[HacktionLab] Project Honeypot /TOR / GreenNet /Zylum

zylum at peacenews.info zylum at peacenews.info
Mon Dec 29 11:09:51 UTC 2014


Dear Mark,
      Thank-you for the heads up regarding Project Honeypot. I passed the 
information on the Cedric at GreenNet and he has made some adjustments. 
GreenNet would be happy to hear from you if you continue to have issues 
accessing anything on their servers via TOR.

There are outstanding issues with http://zylum.org around how it 
degrades if images /cookies /javascript etc. etc. are disabled, it is my 
intention to iron as many of these out as possible over the next few 
weeks. At this stage any comments are welcome, but you will be looking 
at an alpha version so issues are to be expected.

The beta launch is scheduled for 10 Jan. That will include improvements 
such as https. I think that it is worth bearing in mind who Zylum is 
intended for. Those with technical expertise (on this list) can 
doubtless find more secure alternatives and/or more purist free 
alternatives - but zylum is intended to be an easy to use step in the 
right direction for those who would otherwise post everything about 
their campaign on F***book or Wordpress.com  Hopefully Zylum succeeds in 
being a lesser evil?
Seasons' greetings,
Benjamin.


---- Cedric Wrote ----
Project Honeypot is something we've been experimenting
with on two web servers since 19 Dec, in order to cut down on resource
usage caused by a spate of dictionary attacks on CPU-intensive pages
such as WordPress logins.  Unfortunately it does seem like almost all
Tor exit nodes have been used by comment spammers, which is why this
"Your IP address is on the Project Honeypot offender list" was
appearing.  I've adjusted this, and will continue to look at
alternatives.  Please pass that info on if you like.

This wouldn't have affected Zylum or APC.org in any case because they
are on separate servers.  People using the Tor browser bundle may have
some problems with Zylum.org, but that's because of the TBB includes
NoScript, and Zylum is in places dependent on JavaScript and nothing
to do with Project Honeypot.
----


---- In reply to message: Mark 20/12/2014 HacktionLab Digest, Vol 80, 
Issue 11 ----

Perhaps more important than ideological purity, I can't access web
services under apc.org and subdomains via tor. "Your IP address is
on the Project Honeypot offender list." Oh dear :-(

Benjamin? How does blacklisting tor exit nodes fit with the
security model you're proposing?
Mark

------



More information about the HacktionLab mailing list