The v2 and v3 onions have been really sketchy lately. Apparently Tor v3.3 has protections against DDOS and other things, so would be good to upgrade to that as soon as it is stable.
1 Like
I gather you mean some resources are loaded from whonix.org instead of the .onion? If so, yeh, Iâve noticed that e.g. Whonix logo for forums getting pulled in from whonix.org when using the .onions etc.
Is there anyway to make sure all resources are âonion onlyâ? Probably better security / anonymity that way.
2 Likes
Not easy to fix.
2 Likes
Donât worry. I am not expecting people to know about this. Forcing onion using https everywhere is a nice workaround but not an appropriate fix.
Ah - thatâs a pity user defined rules must be used.
I thought this would be a simple (?) fix server-side. It goes contrary to user expectations i.e. most would think - âIâm connecting to the Whonix v2 or v3 onion, so why would it load resources from the clearnet addressâŚâ
3 Likes
Steady Supplies:
Fair enough. I appreciate the https trick though. I have now used that same method on many other sites like Protonmail, Bitmessage.ch, RiseUp, and a dozen other websites that have hidden service mirrors. So I appreciate the tip.
Good to hear.
Patrick I am certain youâll find a more elegant solution soon enough.
Extremely unlikely.
Is there any possibility of Namecoin playing a role in this issue? Or is it another issue entirely? Or a non-issue due to some shortcoming?
I doubt that. Itâs not a DNS issue. The problem is that webapps we are
using such as mediaiwki, wordpress, discourse are using our primary
https domain. These webapps donât support multiple domain for the same
website. We donât have the resources to provide patches to these
projects to add this feature.
2 Likes
Thanks for that info. Noted in wiki.
2 Likes
Denial of Service mitigation subsystem (#24902) ¡ Issues ¡ Legacy / Trac ¡ GitLab
Major features:
- Give relays some defenses against the recent network overload. We start with three defenses (default parameters in parentheses).
- First: if a single client address makes too many connections (>100), hang up on further connections.
- Second: if a single client address makes circuits too quickly (more than 3 per second, with an allowed burst of 90) while also having too many connections open (3), refuse new create cells for the next while (1-2 hours).
- Third: if a client asks to establish a rendezvous point to you directly, ignore the request. These defenses can be manually controlled by new torrc options, but relays will also take guidance from consensus parameters, so thereâs no need to configure anything manually. Implements ticket 24902.
Actually it has been merged into 0.2.9.x and onwards, see:
Denial of Service mitigation subsystem (#24902) ¡ Issues ¡ Legacy / Trac ¡ GitLab
Presumably we have to wait for this to hit Debian stable.
2 Likes
The v3 onion is down but the v2 onion is not?
This is interesting phenomenon.
Why would the server successfully allow connections e.g. forums.kkkkkkkkkk63ava6.onion, but fail with forums.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion at the same time (despite multiple attempts with new circuits)?
Firefox canât establish a connection to the server at forums.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion.
Yada yada.
Like just now.
Misconfiguration? Server overload? Not running latest Tor stable thus subject to an attack of some sort?
Interested users would like to know in terms of a stable server response, since it seems illogical that one would work (v2), while the other would not (v3) at the same time with latest Tor client software running (Tor Browser 7.5.2, Tor 3.2.10). Particularly since it worked just yesterdayâŚ
2 Likes
Weâre on latest stable. I looked at the logs, and according to this Tor Project ticket it looks like the entire network is under stress or load of some kind. Not much we can do on our end, I donât think. I havenât touched the configs before this started happening, unfortunately.
2 Likes
Hi @fortasse ! Whonix v3 onion is still not accessible as previously described by torjunkie. But all the other v3 onions like riseup or even the Qubes onion mirror are accessible.
Would you please investigate on this? 
1 Like
dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion is up and functional for me. I havenât touched the machine since yesterday, and it came up on its own. I am inclined to believe it was simply congestion / stress of the whole Tor network. I believe hidden services form unique circuits, and it just so happened that the main v3 hidden service couldnât find a reliable circuit, while the other hidden services could.
1 Like
Same here.
I was also having connectivity issues with Whonix v3 onion but now its accessible.
1 Like
Thank you for your explanation, @fortasse !
Hi fortasse,
With v2 and v3 Whonix onions down for 3 days, there is some serious problem going on.
Tor metrics shows the number of âusersâ on the network has halved since Tor v3.2.10 was released, meaning the DDOS stuff is working in general (Germany alone lost around a million âusersâ over several days).
However, I see some tor ticket referred to too many circuit connections being opened (both client and server side?) which might be being exploited somehow to cause a permanent takedown effect we are seeing.
As a test, I checked various other v3 onions to see if they connect:
Worked
- Riseup: http://vww6ybal4bd7szmgncyruucpgfkqahzddi37ktceo3ah7ngmcopnpyyd.onion/
- Searx: http://ozmh2zkwx5cjuzopui64csb5ertcooi5vya6c2gm4e3vcvf2c2qvjiyd.onion/
- Onionshare: http://lldan5gahapx5k7iafb3s4ikijc4ni7gx5iywdflkba5y2ezyg6sjgyd.onion/
- Random legal firm: http://dlegal66uj5u2dvcbrev7vv6fjtwnd4moqu7j6jnd42rmbypv3coigyd.onion/
- Federalist papers: http://7fa6xlti5joarlmkuhjaifa47ukgcwz6tfndgax45ocyn4rixm632jid.onion/fedpapers/federa00.htm
- Gitea: http://lgekyjf5vosmbfvcxzg3g5mmcncmwy4d3nhjrdqqiqzl5nmhqlfemaid.onion/
- Txtorcon: http://lgekyjf5vosmbfvcxzg3g5mmcncmwy4d3nhjrdqqiqzl5nmhqlfemaid.onion/
Didnât work:
- Qubes (also hosted by Whonix server?): http://sik5nlgfc5qylnnsr57qrbm64zbdx6t4lreyhpon3ychmxmiem7tioad.onion/
- Whonix: http://dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/
Conclusion:
If it is a network wide attack, I would expect other random v3 onions to fail at least once. Thatâs not the case.
Therefore, since you havenât changed the configuration, it is most likely:
a) Targeted attack - meaning there is a strong rationale for a Whonix mirror or server with more capacity (?)
b) Some misconfiguration that wasnât picked up previously, but is now being exploited.
c) Something else.
But whatever it is, itâs really annoying.
2 Likes
@fortasse the mirrors of onion whonix r down for sure or they r missed up. not way to reach them since 2 daysâŚ
update needed when resolved: Keep Tor onion service up-to-date ¡ Issue #1352 ¡ QubesOS/qubes-issues ¡ GitHub
1 Like
Definitely Whonix-specific. All Debian v2 onions functional, all v2 search engines functional etc. A huge pity with fortasse leaving at this critical time.
Do you think you can fix the v3 onion? @Ego
To try and solve this in the absence of a webmaster, wouldnât it be worth capturing the relevant logs and sending to tor-talk or similar?
No doubt various errors are popping up in Tor logs on the server, probably similar to:
- Tor deals poorly with a very large number of incoming connection requests. (#15463) ¡ Issues ¡ Legacy / Trac ¡ GitLab
- [tor-talk] (D)DOS over Tor network ? Help !
Also, couldnât the v3 instance also be recreated as a test to see if it is at least reachable?
NextGenOnions ¡ Wiki ¡ Legacy / Trac ¡ GitLab
Open prop224 bugs are here:
3 Likes