nostrbird on Nostr: How to try #PoW in Tor #Onion If you operate an Onion Service and believe that it may ...
How to try #PoW in Tor #Onion
If you operate an Onion Service and believe that it may be subject to high traffic or even a DoS attack, you may help Tor by giving feedback about the PoW protection.
To setup the PoW protection, please follow the steps outlined at the Onion Services DoS Guidelines page 18. This involves:
Using a GPL-covered C Tor binary version 0.4.8.4 onwards (your software distribution may already provide it or you might need to compile it yourself).
Enable the protection for each of your Onion Services with HiddenServicePoWDefensesEnabled 1.
Monitor your services with MetricsPort (be careful to not expose this port publicly) and tools like Prometheus 5 and Grafana.
Tune HiddenServicePoWQueueRate and HiddenServicePoWQueueBurst for each Onion Service as needed.
During DoS attacks, you might also want to increase verbosity on your logs for a short while to help understanding what’s going on. To do that, use a Log configuration like this:
Log info file /var/log/tor/info.log
Published at
2023-11-29 07:21:23Event JSON
{
"id": "962ad7d4431244c2dfc02b6b9bf6d753867320a3fea601fbc46fbc5f891a35f4",
"pubkey": "1237fba45b7df77b4cca2209dc68d208a4fa7384cce03b53ec6c862353705d6d",
"created_at": 1701242483,
"kind": 1,
"tags": [
[
"t",
"pow"
]
],
"content": "\nHow to try #PoW in Tor #Onion \n\nIf you operate an Onion Service and believe that it may be subject to high traffic or even a DoS attack, you may help Tor by giving feedback about the PoW protection.\n\nTo setup the PoW protection, please follow the steps outlined at the Onion Services DoS Guidelines page 18. This involves:\n\n Using a GPL-covered C Tor binary version 0.4.8.4 onwards (your software distribution may already provide it or you might need to compile it yourself).\n\n Enable the protection for each of your Onion Services with HiddenServicePoWDefensesEnabled 1.\n\n Monitor your services with MetricsPort (be careful to not expose this port publicly) and tools like Prometheus 5 and Grafana.\n\n Tune HiddenServicePoWQueueRate and HiddenServicePoWQueueBurst for each Onion Service as needed.\n\nDuring DoS attacks, you might also want to increase verbosity on your logs for a short while to help understanding what’s going on. To do that, use a Log configuration like this:\n\nLog info file /var/log/tor/info.log",
"sig": "a7ca56c62aa5e7d23ae5e78b47aed4c75a572a8f0d715fbc012ecbf99b56b1f75f6c20c0248bf39cea0ec1afd7e744cab780866186a484527845a92768cd1e33"
}
