<p dir="ltr">I don't know what I'm doing different, because I only got 2 complaints in the last 2 months, and that was for SSH and SQL stuff. </p>
<div class="gmail_extra"><br><div class="gmail_quote">On Oct 4, 2016 11:01 AM, "pa011" <<a href="mailto:pa011@web.de">pa011@web.de</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Me too Markus -could fill a folder with that tax issue :-((<br>
Costing a lot of time to answer and restrict the IPs<br>
<br>
Plus my ISP moaning with good reason: "It's not just about you, but you're giving a bad reputation to one /21 and one /22 subnet. That's ~ 3000 IPs which are potentionaly endagered to be marked as source of malicious content / blacklisted / whatever ... so you see, this is quite critical for us."<br>
<br>
Am 04.10.2016 um 17:48 schrieb Markus Koch:<br>
> same shit here:<br>
><br>
> Dear User,<br>
> We are contacting you because of unusual activity coming from your IP<br>
> address towards the IT infrastructure of the European Commission.<br>
> In specific, since 03/10/2016, IP addresses 95.85.45.159 &<br>
> 104.236.225.19 of Digital Ocean, located in the Netherlands (NL) and<br>
> the USA respectively, have submitted a significantly large number of<br>
> invalid VAT number requests as compared to the total number of<br>
> requests (89,59% & 89,96% respectively) towards VAT numbers from a<br>
> multiple of EU member States (MS) through the VIES on the Web service<br>
> (<a href="http://ec.europa.eu/taxation_customs/vies/" rel="noreferrer" target="_blank">http://ec.europa.eu/taxation_<wbr>customs/vies/</a>). For more information on<br>
> Invalid VAT number requests please refer to FAQ, questions 7, 11, 12,<br>
> 13 and 20 of the VIES on the WEB site<br>
> (<a href="http://ec.europa.eu/taxation_customs/vies/faq.html" rel="noreferrer" target="_blank">http://ec.europa.eu/taxation_<wbr>customs/vies/faq.html</a>).<br>
> The scope of our team is to monitor on a daily basis the performance<br>
> of the VIES-on-the-Web (VoW) service in order to ensure its<br>
> performance in accordance with the standards agreed upon between EU's<br>
> Directorate General for Taxation and Customs Union (DG TAXUD) and the<br>
> EU Member States.<br>
> Our objective is to secure constant and uninterrupted availability and<br>
> flow of traffic (requests for VAT validation) at all times.<br>
> Under this framework, our team intervenes whenever there is out of the<br>
> ordinary, unusual and potentially suspicious use of the system that<br>
> violates the rules of use as they are stated in the Specific<br>
> disclaimer for this service, which is available at the VoW site<br>
> (<a href="http://ec.europa.eu/taxation_customs/vies/disclaimer.html" rel="noreferrer" target="_blank">http://ec.europa.eu/taxation_<wbr>customs/vies/disclaimer.html</a>).<br>
> Consequently, in order to allow flawless use of the service, we were<br>
> obliged to block the access to VIES on the Web for the IP address<br>
> 88.198.110.130.<br>
> Following our action, we would like to know if you are aware of this<br>
> situation. Furthermore, your cooperation and contribution is necessary<br>
> in order to determine the reason for this occurrence.<br>
> Please inform us if this behaviour is normal and if such, how often it<br>
> should occur; we would then take action to unblock the traffic coming<br>
> from the corresponding IP address assuming you will agree to follow a<br>
> set ITSM VIES/Web Team<br>
> "ITSM2 is a contracted support partner for the IT Service Management<br>
> of the European Commission.<br>
> This e-mail is a reply to your message sent to the<br>
> <a href="mailto:TAXUD-VIESWEB@ec.europa.eu">TAXUD-VIESWEB@ec.europa.eu</a><<wbr>mailto:<a href="mailto:TAXUD-VIESWEB@ec.europa.eu">TAXUD-VIESWEB@ec.<wbr>europa.eu</a>> e-mail.<br>
> Answers provided by the contactor are on behalf and according to<br>
> policy guidelines of DG TAXUD, but not binding for the European<br>
> Commission."<br>
><br>
> I am so done with it, I added<br>
><br>
> ExitPolicy reject 147.67.136.103 # TAX SPAM<br>
> ExitPolicy reject 147.67.136.21 # TAX SPAM<br>
> ExitPolicy reject 147.67.119.103 # TAX SPAM<br>
> ExitPolicy reject 147.67.119.3 # TAX SPAM<br>
> ExitPolicy reject 147.67.136.3 # TAX SPAM<br>
> ExitPolicy reject 147.67.119.21 # TAX SPAM<br>
><br>
> Thats going on for months now and by all means, this is not free speech ...<br>
><br>
> Markus.<br>
><br>
><br>
><br>
> 2016-10-04 17:42 GMT+02:00 pa011 <<a href="mailto:pa011@web.de">pa011@web.de</a>>:<br>
>> Am 04.10.2016 um 16:48 schrieb krishna e bera:<br>
>>> On 04/10/16 08:48 AM, pa011 wrote:<br>
>>>> One of my main ISP is going mad with the number of abuses he gets from my Exits (currently most on port 80).<br>
>>>> He asks me to install "Intrusion Prevention System Software" or shutting down the servers.<br>
>>><br>
>>> You can first ask him for a copy of the complaints in order to<br>
>>> understand what sort of alleged abuses are taking place. Are the<br>
>>> complaints about spam or scraping or web server exploits or something else?<br>
>><br>
>> I do get a copy of every complaint - they are unfortunately:<br>
>><br>
>> - Http browser intrucion - /var/log/apache2/other_vhosts_<wbr>access.log:<a href="http://soldierx.com:80" rel="noreferrer" target="_blank">soldierx.com:80</a> xxx.xxx.xxx.xxx - - [30/Sep/2016:11:14:34 -0400] "HEAD / HTTP/1.0" 302 192 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/<a href="http://2.0.0.12" rel="noreferrer" target="_blank">2.0.0.12</a><wbr>"<br>
>><br>
>> - invalid VAT number requests<br>
>><br>
>> -recorded connection attempt(s) from your hosts to our honeypots<br>
>><br>
>> - Issue: Source has attempted the following botnet activity: Semalt Referrer Spam Tor Exit Bot<br>
>><br>
>> - botnet drone|Description: Ramnit botnet victim connection to sinkhole details,<br>
>><br>
>> - attackers used the method/service: *imap*<br>
>><br>
>>> You can change your exit policy to reduce likelihood of complaints:<br>
>>> <a href="https://blog.torproject.org/blog/tips-running-exit-node" rel="noreferrer" target="_blank">https://blog.torproject.org/<wbr>blog/tips-running-exit-node</a><br>
>><br>
>> I know, but I hardly like to block port 80<br>
>><br>
>>>> As far as I understand implementing such a software is not going together with Tor - am I right?<br>
>>><br>
>>> If your exit nodes tamper with traffic in any way they will be labelled<br>
>>> as Bad Exit. (Tor tries to be net neutral.)<br>
>>> <a href="https://trac.torproject.org/projects/tor/wiki/doc/badRelays" rel="noreferrer" target="_blank">https://trac.torproject.org/<wbr>projects/tor/wiki/doc/<wbr>badRelays</a><br>
>>><br>
>>><br>
>>> ______________________________<wbr>_________________<br>
>>> tor-relays mailing list<br>
>>> <a href="mailto:tor-relays@lists.torproject.org">tor-relays@lists.torproject.<wbr>org</a><br>
>>> <a href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays" rel="noreferrer" target="_blank">https://lists.torproject.org/<wbr>cgi-bin/mailman/listinfo/tor-<wbr>relays</a><br>
>>><br>
>> ______________________________<wbr>_________________<br>
>> tor-relays mailing list<br>
>> <a href="mailto:tor-relays@lists.torproject.org">tor-relays@lists.torproject.<wbr>org</a><br>
>> <a href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays" rel="noreferrer" target="_blank">https://lists.torproject.org/<wbr>cgi-bin/mailman/listinfo/tor-<wbr>relays</a><br>
> ______________________________<wbr>_________________<br>
> tor-relays mailing list<br>
> <a href="mailto:tor-relays@lists.torproject.org">tor-relays@lists.torproject.<wbr>org</a><br>
> <a href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays" rel="noreferrer" target="_blank">https://lists.torproject.org/<wbr>cgi-bin/mailman/listinfo/tor-<wbr>relays</a><br>
><br>
______________________________<wbr>_________________<br>
tor-relays mailing list<br>
<a href="mailto:tor-relays@lists.torproject.org">tor-relays@lists.torproject.<wbr>org</a><br>
<a href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays" rel="noreferrer" target="_blank">https://lists.torproject.org/<wbr>cgi-bin/mailman/listinfo/tor-<wbr>relays</a><br>
</blockquote></div></div>