On Wed, Nov 26, 2014 at 10:21 PM, Cyrus <[email protected]> wrote: > I have a problem involving a shared server hosting many hidden services. > One of the hidden services is being attacked and this is causing the tor > daemon to use 100% CPU. I am quite sure the attack is just a DDOS flood. > > What I can't seem to figure out is how to isolate which hidden service > is being attacked so I can disable it. I have tried enabling the info > log but it doesn't seem to contain the information I need. The debug log > is a quagmire, and I don't know what to look for. > > Please tell me what to search for in the debug log.
If you are unable to use webserver logs to pull the onion from (vhost by host header or tcp port), or no data is being sent, you could probably watch control port with: usefeature extended_events usefeature verbose_names setevents circ And look for lots of PURPOSE=HS* counts by onion. And similar by descriptor id / onion in debug log, rend-spec.txt doc in torspec.git may help with that. Maybe we're golden... :) btc:1BubrXURMMEtzNNzhifNRpnxwUPANGeSR -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
