AWS abuse handling
Hi All, I have a *free* membership for a year on Amazon's AWS (*capped* at 15GB/month of traffic each way). I've been running an exit node with a reduced exit policy on an ec2 instance for months and have received my first abuse notice. I'm sure a few on this mailing list may have received the same or similar abuse notification from Amazon. Besides shutting down the exit, what measures did you take to deal with this? What would be the consequences of ignoring their email and continuing to run it? Note: I'm a student and am running on a really tight budget at the moment (reason for not hosting it on a paid vps) Any suggestion(s)/help is appreciated :) Best, Snehan ----------------------------------------------- The contents of the Abuse notice: Hello, We've received a report(s) that your EC2 instance(s) Instance Id: IP Address: has been has been operating as a TOR Exit node. Operating a TOR Exit node is forbidden in the AWS Acceptable Use Policy (hxxps://aws.amazon.com/aup/). We've included the original report below for your review. Please take action to stop the reported activity and reply directly to this email with details of the corrective actions you have taken. If you do not consider the activity described in these reports to be abusive, please reply to this email with details of your use case. If you're unaware of this activity, it's possible that your environment has been compromised by an external attacker, or a vulnerability is allowing your machine to be used in a way that it was not intended. We are unable to assist you with troubleshooting or technical inquiries. However, for guidance on securing your instance, we recommend reviewing the following resources: * Amazon EC2 Security Groups User Guide: hxxps://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html (Linux) hxxps://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/using-network-security.html (Windows) * Tips for Securing EC2 Instances: hxxps://aws.amazon.com/articles/1233 (Linux) hxxps://aws.amazon.com/articles/1767 (Windows) * AWS Security Best Practices: hxxp://media.amazonwebservices.com/AWS_Security_Best_Practices.pdf If you require further assistance with this matter, you can take advantage of our developer forums: hxxps://forums.aws.amazon.com/index.jspa Or, if you are subscribed to a Premium Support package, you may reach out for one-on-one assistance here: hxxps://console.aws.amazon.com/support/home#/case/create?issueType=technical Please remember that you are responsible for ensuring that your instances and all applications are properly secured. If you require any further information to assist you in identifying or rectifying this issue, please let us know in a direct reply to this message. Regards, AWS Abuse " ---------------------------------------------------------------------------
That's not an abuse notification, that's an AUP notification, meaning that AWS does not allow operating a tor exit node in their datacenter. You could always configure it as a relay (disallowing exit) if you still want to contribute your "free" resource credits, assuming that non-exit nodes are allowed in Amazon's AUP (I have heard that they are). Jacob On July 27, 2016 at 1:24:53 PM, Snehan Kekre (snehan@minerva.kgi.edu) wrote: Hi All, I have a *free* membership for a year on Amazon's AWS (*capped* at 15GB/month of traffic each way). I've been running an exit node with a reduced exit policy on an ec2 instance for months and have received my first abuse notice. I'm sure a few on this mailing list may have received the same or similar abuse notification from Amazon. Besides shutting down the exit, what measures did you take to deal with this? What would be the consequences of ignoring their email and continuing to run it? Note: I'm a student and am running on a really tight budget at the moment (reason for not hosting it on a paid vps) Any suggestion(s)/help is appreciated :) Best, Snehan ----------------------------------------------- The contents of the Abuse notice: Hello, We've received a report(s) that your EC2 instance(s) Instance Id: IP Address: has been has been operating as a TOR Exit node. Operating a TOR Exit node is forbidden in the AWS Acceptable Use Policy (hxxps://aws.amazon.com/aup/). We've included the original report below for your review. Please take action to stop the reported activity and reply directly to this email with details of the corrective actions you have taken. If you do not consider the activity described in these reports to be abusive, please reply to this email with details of your use case. If you're unaware of this activity, it's possible that your environment has been compromised by an external attacker, or a vulnerability is allowing your machine to be used in a way that it was not intended. We are unable to assist you with troubleshooting or technical inquiries. However, for guidance on securing your instance, we recommend reviewing the following resources: * Amazon EC2 Security Groups User Guide: hxxps://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html (Linux) hxxps://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/using-network-security.html (Windows) * Tips for Securing EC2 Instances: hxxps://aws.amazon.com/articles/1233 (Linux) hxxps://aws.amazon.com/articles/1767 (Windows) * AWS Security Best Practices: hxxp://media.amazonwebservices.com/AWS_Security_Best_Practices.pdf If you require further assistance with this matter, you can take advantage of our developer forums: hxxps://forums.aws.amazon.com/index.jspa Or, if you are subscribed to a Premium Support package, you may reach out for one-on-one assistance here: hxxps://console.aws.amazon.com/support/home#/case/create?issueType=technical Please remember that you are responsible for ensuring that your instances and all applications are properly secured. If you require any further information to assist you in identifying or rectifying this issue, please let us know in a direct reply to this message. Regards, AWS Abuse " --------------------------------------------------------------------------- _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 07/27/2016 08:24 PM, Snehan Kekre wrote:
(/capped/ at 15GB/month of traffic each way). seems to be just 5 KB/sec, or ?
- -- Toralf PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iF4EAREIAAYFAleY/sUACgkQxOrN3gB26U62LwD+O9WPeZfBt3Ef4EGexfTGlODD JCC+Qm+73q3YNNqlLY8BAI2ZRTETEAH6iSjM5yNQjNT1mIWh2OgIFBxqmRCUhxX5 =gFUb -----END PGP SIGNATURE-----
On 07/27/2016 11:04 PM, Toralf Förster wrote:
(/capped/ at 15GB/month of traffic each way). seems to be just 5 KB/sec, or ?
I've set RelayBandwidthRate to 300 KB and RelayBandwidthBurst to 400 KB. It hibernates after it's exhausted the cap. On Wed, Jul 27, 2016 at 11:34 AM, Toralf Förster <toralf.foerster@gmx.de> wrote:
-- Best,
On Wed, 27 Jul 2016 21:07:39 +0200 Markus Koch <niftybunny@googlemail.com> wrote:
Okay, I knew I am not a normal person with over a petabyte a months across all my servers but seriously what service can you run on a vps with 15 gigz a month?
Well for example you could run some IRC or IM related service, or something else where you don't transfer a lot of stuff from/to the VPS in general. However my chief concern with the AWS would be that they don't turn off your VPS as soon as you exceed the 15GB, they start *charging* you for the bandwidth overage, at pretty exorbitant rates, and then bill directly from your credit card (which they require that you leave with them when signing up for this). Also I believe there are some limits on the amount of disk access, with the same billing policy. Basically the "free" AWS is a minefield, one mistake and you can find yourself paying ridiculous amounts for it. As for being "on a tight budget", you cannot afford one euro a month[1], two euros a month[2], 15 USD per year[3], really? Not to mention getting 500GB to 2 TB bandwidth on those, not 15GB. The free AWS is the most widespread mistake in choosing "your first VPS" for just about any purpose (and as mentioned can be a dangerous one); probably because people are generally unaware how cheap the actual proper VPSes can be. [1] https://www.arubacloud.com/ [2] https://www.ultravps.eu/en/plans/ [3] http://ramnode.com/vps.php -- With respect, Roman
On Thu, 28 Jul 2016 08:09:12 +0100 "Louie Cardone-Noott" <lcn@fastmail.net> wrote:
That's correct, however I don't have any unmetered offers to recommend, which would be as cheap as those mentioned, and at the same time would not be at OVH or DigitalOcean (which, as recent discussions show, have "too many" relays already). -- With respect, Roman
I hope you are not wasting money for 2TB/month non-exit relay VPSes if you can get unmetered for 3.33 Euro / months doing ~40MBit/s in each direction. http://www.seflow.net/2/index.php/en/services/flexcloud/flexpricing munin graphs of a seflow relay: http://oi67.tinypic.com/2vd66on.jpg
On July 28, 2016 at 2:48 PM Markus Koch <niftybunny@googlemail.com> wrote:
exit allowed?
no, that is why I put "non-exit" in the subject of my email. https://trac.torproject.org/projects/tor/wiki/doc/GoodBadISPs#Italy1 And yes, their support is poor, but as long as your servers run you won't need them. Another hoster with great bw/cost efficiency (non-exit!) https://itldc.com/en/vds/
There is also https://dataclub.biz <-- exit + bitcoin payment NL/SW/LV servers On July 28, 2016 3:41:04 PM GMT+02:00, tor relay <torrelay3@mailbox.org> wrote:
-- PGP : 29A4CE52
Looking it up: SEFLOW Avoid it. they say it's against Italian law to have a Tor relay, asked which law, they said to contact a lawyer. (atrent: do you need a more articulate explanation? I'm the one who had the bad experience, I have all the emails exchanged and I can translate them); "i'm sorry but tor is not allowed in our service." (fusl, 02/2015) No TOR at all is allowed?
Another hoster with great bw/cost efficiency (non-exit!) https://itldc.com/en/vds/
Yeah, that was my fault :( He kicked my exit and is since then no more accepting any exits ... Markus
Just chatted with the Support and I highly doubt they are knowing what they are doing, anyway setup one exit relay and will report back after my first abuse mail. This will be fun :) btw: Jul 28 15:24:19.832 [warn] Failed to parse/validate config: Nickname 'niftychinchillarabbit' is wrong length or contains illegal characters. WTF? This is pure rassism! #allbunnynamesmatter 2016-07-28 13:59 GMT+02:00 tor relay <torrelay3@mailbox.org>:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 07/27/2016 08:42 PM, Snehan Kekre wrote:
- -- Toralf PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iF4EAREIAAYFAleZBXwACgkQxOrN3gB26U6SxgD/Q+k0ff802Tuvu6Wx4GquXPkg ckngzieSRHnH9L+mg8QBAI7VcB/hBulaS91Ft9giHI1V6Vad6VIc7ch1mC11ute9 =Enau -----END PGP SIGNATURE-----
participants (9)
-
Jacob Gillespie -
Louie Cardone-Noott -
Markus Koch -
Roman Mamedov -
Snehan Kekre -
tor relay -
Toralf Förster -
Tristan -
Xza