of blocked IPs at iptables is never the same, varies with every update, but it's always hundreds less IPs than what the tor site provides.
The missing IPs at iptables are the last ones on the listing.
So I guess that the blocklist is not being completely inserted at iptables.
Can you confirm this issue?
Thanks for your time and concern.

[Michael-MS]

I can confirm this is happening on my server as well. Tried to block TOR today and all but the last 200 lines or so get blocked correctly. But the IPs at the end of the list are not being added to IPTables. Can we get a fix for this?

My list stops at line 1570, 75.45.1.55 (sorry for multiple edits)

[Michael-MS]

I tested on a 2nd server and TOR blocklist stopped at line 1303 this time. So it's just not getting the full list, at all. Any help?

[ForumAdmin]

This is an issue with the data being returned from the web site. You might want to use an alternative list, e.g. ALTTOR as defined in the more recent csf.blocklists file:

Code: Select all

# Alternative TOR Exit Nodes List
# Details: http://torstatus.blutmagie.de/
#ALTTOR|86400|0|http://torstatus.blutmagie.de/ip_list_exit.php/Tor_ip_list_EXIT.csv

Note: The configuration at the end should be all on one line.