Am 04.10.2016 um 16:48 schrieb krishna e bera:
On 04/10/16 08:48 AM, pa011 wrote:
One of my main ISP is going mad with the number of abuses he gets from my Exits (currently most on port 80). He asks me to install "Intrusion Prevention System Software" or shutting down the servers.
You can first ask him for a copy of the complaints in order to understand what sort of alleged abuses are taking place. Are the complaints about spam or scraping or web server exploits or something else?
I do get a copy of every complaint - they are unfortunately:
- Http browser intrucion - /var/log/apache2/other_vhosts_access.log:soldierx.com:80 xxx.xxx.xxx.xxx - - [30/Sep/2016:11:14:34 -0400] "HEAD / HTTP/1.0" 302 192 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12"
- invalid VAT number requests
-recorded connection attempt(s) from your hosts to our honeypots
- Issue: Source has attempted the following botnet activity: Semalt Referrer Spam Tor Exit Bot
- botnet drone|Description: Ramnit botnet victim connection to sinkhole details,
- attackers used the method/service: *imap*
You can change your exit policy to reduce likelihood of complaints: https://blog.torproject.org/blog/tips-running-exit-node
I know, but I hardly like to block port 80
As far as I understand implementing such a software is not going together with Tor - am I right?
If your exit nodes tamper with traffic in any way they will be labelled as Bad Exit. (Tor tries to be net neutral.) https://trac.torproject.org/projects/tor/wiki/doc/badRelays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays