Mike's Blog
torred users
I became curious, today, thinking about what it might take to create a website that had a simple mechanism that could offer all of it's users the assurance of protected anonymity.
I had a hunch that some kind of public API/service might exist for looking up Tor exit nodes based on IP address and lo and behold I found out about the TorDNSEL.
Translating this into a chunk of PHP code that could be feasibly inserted into evey PHP script on a server, I came up with this:
<?php
$output = array();
exec('dig '.implode('.', array_reverse(explode('.', $_SERVER['REMOTE_ADDR']))).'.6667.4.3.2.1.ip-port.exitlist.torproject.org', $output);
$torred = preg_match('/127\.0\.0\.2/', implode('', $output));
if (!$torred) {
$greeting = 'user we can track';
} else {
$greeting = 'secret anonymous Internet user';
} ?>
hello, <?php echo $greeting; ?>.
In terms of doing something more substantial with it, I would use this code directly after initiating a user's session, where I would check the existence of a stored 'torred' flag or otherwise call the check and, if it fails, redirect the user to a polite go-away page.
For a demo visit this URL using a regular browser vs. using tor or a copy of TorBrowser: http://ai-em.net/tor.php.
Job done.