I recently started up a tor node from a VPS, and I’m still pretty new to using tor and linux systems in general.
My relay has been using 100% of it’s CPU capacity for the last week or so. Looking at the node status page from tor, it also appears that it is never fully online for longer than an hour or two. I think this is because the excessive processing load is causing kernel panic and forcing a restart. (UPDATE: This does not appear to be the case. I just found out about the uptime command, it showed that the server has been running since I last manually restarted it. Could it be that the tor service is restarting itself?)
I’m assuming that I would then need to limit the bandwidth in the torrc file to reduce the processing load, but from there how would I know what number to limit it to? Is there an equation or table I can use to figure out what percentage of my CPU that a given bandwidth would use?
I’ve also seen it mentioned that the tor network is currently being ddos’d, could this be the actual reason why my CPU usage is so high? If so, what steps should I take, (if any) to mitigate them?
Why CPU load may lead to crash? I don’t see reasons for it.
It is better to keep track of RAM usage, because it for sure may be the reason of crashes.
Yes, it can.
However, for me, attack happens only when my relay have Stable flag. I doubt that your relay have it considering frequent restarts.
Thanks for the reply.
It could be the RAM usage, my server only has one gb of it, though the service I use doesn’t have panels to show its usage. Looking at the server now (which is still operating at a high CPU percentage), tor is sitting steady at 65.7% of avaliable memory.
update: I’ve also done a bit of other research, I just found out about the uptime command, which subsequently showed me that the server had been online since I last rebooted it manually (about 20 days ago). This now raises the question of why is the tor node lookup page showing such frequent restarts? Is it that the tor service itself is restarting, as opposed to the entire machine?
My relay actually does have the stable flag though, so maybe it could be under attack, which brings me back to the question of what I should do about it.
When Tor have logging enabled, it writes lines like
Oct 17 10:25:32.000 [notice] Tor 0.4.7.10 (git-f732a91a73be3ca6) opening log file. into log. Looking at them you may understand when restarts happened.
Also every 6 hours it writes something like
Oct 22 16:31:56.000 [notice] Heartbeat: Tor's uptime is 5 days 6:00 hours, with 10412 circuits open. I've sent 1490.65 GB and received 1524.96 GB. I've received 634119 connections on IPv4 and 1981 on IPv6. I've made 403098 connections with IPv4 and 0 with IPv6.. This is how you can tell if it is alive.
With a few filter rules, the DDOS attacks can be easily mitigated.
However, even with these rules, my relay is displayed as overloaded.
→ GitHub - Enkidu-6/tor-ddos: iptables rules for Tor relay operators to mitigate ddos
By the way, for direct changes to the relay config or better monitoring, use the “nyx” tool…