Hackers have been abusing ToR since June 27 at an alarming level

• July 10, 2015
• technology  
• hackers  
• security  
• wordpress  

A week ago I noticed a significant number of attacks against my web site originating from ToR (The Onion Router) exit nodes. I looked more closely at my logs and found that starting on June 27 every single request from a ToR exit node has been an attempt to guess WordPress account credentials. Those attacks represent 57% of the requests I’ve recorded since the start of 2015 and occurred in just the most recent 6% of that interval.

It is clear that one or more hackers have recently decided to exploit the ToR network to hide their tracks. Which is a shame since ToR is extremely useful to real people trying to avoid nation states spying on them. Nonetheless, I’m still going to block for thirty days any non-whitelisted source that attacks me. Since I don’t plan on whitelisting ToR exit nodes that means people with a legitimate reason to use ToR might not be able to access my blog. Which makes me sad but the security of my web site is more important.

If I ever come face to face with a hacker I would find it hard to keep in check my impulse to beat the shit out of them.