TOR Project is set to release a fix for an issue or bug which has been making Onion sites vulnerable to distributed denial of service (DDoS) for a long time.
This is basically a DDos issue causing the sites ending with ".onion" to crash. It is to be noted that this bug is not a new one and has been known by the TOR developers for years. The main reason that the TOR developers are unable to fix it is due to lack of manpower.
This bug exploits the process which is required to establish a genuine user's connection. In a TOR network, It's not possible to identify the incoming connection requests whether these requests are from a genuine user or an attacker.
About 4 years ago, Stinger-Tor tool was made available on GitHub. This tool can be used easily to launch a DDOs attack on the Tor network with the help of a Python script. There were also other similar tools like this available for sale in secret forums.
Dream Market is a marketplace where the share of illegal funds takes. The site suffered a series of DDoS attacks for months and the attacker demanded $400,000 worth of Bitcoins to stop it. However, Dream Market chose to shut down its site instead of paying them. Other web markets like Empire Market, Nightmare Market and Dead forum also became the victim of this unstoppable DDoS attacks.
How did the DDoS bug help in attacking .onion sites?
The attacker initiates thousands of connection to the targeted site which is on the TOR network and then leaves these connections hanging. This happens when the attacker launches a series of DDoS attacks against the targeted site.
Basically, for each connection, the Onion service travels through a complex circuit in the TOR network to secure the connection between the remote user and its server. As this process is CPU intensive, the processor of the server reaches its limit and cannot accept new connections any more.
As mentioned earlier, TOR developers were not able to fix this bug due to financial reasons. But they have now started the project to fix this issue because they have received enough donations to begin this work.
You will find a "sponsor" status below in the official declaration made by TOR regarding the DDoS bug.
What About The Fix?
Keep in mind that the upcoming update will not fix this issue completely but it will make the DDoS attacks less effective. The TOR project will not be able to fix this bug completely because it can end up destroying some of the main features of the TOR network.
The users of .onion sites will find a new option after the update using which they can easily enable or disable a defense option to protect their sites. If this option is enabled then the users, as well as visitors, will be able to access the site which is under DDoS attack.