Tor Project developers got rid of 800 servers with outdated software
The Tor Project administration reported that it blacklisted and thus got rid of more than 800 servers on its network, as they had outdated software running on them.
Remote servers account for approximately 13.5% of the 6,000 servers currently forming the Tor network. About 750 of the remote servers are middle relays, and another 62 are the output nodes.The Tor team said that the ban was imposed for security reasons, since nodes with outdated software are vulnerable to various attacks and do not support the protective mechanisms added to later versions of server software.
“Unfortunately, End-Of-Life relays have some negative impacts on the network. Any relay in the network that runs an obsolete version puts network stability and security at risk. Outdated relays make it harder for us to roll out important fixes. And they can also make it harder to roll out some new features”, — report Tor Project developers.
Read also: Drupalgeddon2 vulnerability, fixed a year and a half ago, still used in cyberattacks
The developers say they plan to release a Tor update in November, and the updated version will by default reject connections to servers running obsolete software, without any outside intervention.
“I applaud this Tor Project solution; it will help bring Tor to a better state. I guess node operators are simply neglecting their servers. Too often I see this in the hosting industry. Most people leave their servers running outdated operating systems and outdated software. Most people don’t do anything until something goes wrong or something falls. Most likely, most operators simply pay their bills and don’t touch their servers at all”, – says TorWorld, a leading information security researcher, also known as Lunar.
Plans to add insecure servers to black lists began to be implemented in September of this year.