Yes its ISP - plus 10 times more fire-power both, Markus and me which is 10 times more work, sadly :-(
Am 04.10.2016 um 18:12 schrieb Markus Koch:
Short answer: ISP
I got 2 abuse mails (1 false positive) from Hostwinds in 4 months and I get weekly mass reports from DigitalOcean. And the thing that pisses me off is: Its all bots or Tax spam or other stuff I got weeks/months ago. Different day, same shitty abuse mail.
Markus
2016-10-04 18:03 GMT+02:00 Tristan supersluether@gmail.com:
I don't know what I'm doing different, because I only got 2 complaints in the last 2 months, and that was for SSH and SQL stuff.
On Oct 4, 2016 11:01 AM, "pa011" pa011@web.de wrote:
Me too Markus -could fill a folder with that tax issue :-(( Costing a lot of time to answer and restrict the IPs
Plus my ISP moaning with good reason: "It's not just about you, but you're giving a bad reputation to one /21 and one /22 subnet. That's ~ 3000 IPs which are potentionaly endagered to be marked as source of malicious content / blacklisted / whatever ... so you see, this is quite critical for us."
Am 04.10.2016 um 17:48 schrieb Markus Koch:
same shit here:
Dear User, We are contacting you because of unusual activity coming from your IP address towards the IT infrastructure of the European Commission. In specific, since 03/10/2016, IP addresses 95.85.45.159 & 104.236.225.19 of Digital Ocean, located in the Netherlands (NL) and the USA respectively, have submitted a significantly large number of invalid VAT number requests as compared to the total number of requests (89,59% & 89,96% respectively) towards VAT numbers from a multiple of EU member States (MS) through the VIES on the Web service (http://ec.europa.eu/taxation_customs/vies/). For more information on Invalid VAT number requests please refer to FAQ, questions 7, 11, 12, 13 and 20 of the VIES on the WEB site (http://ec.europa.eu/taxation_customs/vies/faq.html). The scope of our team is to monitor on a daily basis the performance of the VIES-on-the-Web (VoW) service in order to ensure its performance in accordance with the standards agreed upon between EU's Directorate General for Taxation and Customs Union (DG TAXUD) and the EU Member States. Our objective is to secure constant and uninterrupted availability and flow of traffic (requests for VAT validation) at all times. Under this framework, our team intervenes whenever there is out of the ordinary, unusual and potentially suspicious use of the system that violates the rules of use as they are stated in the Specific disclaimer for this service, which is available at the VoW site (http://ec.europa.eu/taxation_customs/vies/disclaimer.html). Consequently, in order to allow flawless use of the service, we were obliged to block the access to VIES on the Web for the IP address 88.198.110.130. Following our action, we would like to know if you are aware of this situation. Furthermore, your cooperation and contribution is necessary in order to determine the reason for this occurrence. Please inform us if this behaviour is normal and if such, how often it should occur; we would then take action to unblock the traffic coming from the corresponding IP address assuming you will agree to follow a set ITSM VIES/Web Team "ITSM2 is a contracted support partner for the IT Service Management of the European Commission. This e-mail is a reply to your message sent to the TAXUD-VIESWEB@ec.europa.eumailto:TAXUD-VIESWEB@ec.europa.eu e-mail. Answers provided by the contactor are on behalf and according to policy guidelines of DG TAXUD, but not binding for the European Commission."
I am so done with it, I added
ExitPolicy reject 147.67.136.103 # TAX SPAM ExitPolicy reject 147.67.136.21 # TAX SPAM ExitPolicy reject 147.67.119.103 # TAX SPAM ExitPolicy reject 147.67.119.3 # TAX SPAM ExitPolicy reject 147.67.136.3 # TAX SPAM ExitPolicy reject 147.67.119.21 # TAX SPAM
Thats going on for months now and by all means, this is not free speech ...
Markus.
2016-10-04 17:42 GMT+02:00 pa011 pa011@web.de:
Am 04.10.2016 um 16:48 schrieb krishna e bera:
On 04/10/16 08:48 AM, pa011 wrote: > One of my main ISP is going mad with the number of abuses he gets > from my Exits (currently most on port 80). > He asks me to install "Intrusion Prevention System Software" or > shutting down the servers.
You can first ask him for a copy of the complaints in order to understand what sort of alleged abuses are taking place. Are the complaints about spam or scraping or web server exploits or something else?
I do get a copy of every complaint - they are unfortunately:
- Http browser intrucion -
/var/log/apache2/other_vhosts_access.log:soldierx.com:80 xxx.xxx.xxx.xxx - - [30/Sep/2016:11:14:34 -0400] "HEAD / HTTP/1.0" 302 192 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12"
- invalid VAT number requests
-recorded connection attempt(s) from your hosts to our honeypots
- Issue: Source has attempted the following botnet activity: Semalt
Referrer Spam Tor Exit Bot
- botnet drone|Description: Ramnit botnet victim connection to sinkhole
details,
- attackers used the method/service: *imap*
You can change your exit policy to reduce likelihood of complaints: https://blog.torproject.org/blog/tips-running-exit-node
I know, but I hardly like to block port 80
> As far as I understand implementing such a software is not going > together with Tor - am I right?
If your exit nodes tamper with traffic in any way they will be labelled as Bad Exit. (Tor tries to be net neutral.) https://trac.torproject.org/projects/tor/wiki/doc/badRelays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays