Official Tor Hidden Service for the Kiwi Farms

[Kosher Salt]

Not Tor's fault. It's because of the way Josh has configured it. There's not even any need for that 302 anymore, because of Onion-location.

That's what I said. The onion-location header is proper, the 302 redirect isn't.

 

[Null]

Onion fixed.

 

[Fek]

Much appreciated.

 

[TheSkoomer]

Onion fixed.

Next time, try to keep the Tor site up even when the clear web site is down. It should be a priority.

 

[Null]

Next time, try to keep the Tor site up even when the clear web site is down. It should be a priority.

Great advice!!!! !!!!!!!!!!!!!!!!!!! thanks!!!!!!!!!!!!

 

[Lucario]

That's what I said. The onion-location header is proper, the 302 redirect isn't.

Only the Cloudflare (kiwifarms.net) domain has the forced 302 redirect, but not the others I tested (.top and .ru), those have the Onion-Location header:

I think Null has the forced 302 redirect on the .net site since Cloudflare forces you to go through captcha most of the time when you try to access the site, preventing you from having the option to go the .onion right when you go into the site; And not redirecting a Tor user immedietly if they have "Prioritize .onion sites..." to "Always."

 

[Tachibana]

The onion site doesn't work for me on Brave. I just get:

Details: 0xF0 — The requested onion service descriptor can't be found on the hashring and therefore the service is not reachable by the client.

 

[Tachibana]

I'm still having issues with the onion site. Although I understand the issues Null is going through with the non-stop ddos attacks. I'm just throwing this up there in case anyone is wondering.

 

[Radical Cadre]

The Tor hidden service is being used to conduct a DDoS attack (2000r/s, bypasses traditional filtering due to lack of an IP address) and will be disabled until I can look into mitigating it.

@Null

So, wait how the fuck does that work? It sounds like an interesting strategy to use but I don't know enough to understand why.

 

[somecryptoneet]

So, wait how the fuck does that work? It sounds like an interesting strategy to use but I don't know enough to understand why.

Here's a github project for it: https://github.com/r3nt0n/torDDoS

Thing with TOR is that you can send a ton of requests from the same server and the hidden service cannot practically differentiate them. Makes an attack very easy.

Tor blog post about mitigating DDoS: https://blog.torproject.org/stop-the-onion-denial

 

[Jump]

If TOR is going to be down until further notice can the redirect be stopped?

 

[Nuclear Winter]

I am having the same problem with the redirects to the onion site on tor. I managed to connect using the .ru cctld.

 

[Kosher Salt]

I am having the same problem with the redirects to the onion site on tor. I managed to connect using the .ru cctld.

I'm using .hk and that's also working. So yeah.

 

[TheSkoomer]

Here's a github project for it: https://github.com/r3nt0n/torDDoS

Thing with TOR is that you can send a ton of requests from the same server and the hidden service cannot practically differentiate them. Makes an attack very easy.

Tor blog post about mitigating DDoS: https://blog.torproject.org/stop-the-onion-denial

I would recommend that @Null create an I2P hidden service at this point.
Unlike Tor, I2P has extensive bandwidth controls, and you can even limit the number of GET requests and POST requests per minute on a per-user basis.
I2P is also fully decentralized, not depending on index servers like Tor does; on I2P, every user is their own index server.
geti2p.net

InB4:
>lol it's written in Java hurrrrr durrr...
Yeah, I know, I know... There's a C++ implementation, but the C++ implementation of I2P does not have all the fancy bandwidth controls yet (that I know of.)

 

[AnOminous]

Here's a github project for it: https://github.com/r3nt0n/torDDoS

Thing with TOR is that you can send a ton of requests from the same server and the hidden service cannot practically differentiate them. Makes an attack very easy.

Tor blog post about mitigating DDoS: https://blog.torproject.org/stop-the-onion-denial

It's also asymmetrical, i.e., the cost of actually sending disruptive packets is less than the damage to the site to process them. Imagine being so pathetic that your entire life is desperately attacking a lolcow site to get it down for a few hours a couple times a month.

 

[Full Race Replay]

any updates on wether the farms tor address is back up?

 

[Illuminati Order Official]

It would appear that .onion is working at least for now.

 

[Jump]

The substitute admin @One must be a glower because TOR is working great now.

God bless the NSA

 

[hundredpercent]

Here's a github project for it: https://github.com/r3nt0n/torDDoS

Thing with TOR is that you can send a ton of requests from the same server and the hidden service cannot practically differentiate them. Makes an attack very easy.

Tor blog post about mitigating DDoS: https://blog.torproject.org/stop-the-onion-denial

There is some more stuff you can do to mitigate. There's a script that basically replicates CloudFlare's CAPTCHA, can be modified to use JavaScript instead. That makes DDoS attacks much harder. You still need to protect yourself against Level 3 attacks (people attacking the CAPTCHA itself, which is just a static page), but Level 7 attacks basically go away.

This is what darknet markets use to protect against $100k+ extortion attacks, so it's reasonably solid.

 

[Null]

I'll look into it when I can.