- tor-relays - lists.torproject.org

Preventing wp-admin related abuse report
by spiros_spiros＠freemail.gr 16 Sep '15

16 Sep '15

Greetings community, Over last eight weeks a Tor exit that I operate has attracted more and more abuse reports and the VPS data centre is starting to lose their patience with the amount of tickets they open for each incident. Almost all of the abuse reports are relate to attempts to access wordpress blogs by exploiting wp-admin or other scripts, and the servers are protected by bitninja, abusix, spamcop etc to automatically send abuse complaint. I am now receiving average of 2-3 per week. I have two questions. First question - is everyone getting this high amount of wordpress related attacks from exits? Second - are there recommended steps to take to reduce or prevent this kind of activity? Things I try so far: - run exit on reduced policy (obviously not going to have an impact on abuse traffic but did make the data centre people happy for a while) - full security check on VPS including tripwire, clamav, lastcomm etc to assure provider that the VPS is not compromised - Tor port on server has website running explaining that this is a Tor exit and linking to more information - I have offered to work with ISP to change WHOIS to my email address, but they do not seem keen on it (some blacklists that the server is added to will also block the /16 of the IP range) - Block offended host on the firewall (as a last resort) Thanks for any suggestions Spiros

7 9

Middle Relay has no traffic
by starlight.2015q3＠binnacle.cx 15 Sep '15

15 Sep '15

>My middle relay seems to have minimal traffic. >Is there something I need to do or is my damn >IPS (Comcast) blocking me. > >Node name is gmojo02 > >gm Possibly the Comcast gateway NAT is unable to deal with lots of connections andj/or it may be an older, slow model that can't handle much traffic. Or possibly your connection is just at the low end of the bandwidth spectrum. You can see all the Comcast relays ranked by traffic by going to https: // torstatus dot blutemagie dot de and at the bottom of the page selecting Advanced Search: hostname contains comcast Some options: 1) have a new gateway swapped in 2) upgrade to faster service 3) switch to a static IP (an option for business customers) and configure the relay on the static IP so it bypasses the Comcast device's NAT 4) switch to Verizon FiOS, which is 5x better than Comcast for the same money 5) make sure the system running the relay is reasonably fast, i.e. 1.8GHz or better and had a decent quality NIC; run speedtest_cli.py and it should match your ostensible Comcast bandwidth w/r/t (4) check out what happened to my relay after switching from 3up/18down Comcast to 75up/75down FiOS https://atlas.torproject.org/#details/4F0DB7E687FC7C0AE55C8F243DA8B0EB27FBF… (keeping in mind the relay is well tuned) You can see all the FiOS relays on Blutmagie with hostname contains comcast

4 5

Re: [tor-relays] Middle Relay has no traffic
by torrry＠Safe-mail.net 15 Sep '15

15 Sep '15

As starlight said, you are getting the appropriate amount of traffic according to the bandwidth authority measurements for your relay. Right now, the middle/entry nodes are relatively lightly utilized. This is a good thing, since it makes for a much better user experience. With high utilization, the web browsing experience deteriorates dramatically as network request latency goes up.

1 0

Middle Relay has no traffic
by starlight.2015q3＠binnacle.cx 14 Sep '15

14 Sep '15

[know I'm breaking the thread--sorry about that] >Starlight - I see your advertised BW is >7.26MB = 58.08 Mb with globe showing 2 >to 4 Mb traffic. Maybe I will up the >advertised BW on the relay and see if >that helps. That's not "advertised" bandwidth in the sense of something that can be adjusted by the operator. It's the relay self- measurement and is the fastest sustained speed the relay has observed in the last 24 hours. You can see this information in the 'state' file on the BW...Max lines. Verizon recently took down the connection here for 18 hours (central-office upgrade work for their new 100/100 promotion; they will not admit it and gave no warning --Verizon is not a perfect company either). Normally the self-measure peaks at around 80-90% or so of actual bandwidth and the 7256KB value is on the low side of it's range. Self-measure for GMOJO02 is 204KB or 1.6Mbits/second. The BWauths have the relay as: 2-gablemoo--w Bandwidth=204 Measured=33 5-moria1----w Bandwidth=204 Measured=59 3-maatuska--w Bandwidth=204 Measured=82 -- median 1-longclaw--w Bandwidth=204 Measured=131 4-Faravahar-w Bandwidth=204 Measured=185 I see this configured for GMOJO02: BandwidthBurst 307200 BandwidthRate 204800 The self-measure shows this relay is getting exactly what it should based on the settings. If you want more you must increase these values. This is what I ran with before the switch: BandwidthBurst 1200000 BandwidthRate 325000 Where the 325KB average-max is 85% of the 3MBit maximum capacity of the Comcast link (375KB) and is intended to prevent Comcast's aggressive and problematic traffic shaping from kicking in. The BWauth/Torflow system presently targets 25-35% available bandwidth utilization and the latter settings above will cause the relay to obtain something like the consensus 0.015934% value show by Globe for the relay here back just before the switch to FiOS, while the relay you have is presently at 0.000232%. Keep in mind the percentages fall steadily due to overall bandwidth of the Tor network increasing. The BWauth value for the relay here was something like 230k if I recall correctly.

1 0

Middle Relay has no traffic
by starlight.2015q3＠binnacle.cx 14 Sep '15

14 Sep '15

>My middle relay seems to have minimal traffic. >Is there something I need to do or is my damn >IPS (Comcast) blocking me. > >Node name is gmojo02 > >gm Possibly the Comcast gateway NAT is unable to deal with lots of connections andj/or it may be an older, slow model that can't handle much traffic. Or possibly your connection is just at the low end of the bandwidth spectrum. You can see all the Comcast relays ranked by traffic by going to https: // torstatus dot blutemagie dot de and at the bottom of the page selecting Advanced Search: hostname contains comcast Some options: 1) have a new gateway swapped in 2) upgrade to faster service 3) switch to a static IP (an option for business customers) and configure the relay on the static IP so it bypasses the Comcast device's NAT 4) switch to Verizon FiOS, which is 5x better than Comcast for the same money 5) make sure the system running the relay is reasonably fast, i.e. 1.8GHz or better and had a decent quality NIC; run speedtest_cli.py and it should match your ostensible Comcast bandwidth w/r/t (4) check out what happened to my relay after switching from 3up/18down Comcast to 75up/75down FiOS https://atlas.torproject.org/#details/4F0DB7E687FC7C0AE55C8F243DA8B0EB27FBF… (keeping in mind the relay is well tuned) You can see all the FiOS relays on Blutmagie with hostname contains comcast

1 0

Middle Relay has no traffic
by Greg Moss 14 Sep '15

14 Sep '15

My middle relay seems to have minimal traffic. Is there something I need to do or is my damn IPS (Comcast) blocking me. Node name is gmojo02 gm

3 4

Experience hosting exit relay with Costa Rica Servers: crservers.com
by Patrick O'Doherty 13 Sep '15

13 Sep '15

hey all, I'm looking to host an exit relay in a country with a low node count. I came across crservers.com[0] via exotic VPS, and am considering using them to host a small exit node to start out. A quick glance at their ToS for VPS services[1] indidicates that their policies are pretty strict, but figured it'd be worth asking the list to see if anyone had personal experience with them before I rule them out. I've also contacted them about this. cheers, p [0] - https://crservers.com [1] - https://www.crservers.com/downloads/SHARED-SERVER-CONTRACT.pdf

6 7

My VPS hoster (Zappie Host) understood!
by Billy Humphreys 12 Sep '15

12 Sep '15

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi all, When I asked my reverse DNS to be added for my Tor exit relay, they said that Tor nodes were disallowed due to the ToS, but didn't stop me. I messaged back a few times (in normal UK time, 3AM over there) and I got this reply: 'Hey there Thank you firstly of understanding our position that in almost most cases the end user that runs the tor exit does without a care in the world leaving the provider fully liable for all the crap that comes with it. In our ToS we state "any tor nodes" simply to cover our asses as its (for the most part) not worth the hassle and misunderstanding later down the track. Yes a relay node is fine. feel free to continue with that. If you want to continue with an exit node what I will do is edit the WHOIS details and put in for that specific IP that you are the operated the IP address as a Tor Exit node. (SWIP the IP) Please let me know if this is something you are interested in this plan or just settle for a relay node as is. Regards and thank you for understanding Adam' If you sign up and are wishing to run a Tor exit relay, PLEASE contact them to set it all up for you so that you will be classified as a Tor relay :P -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJV7kYBAAoJEHukJMVt72wmo84QAJSIrI70ca1xSEHmA7Am4k8E p9UhuqSfFftE0/5F631QeJJkdgw6y47ps+et9jUPjxv5i8omTWtCamI9qf0h1TcY 4ySOoxyLaRfEuz00hAKrDJZXSfHoJoF9mCIPcQpNPZ2NwZ4ZbXiOv40k5Rlpyu4M OGRV//RTunwbqIooCnaCOeNljhEGit57hWmDoGu5wNUsWIFXGWCd6On1xlSkRq2b jUKltQY96/nxNPWv12BlpOmKszXAWC0AwzfLsLUXBY8Mal0xgRgXxCBQhQ4HiBgX le/4oX9MxiL6+TN6GW4KM3yf7jIryJMDBWhfm/rjc92deXW7FVDxJdJjBGkZoX0S QC8ALSnqAysLj93wylaR59onco8jXIYDZNfOjZSuCB9v/zIqbCXWrovKexqa3xbU SCLCj0bDT+5KIrFbkI5+XBtNR114g1p6oeDmaRb5dl8OQOJh+l15x4dAxJTb4hTF zvJGfnFvwQcBCEXZq6u4sSItUjDQQ5Jsc1yWexDcHta/8PoYKSy9iZWrOM9Wo7ny Ka1jrdc+rhVpFyy73ntqFhYZxPOcJSabazBXbiOgIQlZKQPOjl99kW8g/0zCrZXX mXDED+fkb/tL7BwGl0xTV8NOKt5qPo7U9Xf8POy9X3L7Rrxpvw32zpTq1+ZS/vmc +KBRsFMQmtApo1RdmlAx =O3ur -----END PGP SIGNATURE-----

2 1

First Tech CU apparently blocking all Tor nodes
by Tor Relay ＠ WeFu.Org 12 Sep '15

12 Sep '15

It appears that First Tech Federal Credit Union is blocking all Tor nodes (including non-exit nodes) from connecting to their website, http://www.firsttechfed.com This seems ... misguided on their part. Blocking exit nodes is one thing, but preventing random people who happen to run a Tor middle node from seeing anything on their website is rather over the top. They do not appear to be listed on https://trac.torproject.org/projects/tor/wiki/org/doc/ListOfServicesBlockin… yet. If other people also observe the blocking, they should probably be added. I wanted to check with the list to make sure it is not just me, and get suggestions about the best way to approach First Tech and encourage them to re-consider this overly broad blocking.

2 1

criteria for why a relay is expected to be unmeasured
by nusenu 12 Sep '15

12 Sep '15

Hi, the tor network is currently doing quite well when it comes to the amount of unmeasured relays. I'd like to filter unmeasured relays for unexpectantly unmeasured relays only. Currently I have three criteria for why a relay is expected to be unmeasured: - relay is a directory authority - relay joined the network within the last three days - last_restarted is within the last three days (this is a strong simplification of "we assume this relay did not run enough to be measured within the last three days") At 2015-09-12 07:00:00 there were 116 unmeasured relays if we filter for unexpectantly unmeasured relays we are down to 12 unexpected unmeasured relays: +---------------------+---------------------+----------+ | first_seen | last_restarted | FP | +---------------------+---------------------+----------+ | 2014-04-08 19:00:00 | 2015-08-24 12:29:07 | 9BE65BAE | | 2014-04-16 20:00:00 | 2015-09-04 19:57:50 | 74BA3700 | | 2014-04-18 10:00:00 | 2015-08-27 17:14:42 | B34B40B3 | | 2014-05-14 14:00:00 | 2015-09-06 16:09:50 | 853D1645 | | 2014-05-29 13:00:00 | 2015-07-18 10:04:53 | D14A197E | | 2014-06-20 07:00:00 | 2015-09-07 06:15:49 | E96D712D | | 2014-09-26 11:00:00 | 2015-03-24 13:31:21 | B8D2E17F | | 2014-12-20 14:00:00 | 2015-08-04 22:07:28 | 1A397290 | | 2015-03-15 01:00:00 | 2015-09-07 10:53:21 | 9143307A | | 2015-04-23 03:00:00 | 2015-07-07 09:11:21 | 00F2D93E | | 2015-04-26 09:00:00 | 2015-07-19 20:41:26 | F2ED5032 | | 2015-08-21 06:00:00 | 2015-08-24 20:36:03 | 38B63BB8 | +---------------------+---------------------+----------+ If you have an opinion on why any of these relays are unmeasured for a specific reason please let me know so I can add that criteria to my list. thanks

1 0