How to Block TOR Users

How to Block TOR Users
  • Published: January 4, 2024

In the digital age, maintaining the integrity and security of your website, app or IT systems is crucial. The TOR network ("The Onion Router"), is a anonymization network that enables anonymous web access. While often used for legitimate privacy reasons, it is also used by many malicious actors that exploit TOR's anonymity for harmful activities. As a VPN, Proxy, TOR, and Bot detection service, Focsec is dedicated to helping you understand and mitigate these threats. This guide will walk you through the steps to effectively block TOR users, enhancing your site's security.

Understanding TOR traffic and Its Implications

TOR routes a users internet traffic through a number of different servers, refered to as TOR nodes. This encrypted routing process using multiple nodes will conceal a users true IP address and geographical location. TOR provides a very high degree of anonymity, making it impossible to track the true source IP address of a person using TOR. While this anonymity can be a legit tool for internet privacy, when used for malicious activities, it poses a significant threat to businesses.

Considerations when blocking TOR traffic

You should carefully consider if you really want to block all traffic coming from the TOR network. As mentioned, there may be legitimate privacy concerns of persons accessing your systems using TOR. Depending on your use cases and threat scenarios, it may be enough to only block crtical actions such as registration, login, contact forms or password recover.

How to technically block TOR traffic

Focsec maintains a comprehensive list of all TOR IP addresses. You can access this data for a one-off real-time check via our web API or download the full database containing all IP addresses. Now, how should you implement the block?

  • Block all traffic: The best way to block all TOR traffic is the use of a firewall deployed in front of your systems. A firewall can be configured to deny any incoming traffic from known TOR IP addresses. Our full TOR IP address database can be integrated with most common firewall products.
  • Block TOR users from critical actions only: If you only want to block TOR users from performing critical actions on your site, such as registration, login or password resets, you can access our web API to do a one-off check. Our web API will instantly tell you if the given IP address is part of the TOR network. You can then block the action or flag it for manual review.
  • DO NOT rely on outdated IP address lists that you find online. The TOR network is constantly changing and growing, relying on outdated data can render your protective measures useless.

Blocking TOR users is a proactive step towards securing your online environment. With Focsec's robust TOR detection and blocking capabilities, you can ensure that your site remains secure, compliant, and free from malicious anonymous traffic. Remember, the goal isn't to infringe on privacy but to protect against those who abuse anonymity for harmful purposes.

Want to detect VPNs, Proxies, TOR, Bots, Hackers and more?

The Focsec API detects VPNs, TOR, Proxies and Bots. It helps prevent fraud and protect against suspicious logins and attacks.

Read more »