Robert,
There is some good advice for exit relay operators on the Tor website that might be helpful. Included are templates you can use for responding to abuse complaints received by your ISP.
https://trac.torproject.org/projects/tor/wiki//doc/TorExitGuidelines
https://blog.torproject.org/running-exit-node
https://trac.torproject.org/projects/tor/wiki/doc/TorAbuseTemplates
Mike,
Yes but the goal is to have more relays, exits and bridges and if commercial server operators are very low on spine we have to keep them onside carefully.
I have just been kicked of another one after paying a year in advance. If we have no authoritative retort when they raise the first 'abuse' most of them take the lazy course and bar Tor.\ When I have said the restricted port list can be added and it has proved to be successful some have given me another chance. If SSH is open and their server is being used to attack others of course they will react defensively. So any advice to be proactive and increase the chance of one part of the Tor system surviving is advice I want to hear.
Robert
For what it's worth, after complaints from campus IT we also wound up blocking SSH in the CMU Tor exit's policy. It's a shame we can't help people do sysadmin stuff and whatnot anonymously, but the port scans do seem to happen quite often.
zw
The silly thing is that port scans happen hundreds of times per day to every internet-connected device, and Tor isn't involved in the vast majority of it. Not a single server on the 'net is made more secure by an exit node blocking a port. Will they request that port 80 be blocked because of the SQL injection and Wordpress vulnerability scans? Or that IMAP and FTP ports be blocked for attempts to brute force logins? Any open port has the potential for abuse -- blocking ports doesn't seem like a very well thought-out response to the issue.
The time people spend complaining to exit node operators would be much better spent performing any number of simple changes that would /actually/ improve security for the server(s). I think if a server is so threatened by a port scan that it invokes a human response, that server probably shouldn't be online.
/rant
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays