[tor-relays] exit node experience: abuse over HTTP, stealrat infection

Thomas White thomaswhite at riseup.net
Fri Oct 24 15:36:04 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ask your upstream to filter their reports if you can, I can testify I
have received in excess of 300 complaints from them and ironically,
they ignored all of my responses to them for the first 200 or so I
responded to.

Ultimately (if you'll excuse my language), they are acting like a
bunch of tossers and so I am not wasting my time on them when it could
be spent productively elsewhere (ie liaising with police and branching
out my contacts to talk about Tor).

One important thing to remember here is that they only append current
Tor IP's to their abuse list. 5 of my exits have recently changed IP
address and in the several days following, they are still sending
abuse complaints to them when Tor isn't even running.

- -T

On 24/10/2014 08:16, Tom van der Woerdt wrote:
> Manuel Gebauer schreef op 19/10/14 15:29:
>> Hi, Tom and Rejo. Same with me. Half of the abuse complaints I 
>> get are from Valuehost Ru. Because I run on a cheap VPS I don't 
>> get a reassigned IP. Therefore I always fear that my provider 
>> might lose patience and shut down my server. That's why I
>> decided to block Valuehost's range 217.112.34.0/24 completely.
>> 
>> I also wrote to Valuehost Ru and asked them politely to consider 
>> that their own customers might like to use tor and to reconsider 
>> their policy for abuse complaints. No answer yet. I think they 
>> have an automated abuse complaint system and don't care much for 
>> replies.
>> 
>> Cheers,
>> 
>> M.
> 
> 
> 
> So I tried getting in contact with them again in an attempt to
> reduce the amount of abuse mails they send us. This time they
> replied :
> 
> -------------------------
> 
> Hello,
> 
> We make abuse notices not only for TOR exit node operators, we make
> it to their uplinks too. If we will stop to do it, it will lead
> for:
> 
> - TOR exit node operators will cease to think to solve this
> serious problem (with all due respect to noble purposes of TOR,
> like censorship resistance for Chinese dissidents etc., we see that
> a large part of of TOR traffic is malicious)
> 
> - TOR exit node uplinks will not notified about malicious activity
> in their networks
> 
> Also, if we'll except over 1000 IP's of Tor exit nodes from the
> security system, it will be spent too many resources. So we suggest
> to ignore abuse messages if you don't care about the safety of
> Internet.
> 
> -------------------------
> 
> 
> Tom
> 
> 
> 
> 
> _______________________________________________ tor-relays mailing
> list tor-relays at lists.torproject.org 
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQIcBAEBAgAGBQJUSnHiAAoJEE2uQiaesOsLmSIP/1374xBKCng09tWsaLNZ+HH5
Z0fSeBqFTTSTvAXtgrIaefs09mid9AH5iUKbGpfM3NSemRpeXjyt1/QWcYFC5HxI
2uFI1+s/7/DxwSDb5CdRMNscL2JN6VicQgL3Fy/wae1iadMLdCKM9kGw7DqGXyqM
6kMNv76tjgSueX2eBZLKAqw+SfyhCxRb5GHC5fDHKy/esN4yeuTd7ULB2x1Y2YtW
yzX5nJ4s7OUJLia3F1YrjYgtNuugZVZu7bO8IFQQHqKOkyNNleYva601yLBNo2UY
G5WaY0C8M9S31epsKdQ4UB/M7gJwYRICi+OHA46u0hlm1IMXsUwyXfEUIJSEbE/3
QsahnHEYikpIw39JDGV5jsZTjkMWyXpKqlhXLq2Y/YiUI67aAdndaktyXDyPSvCG
YrIVJ1Zrendk9v9LzqZK+uQ1f23Hb38Z4wQOpJFuHSv9AqCaYgq+mqYe+8Lx/Ajn
YDQkeM3MQQUwXkP75I1RLt61tsv9wqtu6DaOPzNawfEyLBqO8v3LQBTKy/1H+7Z8
zkuSfSsRrtLTFnBqUWrV96yMrsmRb2V5DKpda7/4Oh4oc+BFSz7w9NlUk/Txsw3M
mNzGY+n9X5effGl2JHvhi332BmCKrKdGbaluE73jGuLwBuIW3whZkTFqKUr/mqz/
bboMkO6q8jHDAo3k2Dnv
=P6bL
-----END PGP SIGNATURE-----


More information about the tor-relays mailing list