&

How to setup a tor exit node on Debian and create a responsible torrc config file

Log into box as root and do the following to setup tor

(the box this was installed on was running Debian 8.5 x64)



apt-get install -y tor ntp

nano /etc/tor/torrc to edit your configuration file

uncomment the “ORPort” setting line

change the “ExitPolicy” lines as required to be relative

uncomment and set the “ContactInfo” line to whatever you want your TorRelay to be named (publicly viewable)

save file and exit

service tor reload to restart the service and get the new edits working



Copy of our current torrc file

We highly encourage using an advanced or a more modified version of the torrc configuration file. This helps out the Tor community by preventing known malicious botnet traffic (ransomware, crimeware and malware) from using your tor relay or exit node. We recommend using the ‘Crimeware and Ransomware Prevention - ExitPolicy’ reject list from tornull + using the Reduced Exit Policy from Tor project. Configuring an advanced Exit Policy will help cut down on abuse complaints from your ISP, server terminations, and prevent a decent amount of malicious activity from using your server.

Where to host a tor exit node

We’re using DigitalOcean for this. A $10/m droplet using Debian 8 x64, 1 GB Memory / 30 GB Disk / 2 TB transfer and hosted at the DO Frankfurt, Germany location. DO is sorta weird when it comes to bandwidth usage. I submitted a support ticket asking about how to monitor overall BW usage at the DO backend level and they replied with basically “you cant and we wont charge you for exceeding the 2TB bw limit”..hrm. I certainly used way over 2TB of bw in October but my bill was only $10. So, ya, that’s really good. A lot of others recommend using OVH as well for tor exit nodes. If you want to consider all of the best hosting options, here is a neat list of current Tor Exit Nodes listed by ISP and here is a list of good/bad Tor hosting providers.

What to do if you get an abuse complaint

If you run the default and stock ExitPolicy while running an exit node, you most likely get abuse complaints within ~72 hours.

Luckily for us the Tor Project provides some base templates to use depending upon the type of abuse complaint to come in. You can view them all here. The best way to handle abuse complaints is to set up your exit node so that they are less likely to be sent in the first place.



Within ~24 hours of setting up our exit node that used the default stock ExitPolicy, two abuse complaints rolled in.



The first abuse complaint was an auto generated complaint from a box with fail2ban on it. Someone used the tor exit node to attempt and bruce for logins on another server.



The second abuse complaint was a claimed copyright infringement notice from company, IP-Echelon, an anti-piracy firm who works with copyright holders to protect their data online. Looks like this law firm has a script setup that scans torrent links they own and then subpoena/contact every single IP that downloads movies belonging to their client (Paramount Pictures Corporation). In this case it looks like it was a Shrek the Third bluray torrent. Here is a good template to use for DMCA complaints like this.



Evidentiary Information:

Protocol: BITTORRENT

Infringed Work: Shrek the Third

Infringing FileName: Shrek the Third (BDrip 1080p ENG-ITA-GER-SPA-TUR) x264 bluray (2007)

Infringing FileSize: 4736643065

Infringer’s IP Address: 46.101.98.208

Infringer’s Port: 45697

Initial Infringement Timestamp: 2016-09-01T09:24:12Z



IMO, the best way to deal with abuse complaints generated from your Tor exit node is to respond and say you will add their IP ranges to you ExitPolicy reject rules. This let’s your ISP know you’re down to be pro-active about abuse as well as let’s the complainer know you want to help stop the abuse from happening.



So as you can see, you will have a lot less headaches and worry if you setup an advanced tor ExitPolicy to avoid a lot of these drama llamas. You can also setup fail2ban to harden your server and prevent any hacking/brute force ssh attempts on it.



To make people hella sure our exit node IP is not trying to be malicous, had to throw up a clear message, http://46.101.98.208/. All you have to do is setup apache and then edit the index.html file located in /var/www/html.

Thanks for wanting to learn more about setting up a tor exit node and hopefully this was at least 1% helpful for you.

Additional reading

Stats on our current exit node

https://atlas.torproject.org/#details/D33E1E8F1B9FF03FD2683CE75AA760F75CA30363



Running a Tor Exit Node for fun and e-mails

https://blog.daknob.net/running-a-tor-exit-node-for-fun-and-e-mails/



Fail2ban commands and reporting

http://www.the-art-of-web.com/system/fail2ban-log/



TorWorld

TorWorld FastExit and FastRelay

Easy setup of a Tor Exit node or Tor Relay with responibly ExitPolicy pre-made to cut down on abuse.

Tor Null

Tor Null Advisory BL

Tor subreddit

/r/tor

Donate Bitcoin to keep our DC225 tor exit node alive and maintaned : 1Knbz4isVBZiCQxGHnYii26HkXcGwJTeYP

<3