Hello,
I have been running Exit Relay for the last three months on VPS by czech company WEDOS. Even though I reduced exit policy ( https://atlas.torproject.org/#details/F12AFDB3FEC184E76944579579F762F1142C7E... ) there were two "attacks" from this relay accompanied by abuse reports.
1) Jan 15 02:46:21 65.20.0.47 pop3: Failed password from 31.31.78.141 2) Dear Administrator, The CSIRT.CZ Intrusion Detection System has recorded connection attempt(s)from your hosts to our honeypots. This may indicate a security risk for your network and for the whole Internet. Would you please investigate this and/or inform all parties responsible that the following system(s)may be compromised?
Both times I quickly replied with explanation it is Tor relay and offering further steps to do in case it is not going to stop.
Today, few weeks from last incident, they just pulled out ethernet cable from my VPS and I am not sure what to do. I would like to contribute to the Tor network with this Exit and not just as a middle relay.
Thanks for any suggestions, dope457
Hi,
Thanks for going through the trouble of running an exit relay!
On 03/04/2014 08:49 AM, dope457 wrote:
Today, few weeks from last incident, they just pulled out ethernet cable from my VPS and I am not sure what to do.
Looks like this ISP is not suitable for Tor exit relays. Please add it to the https://trac.torproject.org/projects/tor/wiki/doc/GoodBadISPs page, and find a better one. I'm afraid there's not much else you can do. Make sure to inform the ISP beforehand about the risks, be fast and polite in answering abuse complaints, and as long as the ISP doesn't know you well enough make sure the ISP of all places understands how you handled the complaint and why. For example, for the POP3 case, you could have offered to block POP3 altogether.
In case you haven't seen it already, this is a must-read for exit operators: https://trac.torproject.org/projects/tor/wiki/doc/TorExitGuidelines
Thanks for the reply.
Well, the bad thing is the ISP is already listed there as good one with no problem with exits. I also asked them about Tor before I even started and they acted cool...
Best, dope457
Hi,
Thanks for going through the trouble of running an exit relay!
On 03/04/2014 08:49 AM, dope457 wrote:
Today, few weeks from last incident, they just pulled out ethernet cable from my VPS and I am not sure what to do.
Looks like this ISP is not suitable for Tor exit relays. Please add it to the https://trac.torproject.org/projects/tor/wiki/doc/GoodBadISPs page, and find a better one. I'm afraid there's not much else you can do. Make sure to inform the ISP beforehand about the risks, be fast and polite in answering abuse complaints, and as long as the ISP doesn't know you well enough make sure the ISP of all places understands how you handled the complaint and why. For example, for the POP3 case, you could have offered to block POP3 altogether.
In case you haven't seen it already, this is a must-read for exit operators: https://trac.torproject.org/projects/tor/wiki/doc/TorExitGuidelines
-- Moritz Bartl https://www.torservers.net/ _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays@lists.torproject.org
-
dope457 -
Moritz Bartl