ok whatever chris said applies. no /24 block needed, our relay is down anyway (=runs on the clock w/ bandwidth meter). 

so, replied to hetzner that this is normal tor traffic , not malicious (no port scans, noone got "offended" by it), hetzner re-check passed, and statement accepted. 

seemed strange, cause it's the 1st time we got such an abuse report.. and we've been running this relay since 'tor challenge 2014' :) 

thanks all for your answers, hopefully we can go on without getting too many of these false-positive abuse reports.

ciao,

d.



Στις 15/10/25 12:32, ο/η Chris Enkidu-6 via tor-relays έγραψε:

You certainly did miss the important part. You may want to read it again.


On 10/15/2025 5:04 AM, R0cketCloud TOR Team wrote:
Chris, this is horrible advice. You're effectively promoting to become a bad node by knowingly and wilfully prohibiting circuits to certain exits.

Run this thought a bit further, eventually you will have banned all exits (and likely some middles too) and your node is effectively useless.

I sincerely hope I missed a /s somewhere here.

/r0cket



On Wednesday, October 15, 2025 08:05 UTC, Chris Enkidu-6 via tor-relays <tor-relays@lists.torproject.org> wrote:


I get them from time to time and the address always is for major Tor
operators who host numerous Tor servers on the whole block such as
64.65.1.0/24 , 64.65.62.0/24 , 96.9.98.0/24 , etc... These are not
related to the operators filing an abuse report. These are automatically
generated reports based on the behavior of your server and they are
generally wrong because their automated system is simply too sensitive
and comes up with a lot of false positive.

Simply block outgoing packets to the /24 block at the firewall level.
Then click on the link they sent you to retest. It will be automatically
tested and comes up clear. Then send them a message using the second
link and tell them you blocked it at the firewall level and they'll
close the ticket.

You can later remove the firewall rule and get on with you life. I've
given up arguing with them about how and why they're wrong. They even
once admitted that it was a false report and told me not to bother. In
fact I just got another abuse report for an IP that's already blocked at
the firewall level. They are telling me that my server is scanning port
74 of a range of IPs when outgoing port 74 is explicitly blocked on my
server and it simply can't go out.


On 10/15/2025 2:02 AM, Dimitris T. via tor-relays wrote:

Hey all,

got an abuse report today from Hetzner concerning one middle relay
we're running there. 

allegedly, our relay has been port scanning (port 443 only) some
members of
https://metrics.torproject.org/rs.html#search/family:7EAAC49A7840D33B62FA276429F3B03C92AA9327

(just from family relays in 96.9.98.0/24 range, all using ORPort 443)

anyone else got similar abuse reports? or someone here from this relay
family, that can clear things out with this isp?

thinking of replying to hetzner accordingly, let them know (with
metrics link), that these are tor relays with 443 port open/accepting
our middle relay connections, not port scans...

best,

d.


_______________________________________________
tor-relays mailing list -- tor-relays@lists.torproject.org
To unsubscribe send an email to tor-relays-leave@lists.torproject.org


_______________________________________________
tor-relays mailing list -- tor-relays@lists.torproject.org
To unsubscribe send an email to tor-relays-leave@lists.torproject.org