News

Tor Project developers got rid of 800 servers with outdated software

The Tor Project administration reported that it blacklisted and thus got rid of more than 800 servers on its network, as they had outdated software running on them.

Remote servers account for approximately 13.5% of the 6,000 servers currently forming the Tor network. About 750 of the remote servers are middle relays, and another 62 are the output nodes.

The Tor team said that the ban was imposed for security reasons, since nodes with outdated software are vulnerable to various attacks and do not support the protective mechanisms added to later versions of server software.

“Unfortunately, End-Of-Life relays have some negative impacts on the network. Any relay in the network that runs an obsolete version puts network stability and security at risk. Outdated relays make it harder for us to roll out important fixes. And they can also make it harder to roll out some new features”, — report Tor Project developers.

Read also: Drupalgeddon2 vulnerability, fixed a year and a half ago, still used in cyberattacks

The developers say they plan to release a Tor update in November, and the updated version will by default reject connections to servers running obsolete software, without any outside intervention.

“I applaud this Tor Project solution; it will help bring Tor to a better state. I guess node operators are simply neglecting their servers. Too often I see this in the hosting industry. Most people leave their servers running outdated operating systems and outdated software. Most people don’t do anything until something goes wrong or something falls. Most likely, most operators simply pay their bills and don’t touch their servers at all”, – says TorWorld, a leading information security researcher, also known as Lunar.

Plans to add insecure servers to black lists began to be implemented in September of this year.

Initially, the developers planned to get rid of 1276 servers running outdated software. However, when Tor Project administrators notified the server owners of the problems, many of them still installed updates, and the number of insecure nodes was reduced to 800 with a small amount.
Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

James Brown

Technology news writer and part-time security researcher. Author of how-to articles related to Windows computer issue solving.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Sending

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button