Kudos for TOR support

I am a relatively dumb user who manages a simple website with WordPress. I get a lot of spam posts, many in character sets I cannot decipher.

I noticed that some spam posts came from the same web address. .htaccess, anyone? So much for those sources.

But, I noticed that sometimes there were a lot of closely-related IP addresses that didn’t duplicate, but seemed to come ‘at the same time’ and with similar content. A friend suggested that TOR users might be doing this, thereby disguising their true IP source address and spreading their apparent source over TOR servers.

So I sent an eMail to the TOR folks. I did not expect any support, but said clearly that, whatever happened, would be recorded here. Fair is fair.

Kudos for TOR support in this matter. I was sent a URL which promptly gave me a list of all TOR exit IPs that can send to my website. Apparently this service has always been there. The point of TOR is not to be secretive about themselves, but to allow senders to break the correlation between messages they send and their destinations. (For more information, and it is quite interesting, look up TOR in google and find out for yourself. It’s quite a sophisticated operation, and could be of key importance in increasing privacy from end-to-end watchers of the Internet. I support this capability. I just don’t think you need to hide yourself when going to a small blog to post spam, eh?)

I am figuring out how to use this goldmine of information. I will be changing the page, ‘Rules, Sort of’ when I have my new process working. Stay tuned.

As for TOR, if you have a genuine need to hide yourself, use it. Just don’t use it when spamming my website, please.

Thanks again to TOR and to the kind individual who responded so quickly. Much appreciated.

One thought on “Kudos for TOR support

  1. As of now, I’m not changing ‘Rules, Sort of.’ This is because, so far as I can tell, spam comments are not coming from TOR servers.
    Anyone out there who knows how site spammers work, please reply here. I often see IP addresses duplicated (.htaccess for them) and closely-related. For example, one IP address occurred twice, weeks apart, and then exactly one-higher last-digit appeared a few days after that. Clearly at least some of the spam is coming from a server farm of some sort.
    Again, any ideas as to how this works, and especially, how to subvert it from my end? Post it here, eh?

Leave a Reply

Your email address will not be published. Required fields are marked *