The Tor Project provides a full list of IPs that are currently exit nodes in the Tor network. Exit nodes are basically the public "exit doors" from the Tor network to the public internet, so if a user is browsing with Tor and access a website in the public internet the IP of the exit node will be the IP of that user.
In this way, we can detect if a user is browsing with Tor. Using Tor is not illegal and a user that uses Tor is not malicious per se. I think it makes no sense to block all exit Tor IPs, because the most users can make a good use of Tor.
Nevertheless, you can identify it for other purposes.
There are other ways to identify if an IP is an IP of a Tor exit node:
Check it directly in ExoneraTor, which is a frontend to request this kind of data (also accepts a date).
Perform a DNS lookup to the public TorDNSEL service the way to do this is reversing an IP, prepend it to
.dnsel.torproject.org and perform a lookup. If the result starts with
127.0.0. and it is not
127.0.0.1, then the IP is the IP of an exit node. For example with the IP
220.127.116.11 we can do it with:
- There is also a NPM package that you can use (named "IsTorExit"):
npm install -g istorexit
And that's all! Hope its helpful...
Since you've made it this far, sharing this article on your favorite social media network would be highly appreciated 😀! For feedback, please ping me on Twitter.