{"id":3445,"date":"2023-10-08T03:02:08","date_gmt":"2023-10-08T02:02:08","guid":{"rendered":"https:\/\/www.torbox.ch\/?page_id=3445"},"modified":"2025-12-31T17:29:22","modified_gmt":"2025-12-31T16:29:22","slug":"sub-menu-danger-zone","status":"publish","type":"page","link":"https:\/\/www.torbox.ch\/?page_id=3445","title":{"rendered":"Sub-menu: Danger Zone"},"content":{"rendered":"<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"760\" height=\"516\" src=\"https:\/\/www.torbox.ch\/wp-content\/uploads\/2025\/12\/danger-v055-e1767061360424.png\" alt=\"The Danger Zone sub-menu of TorBox v.0.5.5.\" class=\"wp-image-4034\"\/><figcaption class=\"wp-element-caption\">The Danger Zone sub-menu of TorBox v.0.5.5.<\/figcaption><\/figure>\n<\/div>\n\n\n<p>This sub-menu comprises features that are considered risky or could compromise the user\u2019s security and anonymity. Therefore, <strong>these features should be used only if the user understands the associated risks and consequences<\/strong>. In the following, we look at all menu entries one by one:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Menu entry 1: Start \/ Stop the exclusion of domains from tor protection<\/strong>: If this feature is started, TorBox will connect certain domains directly, <strong>meaning that these domains will not be routed through Tor<\/strong>. These domains, provided by the user, can be categorised into two buckets: CLEARNET and VPN. If you add a domain to the CLEARNET bucket, TorBox will always contact that domain directly. In the VPN bucket, TorBox will only directly contact the domain when connected to a VPN provider (either when <a href=\"https:\/\/www.torbox.ch\/?page_id=775\">main menu entry 10<\/a> is selected or <a href=\"https:\/\/www.torbox.ch\/?page_id=797\">entry 18 in the Countermeasure sub-menu<\/a> is activated).<br><br>This feature was requested by a user who wanted specific government sites in an authoritarian country to be accessible directly, rather than via Tor, even though he used Tor for all other connections to protect himself. Another use case could be excluding a streaming service that doesn\u2019t require protection (for example, a local music station) and consumes a significant amount of bandwidth. <strong>Please note that Tor does not protect traffic to or from IPs on the exclusion list. Anyone will probably see that you connect these IP addresses. If not encrypted correctly (for example, using HTTP, which is blocked by default), anyone can view the content of communications to and from these IP addresses.<\/strong><\/li>\n<\/ul>\n\n\n\n<p><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Menu entry 2: Add, change or remove a domain\/IP entry in the exclusion lists<\/strong>: Let&#8217;s say you don&#8217;t want the streaming from <code>netflix.com<\/code> to be routed through Tor. In this case, this menu entry, the domain <code>netflix.com<\/code> can be added to the exclusion list. Suppose the domain isn&#8217;t already in the exclusion list. In that case, you must choose which bucket the domain should be placed in: CLEARNET (always contact this domain directly) or VPN (contact the domain directly only if the TorBox is connected to a VPN provider). After this first step, <code>netflix.com<\/code> (or better, the associated IP addresses) will be excluded from Tor routing. The entry in the exclusion list looks like this:<br><code>netflix.com 52.38.7.83 44.242.13.161 44.240.158.19<\/code><br><br>Next, the option for a deeper scan is offered, which makes sense in more complex situations (load-balanced sites, app requests, etc.) when additional subdomains or more IP addresses need to be excluded. It is essential that the domain is used as usual on the client during the deep scan, because the scan listens to DNS requests on the client&#8217;s interface. However, this can be a bit challenging because your client&#8217;s browser and\/or the operating system typically cache the DNS response (the IP address) for some time. Using a different browser to connect or flushing your browser&#8217;s DNS cache will help. Another method is to flush your system&#8217;s DNS cache and then run ping (for example: <code>ping netflix.com<\/code>) on the client machine. How to flush the DNS cache of an operating system or a Chrome-based<strong> browser, see <a href=\"https:\/\/blog.hubspot.com\/website\/flush-dns\">here<\/a><\/strong>. The scan automatically stops when it has enough data and shows you the screen below:<\/li>\n<\/ul>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"710\" height=\"656\" src=\"https:\/\/www.torbox.ch\/wp-content\/uploads\/2023\/10\/deepscan-001.png\" alt=\"\" class=\"wp-image-3447\" srcset=\"https:\/\/www.torbox.ch\/wp-content\/uploads\/2023\/10\/deepscan-001.png 710w, https:\/\/www.torbox.ch\/wp-content\/uploads\/2023\/10\/deepscan-001-300x277.png 300w\" sizes=\"auto, (max-width: 710px) 85vw, 710px\" \/><\/figure>\n<\/div>\n\n\n<p>According to the result, the deep scan identified an additional IP (54.237.226.164) for <code>netflix.com<\/code> and two additional sub-domains (<code>www.netflix.com<\/code> and <code>ichnaea-web.netflix.com<\/code>), that were used during your interaction. The message about adding open nameservers is safe to ignore. If this is the first deep scan, repeat it to ensure all subdomains and IP addresses are added to the exclusion list. In our example, selecting &#8220;Complement old entries&#8221; is the right choice because we wouldn&#8217;t replace the already found IP. After choosing that entry, the exclusion list looks like the following: <br><code>ichnaea-web.netflix.com 35.153.114.4 44.240.158.19 52.38.7.83 44.242.13.161<br>netflix.com 52.38.7.83 44.242.13.161 44.240.158.19 54.237.226.164<br>www.netflix.com 54.160.93.182 52.38.7.83 44.240.158.19 44.242.13.161<\/code><\/p>\n\n\n\n<p>If you use the menu entry again and enter a domain that is already in the exclusion list (for example, <code>netflix.com<\/code> or <code>www.netflix.com<\/code>), you will see the following sub-menu:<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><a href=\"https:\/\/www.torbox.ch\/wp-content\/uploads\/2023\/10\/exclusion-sub-001.png\"><img loading=\"lazy\" decoding=\"async\" width=\"760\" height=\"280\" src=\"https:\/\/www.torbox.ch\/wp-content\/uploads\/2023\/10\/exclusion-sub-001.png\" alt=\"\" class=\"wp-image-3448\" srcset=\"https:\/\/www.torbox.ch\/wp-content\/uploads\/2023\/10\/exclusion-sub-001.png 760w, https:\/\/www.torbox.ch\/wp-content\/uploads\/2023\/10\/exclusion-sub-001-300x111.png 300w\" sizes=\"auto, (max-width: 760px) 85vw, 760px\" \/><\/a><\/figure>\n<\/div>\n\n\n<div style=\"height:35px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Entry 1 <\/strong>will make\/repeat a deeper scan of the domain to exclude (more) subdomains and IPs if available and linked with the domain. For more information, see above.<\/li>\n\n\n\n<li><strong>Entry 2<\/strong> gives the ability to move the domain from one bucket to the other (CLEARNET to VPN \/ VPN to CLEARNET). <\/li>\n\n\n\n<li><strong>Entry 3<\/strong> will remove the domain from the exclusion list.<br><br>Regarding entries 2 and 3, be aware that, for example, <code>netflix.com<\/code> will also move\/remove <code>www.netflix.com<\/code> and <code>ichnaea-web.netflix.com<\/code>. However, if you enter <code>www.netflix.com<\/code>, then <code>netflix.com<\/code> or <code>ichnaea-web.netflix.com<\/code> (and even <code>www1.netflix.com<\/code>) will not be affected.<\/li>\n<\/ul>\n\n\n\n<p><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Menu entry 3: Lists the exclusion lists<\/strong>: does what it says.<\/li>\n<\/ul>\n\n\n\n<p><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Menu entry 4: Backup\/restore the exclusion lists<\/strong>: displays an explanation of how the exclusion lists can be manually saved and restored.<\/li>\n<\/ul>\n\n\n\n<p><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Menu entry 5: Disable \/ Enable the AP on wlan1 failsafe<\/strong>: By default, TorBox&#8217;s wireless network (the Access Point; AP) is on the interface <code>wlan0<\/code> representing the internal wireless chip. However, <a href=\"https:\/\/www.torbox.ch\/?page_id=775\">entry 7 in the main menu<\/a> changes that because to use the internal chip to connect to the Internet, the AP has to be put on <code>wlan1<\/code> , which represents the USB wireless network adapter. However, problematic is that if TorBox is shut down, the USB wireless network adapter is removed, and TorBox starts again, the user is locked out. To avoid that, TorBox reverts any configuration during the boot, which puts the AP on <code>wlan1<\/code>. Of course, this is not something users want to have when they want the AP to stick to the USB wireless network adapter. In this case, they can disable the failsafe feature using this menu entry.<\/li>\n<\/ul>\n\n\n\n<p><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Menu entry 6: Disable \/ Enable TorBox&#8217;s WebSSH access<\/strong>: With&nbsp;<code>webssh<\/code>, users don\u2019t need a SSH client because every web browser can jump in. A user on a Wi-Fi client can type&nbsp;<a href=\"http:\/\/192.168.42.1\/\">192.168.42.1<\/a>; someone on a cable client can type&nbsp;<a href=\"http:\/\/192.168.43.1\/\" target=\"_blank\" rel=\"noreferrer noopener\">192.168.43.1<\/a>; someone using VPN or TorBox mini can type  <a href=\"http:\/\/192.168.44.1\/\" target=\"_blank\" rel=\"noreferrer noopener\">192.168.44.1<\/a>. This functionality comes with a certain risk because&nbsp;<code>webssh<\/code>&nbsp;is not encrypted (this would need a self-signed certificate, which the browser doesn\u2019t support easily). However, this shouldn\u2019t cause any problems because the TorBox AP and its WLAN, or the connection cable, should be under your control. In case of a VPN connection to your TorBox (on a Cloud), the VPN connection takes care of the encryption. By default,&nbsp;<code>webssh<\/code>&nbsp;cannot be accessed from the Internet. If you want maximum security, you can continue using an SSH client and even disable&nbsp;<code>webssh<\/code>&nbsp;with this menu entry.<\/li>\n<\/ul>\n\n\n\n<p><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Menu entry 7: Change SSH access from the Internet and from the Clients<\/strong>: With this menu entry, you can configure SSH access to your TorBox in detail. The following settings are possible (see image below):<br>&#8211; SSH Service as a whole can be enabled or disabled<br>&#8211; SSH access from the Internet can be allowed or blocked<br>&#8211; SSH access from WiFi, cable, USB or VPN clients can be allowed or blocked<\/li>\n<\/ul>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><a href=\"https:\/\/www.torbox.ch\/wp-content\/uploads\/2025\/12\/ssh-access-v055-e1767123339475.png\"><img loading=\"lazy\" decoding=\"async\" width=\"760\" height=\"466\" src=\"https:\/\/www.torbox.ch\/wp-content\/uploads\/2025\/12\/ssh-access-v055-e1767123339475.png\" alt=\"\" class=\"wp-image-4043\"\/><\/a><\/figure>\n<\/div>\n\n\n<p><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Menu entry 8: Disable \/ Enable SSH password login: <\/strong>does what it says. It makes particular sense after generating and using SSH keys for the TorBox SSH login, which can be done in the&nbsp;Configuration submenu,<a href=\"https:\/\/www.torbox.ch\/?page_id=875\"> entry 2<\/a>.<\/li>\n<\/ul>\n\n\n\n<p><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Menu entry 9: Disable \/ Enable root access<\/strong>: In everyday use, <code>root<\/code> access is not necessary. TorBox running on Raspberry Pi OS has root access disabled by default. That&#8217;s most likely not the case with Debian- and Ubuntu-based installations. In some cases, for example, <code>root<\/code> access is required at the beginning of a TorBox on a Cloud installation until all components are correctly configured and clients can connect to the TorBox on a Cloud using <a href=\"https:\/\/openvpn.net\/client\/\" target=\"_blank\" rel=\"noreferrer noopener\">OpenVPN Connect<\/a> or <a href=\"https:\/\/tunnelblick.net\/\">Tunnelblick<\/a>. However, from a security standpoint, it is preferable to disable <code>root<\/code> access after this initial phase. With this menu entry, you can disable or enable root access. Enabling <code>root<\/code> access will also require a new password.<\/li>\n<\/ul>\n\n\n\n<p><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Menu entry 10: Disable \/ Enable Passwordless TorBox&#8217;s WLAN (reboot required)<\/strong>: does what it says.<\/li>\n<\/ul>\n\n\n\n<p><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Menu entry 11: Forwarding only &#8211; tor protection disabled<\/strong>: The \u201cforwarding only\u201d mode for client data traffic will function as a router without tor protection. This feature was&nbsp;<a href=\"https:\/\/github.com\/radio24\/TorBox\/issues\/33\" target=\"_blank\" rel=\"noreferrer noopener\">requested<\/a>, but it mostly makes sense in the context of development and debugging.<\/li>\n<\/ul>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><a href=\"https:\/\/www.torbox.ch\/wp-content\/uploads\/2023\/10\/different-connection-modes-e1696770196619.png\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"729\" src=\"https:\/\/www.torbox.ch\/wp-content\/uploads\/2023\/10\/different-connection-modes-1024x729.png\" alt=\"TorBox\u2019s different connection modes\" class=\"wp-image-3486\"\/><\/a><figcaption class=\"wp-element-caption\">TorBox\u2019s different connection modes<\/figcaption><\/figure>\n<\/div>\n\n\n<p><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Menu entry 12 (only TorBox mini): Activate\/deactivate other connection options in TorBox mini&#8217;s Main Menu:<\/strong>&nbsp;This menu entry is only displayed on a TorBox mini installation. By default, TorBox mini shows only one connection option: the Internet is connected through <code>wlan0<\/code>, and the client is connected to <code>usb0<\/code>. However, advanced users may add connection options to the Raspberry Pi Zero 2 W and later want to switch to another option; therefore, they can use this menu entry to re-enable those options.<\/li>\n<\/ul>\n\n\n\n<p><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Menu entry 12 (TorBox \/ TorBox on a Cloud): Convert a default TorBox installation to a TorBox mini installation<\/strong>: If TorBox is installed on an SD Card (Raspberry Pi OS \/ Debian), then the user can use this menu entry to convert the system to a TorBox mini installation. After using this menu entry, the SD card can be used with a Raspberry Pi Zero 2 W. This menu entry is intended only for developers.<\/li>\n<\/ul>\n\n\n\n<p><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Menu entry 13 (<strong>only TorBox mini<\/strong>): Convert a TorBox mini installation to a default TorBox installation<\/strong>: The user can use this menu entry to convert a TorBox mini installation to a default TorBox installation. After using this menu entry, the SD card can be used with a default Raspberry Pi. This menu entry is intended only for developers.<\/li>\n<\/ul>\n\n\n\n<p><\/p>\n\n\n\n<center><h1><p style=\"text-align: center;\">\u2022 \u2022 \u2022<\/p><\/h1><\/center>\n\n\n\n<p><strong>Problems and questions<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>TorBox\u2019s wireless manager doesn\u2019t show me any wireless networks (2.5 GHz and\/or 5 GHz)! What can I do? \u2013&gt; see <a href=\"https:\/\/www.torbox.ch\/?page_id=112#torboxs-wireless-manager-doesnt-show-me-none-or-not-all-wireless-networks-25-ghz-andor-5-ghz-what-can-i-do\">here<\/a>.<\/li>\n<\/ul>\n\n\n\n<p><\/p>\n\n\n\n<p><\/p>\n\n\n\n<p><\/p>\n\n\n\n<p><\/p>\n\n\n\n<p><\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>This sub-menu comprises features that are considered risky or could compromise the user\u2019s security and anonymity. Therefore, these features should be used only if the user understands the associated risks and consequences. In the following, we look at all menu entries one by one: According to the result, the deep scan identified an additional IP &hellip; <a href=\"https:\/\/www.torbox.ch\/?page_id=3445\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Sub-menu: Danger Zone&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_uag_custom_page_level_css":"","footnotes":""},"class_list":["post-3445","page","type-page","status-publish","hentry"],"uagb_featured_image_src":{"full":false,"thumbnail":false,"medium":false,"medium_large":false,"large":false,"1536x1536":false,"2048x2048":false,"post-thumbnail":false},"uagb_author_info":{"display_name":"radio_24","author_link":"https:\/\/www.torbox.ch\/?author=1"},"uagb_comment_info":0,"uagb_excerpt":"This sub-menu comprises features that are considered risky or could compromise the user\u2019s security and anonymity. Therefore, these features should be used only if the user understands the associated risks and consequences. In the following, we look at all menu entries one by one: According to the result, the deep scan identified an additional IP&hellip;","_links":{"self":[{"href":"https:\/\/www.torbox.ch\/index.php?rest_route=\/wp\/v2\/pages\/3445","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.torbox.ch\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.torbox.ch\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.torbox.ch\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.torbox.ch\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3445"}],"version-history":[{"count":22,"href":"https:\/\/www.torbox.ch\/index.php?rest_route=\/wp\/v2\/pages\/3445\/revisions"}],"predecessor-version":[{"id":4045,"href":"https:\/\/www.torbox.ch\/index.php?rest_route=\/wp\/v2\/pages\/3445\/revisions\/4045"}],"wp:attachment":[{"href":"https:\/\/www.torbox.ch\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3445"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}