View Full Version : [Solved] Torbutton and freenode.net
z0ran
June 22nd, 2009, 11:49
I was trying torbutton and vidalia and get banned from freenode.net, now, i don't have it any more but i'm still banned, i was trying to conntact somebody from freenode but only one who i can conntact is kline@freenode.net which asked me for information from http://myip.dk/, after i provided it, there was no response what so ever and i'm still banned, does anyone have any idea what should i do to get back on the chanels please.
Thanks in advance!
DutchDaemon
June 22nd, 2009, 12:07
IIRC, 'kline' is the account associated with the IP blocking system (BOPM (http://wiki.blitzed.org/BOPM)). Usually, an IP gets blocked immediately when it appears in one of the open proxy blacklist databases. I don't know which are the prevailing OPM blacklists nowadays (used to be Blitzed, but they're gone). I guess you could try querying your IP at http://www.spamhaus.org/XBL/ to see whether it has any security problems associated with it.
z0ran
June 22nd, 2009, 12:49
So, i'm not on XBL, SBL but i'm listed on The Policy Block List (PBL), now, they say, i'm not a spamer and that i can remove my IP but only if i have mail server and static public IP, not if i use adsl and so on..which i'm.
they don't say nothing about torbutton which is the reason why i was banned on freenode.net...how to get out from this..i have no idea..god damn torbutton, i'll remember that thing for sure..this is not good at all.
DutchDaemon
June 22nd, 2009, 12:54
Forget PBL, every residential/dynamic IP address is in it, and PBL is only used by mail servers, not by IRC, Freenode, or any other non-smtp network.
DutchDaemon
June 22nd, 2009, 13:01
I did a quick check on your IP, but it doesn't appear to be listed anywhere. However, almost every IRC network runs a quick check on your IP address when connecting, and if the scanner finds anything strange (like an open proxy), it will ban you immediately. Is there any chance you may be running something that may act as an open proxy, like a poorly configured Squid, Apache, or any other proxy-capable stuff?
z0ran
June 22nd, 2009, 13:53
I have configured apache but i have it for long time, now, i had instaled priveproxy wich i deinstalled after torbutton, it also saying that i should have install identd, and i don't how to install it, the problem started with torbutton, because i don't know much about configurin proxy and staff.
I get somehow through on irc.nac.net, and there on #freenode i explained the problem and they say that i should send all information on kline@freenode.net, which i did, and that there is nothing i can do before they clear me from the list.
SirDice
June 22nd, 2009, 14:11
You don't need ident and it is advised not to run it. IRC servers do still check for it but on most IRC networks it's not needed.
z0ran
June 22nd, 2009, 14:18
i was reading about ident and i'm not going to change nothing in my inetd.conf, i just hope they will let me connect again.
DutchDaemon
June 22nd, 2009, 14:24
Run sockstat -l4 on your machine and see if you're running anything you don't recognise (or don't want anymore).
z0ran
June 22nd, 2009, 14:33
DutchDaemon, this is all i have, and i don't see that anything is so wrong
beastie opera 1407 23 tcp4 *:18768 *:*
www httpd 1294 3 tcp46 *:80 *:*
www httpd 1294 4 tcp4 *:* *:*
www httpd 1294 5 tcp46 *:443 *:*
www httpd 1294 6 tcp4 *:* *:*
www httpd 1293 3 tcp46 *:80 *:*
www httpd 1293 4 tcp4 *:* *:*
www httpd 1293 5 tcp46 *:443 *:*
www httpd 1293 6 tcp4 *:* *:*
www httpd 1292 3 tcp46 *:80 *:*
www httpd 1292 4 tcp4 *:* *:*
www httpd 1292 5 tcp46 *:443 *:*
www httpd 1292 6 tcp4 *:* *:*
www httpd 1291 3 tcp46 *:80 *:*
www httpd 1291 4 tcp4 *:* *:*
www httpd 1291 5 tcp46 *:443 *:*
www httpd 1291 6 tcp4 *:* *:*
www httpd 1290 3 tcp46 *:80 *:*
www httpd 1290 4 tcp4 *:* *:*
www httpd 1290 5 tcp46 *:443 *:*
www httpd 1290 6 tcp4 *:* *:*
root sendmail 1222 3 tcp4 127.0.0.1:25 *:*
root httpd 1209 3 tcp46 *:80 *:*
root httpd 1209 4 tcp4 *:* *:*
root httpd 1209 5 tcp46 *:443 *:*
root httpd 1209 6 tcp4 *:* *:*
mysql mysqld 1186 10 tcp4 *:3306 *:*
root sshd 1125 4 tcp4 *:22 *:*
root snmptrapd 1105 10 udp4 *:162 *:*
root smbd 1096 19 tcp4 *:445 *:*
root smbd 1096 20 tcp4 *:139 *:*
root nmbd 1092 6 udp4 *:137 *:*
root nmbd 1092 7 udp4 *:138 *:*
root nmbd 1092 8 udp4 192.168.1.100:137 *:*
root nmbd 1092 9 udp4 192.168.1.100:138 *:*
root ntpd 1057 20 udp4 *:123 *:*
root ntpd 1057 22 udp4 192.168.1.100:123 *:*
root ntpd 1057 25 udp4 127.0.0.1:123 *:*
root syslogd 946 7 udp4 *:514 *:*
DutchDaemon
June 22nd, 2009, 14:59
I'm slightly worried by the "*:*' values of httpd in the 'LOCAL ADDRESS' column. I only run IPv4 myself, not a combination of v4/v6, but I've never seen such wildcard entries for httpd.
z0ran
June 22nd, 2009, 15:24
i don't know, everythig was working great before i installed torbutton, priveproxy and vidalia..i deinstalled all 3 of them and only thing is that i cannot conect to freenode.net.
this is the message i get when i try to connect to freenode.net
[verio] *** Processing connection to irc.wh.verio.net
[verio] *** Looking up your hostname...
[verio] *** Checking Ident
[verio] *** Found your hostname
[verio] *** No Ident response
[verio] You need to install identd to use this server
[verio] *** Processing connection to irc.wh.verio.net
[verio] *** Looking up your hostname...
[verio] *** Checking Ident
[verio] *** Found your hostname
[verio] *** No Ident response
[verio] You need to install identd to use this server
[choopa] *** Processing connection to irc.choopa.net
[choopa] *** Looking up your hostname...
[choopa] *** Checking Ident
[choopa] *** No Ident response
[choopa] *** Found your hostname
[choopa] *** Processing connection to irc.choopa.net
[choopa] *** Looking up your hostname...
[choopa] *** Checking Ident
[choopa] *** Found your hostname
[choopa] *** No Ident response
[easynews] *** Processing connection to irc.easynews.com
[easynews] *** Looking up your hostname...
[easynews] *** Checking Ident
[easynews] *** Found your hostname
[easynews] *** No Ident response
[easynews] *** Banned Temporary K-line 1440 min. - TOR Server detected - see
http://www.sectoor.de/tor.php for more information (2009/6/21
10.27)
[easynews] *** Processing connection to irc.easynews.com
[easynews] *** Looking up your hostname...
[easynews] *** Checking Ident
[easynews] *** Found your hostname
[easynews] *** No Ident response
[easynews] *** Banned Temporary K-line 1440 min. - TOR Server detected - see
http://www.sectoor.de/tor.php for more information (2009/6/21
10.27)
[OperView]
-:- *beep**beep**beep**beep**beep*X: Auto Response is set to - z0ran
-:- Connecting to port 6667 of server irc.foxlink.net [refnum 0]
-:- Connection closed from irc.foxlink.net: Unknown error: 0
-:- Connecting to port 6667 of server irc.weblook2k.com [refnum 1]
-:- Connecting to port 6667 of server irc.weblook2k.com [refnum 1]
-:- Connecting to port 6667 of server irc.wh.verio.net [refnum 2]
-:- beastie Nickname is already in use.
-:- Closing Link: 127.0.0.1 (Install identd)
-:- Connection closed from irc.wh.verio.net: Unknown error: 0
-:- Connecting to port 6667 of server irc.wh.verio.net [refnum 2]
-:- Closing Link: 127.0.0.1 (Install identd)
-:- Connection closed from irc.wh.verio.net: Unknown error: 0
-:- Connecting to port 6667 of server irc.choopa.net [refnum 3]
-:- beastie Nickname is already in use.
-:- Closing Link: 77-105-55-173.adsl-1.sezampro.yu (*** Banned )
-:- Connection closed from irc.choopa.net: Unknown error: 0
-:- Connecting to port 6667 of server irc.choopa.net [refnum 3]
-:- Closing Link: 77-105-55-173.adsl-1.sezampro.yu (*** Banned )
-:- Connection closed from irc.choopa.net: Unknown error: 0
-:- Connecting to port 6667 of server irc.easynews.com [refnum 4]
-:- beastie Nickname is already in use.
-:- Closing Link: 127.0.0.1 (*** Banned )
-:- Connection closed from irc.easynews.com: Unknown error: 0
-:- Connecting to port 6667 of server irc.easynews.com [refnum 4]
-:- Closing Link: 127.0.0.1 (*** Banned )
-:- Connection closed from irc.easynews.com: Unknown error: 0
-:- Connecting to port 6667 of server irc.limelight.us [refnum 5]
-:- Connecting to port 6667 of server irc.limelight.us [refnum 5]
only reason i can see is "TOR server detected" it doesn't complain about anythig else..and yes "Banned Temporary K-line 1440 min. - TOR Server detected - see" that is soo many min.
DutchDaemon
June 22nd, 2009, 15:34
Try shutting down your Apache and then run sockstat -l4 again. If there are still www/httpd processes running after you closed Apache down, 'something' is mimicking Apache and still running on your system. If all httpd processes disappear, try connecting to IRC without restarting Apache. At least you'll know if that improves things. BTW, the K-Line error message states that your IP will be listed for 24 hours (1440 minutes) regardless, so reconnecting earlier than this time tomorrow may not give you access whether you close Apache or not.
The identd stuff .. well, it's up to you. I don't have it installed, and I can connect to EFnet through irc.prison.net without any problem.
z0ran
June 22nd, 2009, 16:48
i shutt down apache and none www/httpd was running, all httpd is gone and i still cannot connect to freenode.net, also, i'm not going to install identd stuff, i was reading that if i like the identd to start i have to enable all "auth" line in my inetd.conf but then my security can be jeopardize..so no, and after all, i can wait for 24 hours, no problem :)
Thanks so lot DuchDaemon for your time and advices, i appreciate it!
DutchDaemon
June 22nd, 2009, 17:03
Did you need to make any changes to your httpd.conf for Tor, or did you build Apache with any proxy support? I'm still intrigued by that weird sockstat output. If you don't need any proxy support and you do have it enabled in Apache, I suggest you rebuild Apache with the proxy settings disabled in make config:
[...]
[ ] PROXY Enable mod_proxy
[ ] PROXY_CONNECT Enable mod_proxy_connect
[X] PATCH_PROXY_CONNECT Patch proxy_connect SSL support
[ ] PROXY_FTP Enable mod_proxy_ftp
[ ] PROXY_HTTP Enable mod_proxy_http
[ ] PROXY_AJP Enable mod_proxy_ajp
[ ] PROXY_BALANCER Enable mod_proxy_balancer
[...]
z0ran
June 22nd, 2009, 18:28
i didn't touch my httpd.conf or any other conf when i installed Tor, and when i builded apache22 i left the settings at their defaults, so my MySQL, Apache22, PHP and mediawiki are good so far, i mean, i never had any problem, now i'm also concern about my weird sockstat output :), can you show me for example how normal sockstat output for www/httpd will look like or...something.
Only thing with tor and vidalia i did is installing it, and i didn't keep it for long, only 2 days, that is all i did.
You realy make me think about my apache now :), i'll definetly go trough the book about apache and sockstat output.
SirDice
June 22nd, 2009, 19:29
If you don't bind apache to a specific address it will bind to *:80 (and/or *:443 if you have SSL enabled), the part that's 'weird' about it is httpd being bound to *:*
DutchDaemon
June 22nd, 2009, 21:44
Right.
This is normal (for an IPv4 setup);
www httpd 15611 3 tcp4 *:80 *:*
www httpd 15611 4 tcp4 *:443 *:*
www httpd 81862 3 tcp4 *:80 *:*
www httpd 81862 4 tcp4 *:443 *:*
www httpd 81215 3 tcp4 *:80 *:*
www httpd 81215 4 tcp4 *:443 *:*
www httpd 79659 3 tcp4 *:80 *:*
www httpd 79659 4 tcp4 *:443 *:*
www httpd 1331 3 tcp4 *:80 *:*
www httpd 1331 4 tcp4 *:443 *:*
www httpd 62269 3 tcp4 *:80 *:*
www httpd 62269 4 tcp4 *:443 *:*
www httpd 8727 3 tcp4 *:80 *:*
www httpd 8727 4 tcp4 *:443 *:*
www httpd 71064 3 tcp4 *:80 *:*
www httpd 71064 4 tcp4 *:443 *:*
www httpd 85687 3 tcp4 *:80 *:*
www httpd 85687 4 tcp4 *:443 *:*
www httpd 25621 3 tcp4 *:80 *:*
www httpd 25621 4 tcp4 *:443 *:*
root httpd 98789 3 tcp4 *:80 *:*
root httpd 98789 4 tcp4 *:443 *:*
DutchDaemon
June 22nd, 2009, 21:47
If someone could check what it looks like in a IPv6 or a mixed IPv4/IPv6 setup, that would be nice. Maybe the *:* output is some side-effect of mixed setups, but I doubt it. Still, if someone else sees this type of output (http://forums.freebsd.org/showpost.php?p=29439&postcount=10), it may be ok.
z0ran
June 23rd, 2009, 05:57
btw, when i built apache22 i also was building it with SSL support, but i don't think that this is a problem..and yes, you were right about one thing DuchDaemon, i recieved mail from freenode, quess what, they think that i still have god damn tor
Hi,
Our utility bot still believes you're listed as a tor exit node. It's
not unusual for the listing to take a few days to disappear, but are you
sure you fully stopped tor?
Thanks,
z0ran
June 24th, 2009, 13:57
they let me trough on a freenode.net,:) before i recieved mail from them that my host is no longer marked as a tor node, i found in my /var/log/rkhunter.log line
:07:12] Warning: Users have been added to the passwd file:
[18:07:12] privoxy:*:201:201:privoxy pseudo-user:/nonexistent:/sbin/nologin
i commented it out and not so long after i received mail that i can connect to freenode, i don't think that this line was the reason for them to lift the ban..but i'm not going to mess with the tor, privoxy and those kinds of things anymore..that's for sure :)
Carpetsmoker
June 24th, 2009, 20:00
I don't think so ... I think you just had to wait some time before your unblock request got processed ;)
vBulletin® v3.8.7, Copyright ©2000-2013, vBulletin Solutions, Inc.
0