This Benjamin Hodgetts is really on a tear. I got the same complaint from 2 different ISPs today.
On 08/07/2013 04:00 PM, Kris wrote:
I've been an end user of tor for a few years and finally as of last week purchased a virtualhost to run an exit relay.
After a few days running smoothly, I received a forwarded abuse complaint from the hosting company from someone saying their are being DDOS'd by my IP.
I'm prepared per the tor website regarding DMCA notifications, but haven't found much on how to deal with this situation. I have:
- made it quite obvious that this is an exit node
- reverse dns is tor-exit-node.nenticom.net
- web server running on 8080/80 with the tor notification page
- provide full real name and abuse@nenticom.net contact
- notified the hosting company
- applied the recommended exit policy per the "minimum harassment" post
You can see most of this off Atlas (node: nenticom). https://atlas.torproject.org/#details/50D04704A5017C02CC63AFE4A66F05DF79ED81...
Can anyone provide a recommendation of how to respond to this notice (provided below)? Given the headers the original complainer filed it looks like someone is running benchmark software over tor.
Maybe after explaining that I'm a tor exit node to the provider I can offer to block exiting to the IP block belonging to the original complainer?
Notice from Hosting Provider
Please review the following abuse complaint and provide us with a resolution:
Hello,
Over the last three days we have experienced a massive amounts of incoming HTTP connections from an IP address under your control as part of a DDOS attack.
Can you please investigate the server/computer associated with this IP address as it is more than likely compromised and is now part of a BotNet.
For your reference, all requests to our server from the IP in question are listed in the Apache logs as: "GET / HTTP/1.0" 500 11680 "-" "ApacheBench/2.3"
The attackers IP address that appears to belong to you or your network is '192.241.230.170'. Please resolve this as soon as possible.