Hi, my Family¹ has had an exit for 2 weeks and today the first abuse mail has arrived. First of all, thanks for the templates: https://www.torservers.net/wiki/abuse/templates https://trac.torproject.org/projects/tor/wiki/doc/TorAbuseTemplates I linked these two from the Tor-project: - Common Boilerplate (Tor Intro) - SSH Bruteforce Attempts and wrote the following myself: -------------------------------------- Another good option that we use ourselves is: fail2ban And report to blacklists, which can then be loaded into the router firewalls: https://www.abuseipdb.com/user/33280 Hope this helps! -------------------------------------- I actually wanted to add that the SSH login attempts can be limited. (3-6) Because the logs from the abuse mail showed 100 attempts pro IP. ;-) _Are such notes useful or do such instructions cause even more problems?_ ¹https://metrics.torproject.org/rs.html#search/TorOrDie4privacyNET -- ╰_╯ Ciao Marco! Debian GNU/Linux It's free software and it gives you freedom!
I had a police house search for my exit... I hate the stupid German police.
Am 15.04.2020 um 22:53 schrieb "lists@for-privacy.net" <lists@for-privacy.net>:
Hi,
my Family¹ has had an exit for 2 weeks and today the first abuse mail has arrived.
First of all, thanks for the templates:
https://www.torservers.net/wiki/abuse/templates
https://trac.torproject.org/projects/tor/wiki/doc/TorAbuseTemplates
I linked these two from the Tor-project:
- Common Boilerplate (Tor Intro)
- SSH Bruteforce Attempts
and wrote the following myself: -------------------------------------- Another good option that we use ourselves is: fail2ban And report to blacklists, which can then be loaded into the router firewalls: https://www.abuseipdb.com/user/33280
Hope this helps! --------------------------------------
I actually wanted to add that the SSH login attempts can be limited. (3-6) Because the logs from the abuse mail showed 100 attempts pro IP. ;-)
_Are such notes useful or do such instructions cause even more problems?_
¹https://metrics.torproject.org/rs.html#search/TorOrDie4privacyNET
-- ╰_╯ Ciao Marco!
Debian GNU/Linux
It's free software and it gives you freedom! _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Where you running an exit from home? It’s really discouraged because of what happened to you. -m
Il giorno 16 apr 2020, alle ore 04:50, Kolja Sagorski <hallo@koljasagorski.de> ha scritto:
I had a police house search for my exit... I hate the stupid German police.
Am 15.04.2020 um 22:53 schrieb "lists@for-privacy.net" <lists@for-privacy.net>:
Hi,
my Family¹ has had an exit for 2 weeks and today the first abuse mail has arrived.
First of all, thanks for the templates:
https://www.torservers.net/wiki/abuse/templates
https://trac.torproject.org/projects/tor/wiki/doc/TorAbuseTemplates
I linked these two from the Tor-project:
- Common Boilerplate (Tor Intro)
- SSH Bruteforce Attempts
and wrote the following myself: -------------------------------------- Another good option that we use ourselves is: fail2ban And report to blacklists, which can then be loaded into the router firewalls: https://www.abuseipdb.com/user/33280
Hope this helps! --------------------------------------
I actually wanted to add that the SSH login attempts can be limited. (3-6) Because the logs from the abuse mail showed 100 attempts pro IP. ;-)
_Are such notes useful or do such instructions cause even more problems?_
¹https://metrics.torproject.org/rs.html#search/TorOrDie4privacyNET
-- ╰_╯ Ciao Marco!
Debian GNU/Linux
It's free software and it gives you freedom! _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
They raid your home even if the Tor node is run in a datacenter. Sadly the police in germany is still stuck in the 90s and most of them don't know and/or care what Tor is and how it works. On 16.04.2020 12:45, Mario Costa wrote:
Where you running an exit from home? It’s really discouraged because of what happened to you.
-m
Il giorno 16 apr 2020, alle ore 04:50, Kolja Sagorski <hallo@koljasagorski.de> ha scritto:
I had a police house search for my exit... I hate the stupid German police.
Am 15.04.2020 um 22:53 schrieb "lists@for-privacy.net" <lists@for-privacy.net>:
Hi,
my Family¹ has had an exit for 2 weeks and today the first abuse mail has arrived.
First of all, thanks for the templates:
https://www.torservers.net/wiki/abuse/templates
https://trac.torproject.org/projects/tor/wiki/doc/TorAbuseTemplates
I linked these two from the Tor-project:
- Common Boilerplate (Tor Intro)
- SSH Bruteforce Attempts
and wrote the following myself: -------------------------------------- Another good option that we use ourselves is: fail2ban And report to blacklists, which can then be loaded into the router firewalls: https://www.abuseipdb.com/user/33280
Hope this helps! --------------------------------------
I actually wanted to add that the SSH login attempts can be limited. (3-6) Because the logs from the abuse mail showed 100 attempts pro IP. ;-)
_Are such notes useful or do such instructions cause even more problems?_
¹https://metrics.torproject.org/rs.html#search/TorOrDie4privacyNET
-- ╰_╯ Ciao Marco!
Debian GNU/Linux
It's free software and it gives you freedom! _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Running an Exit node from home is asking for trouble. I can't imagine why anyone would want to. Anyways, /etc/hosts.allow and /etc/hosts.deny can also be used to limit SSH access. I highly recommend. Best, Jason Sent from my Android device. Please excuse my brevity and any typos that may occur. On Thu, Apr 16, 2020, 3:32 PM Volker Mink <volker.mink@gmx.de> wrote:
Not 100% accurate. I was running an exit at my home connection for close to one year. I removed it because normal internet usage became absolutely anoying. Capchas and DOS-Protections nearly everywhere. No streaming-portal was running. And lots of complaints from my provider. But no Cop action!
And now i am running 2 exits hosted in datacenters, one in germany, one in malaysia. No problems by now.
br, volker
*Gesendet:* Donnerstag, 16. April 2020 um 13:32 Uhr *Von:* "NOC" <tor@afo-tm.org> *An:* tor-relays@lists.torproject.org *Betreff:* Re: [tor-relays] Got my first abuse They raid your home even if the Tor node is run in a datacenter. Sadly the police in germany is still stuck in the 90s and most of them don't know and/or care what Tor is and how it works.
On 16.04.2020 12:45, Mario Costa wrote:
Where you running an exit from home? It’s really discouraged because of what happened to you.
-m
Il giorno 16 apr 2020, alle ore 04:50, Kolja Sagorski < hallo@koljasagorski.de> ha scritto:
I had a police house search for my exit... I hate the stupid German police.
Am 15.04.2020 um 22:53 schrieb "lists@for-privacy.net" < lists@for-privacy.net>:
Hi,
my Family¹ has had an exit for 2 weeks and today the first abuse mail has arrived.
First of all, thanks for the templates:
https://www.torservers.net/wiki/abuse/templates
https://trac.torproject.org/projects/tor/wiki/doc/TorAbuseTemplates
I linked these two from the Tor-project:
- Common Boilerplate (Tor Intro)
- SSH Bruteforce Attempts
and wrote the following myself: -------------------------------------- Another good option that we use ourselves is: fail2ban And report to blacklists, which can then be loaded into the router firewalls: https://www.abuseipdb.com/user/33280
Hope this helps! --------------------------------------
I actually wanted to add that the SSH login attempts can be limited. (3-6) Because the logs from the abuse mail showed 100 attempts pro IP. ;-)
_Are such notes useful or do such instructions cause even more problems?_
¹https://metrics.torproject.org/rs.html#search/TorOrDie4privacyNET
-- ╰_╯ Ciao Marco!
Debian GNU/Linux
It's free software and it gives you freedom! _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 16.04.2020 21:35, Jason Odoom wrote:
Running an Exit node from home is asking for trouble. I can't imagine why anyone would want to. Anyways, /etc/hosts.allow and /etc/hosts.deny can also be used to limit SSH access. I highly recommend.
apt install fail2ban iptables-persistent is your friend ;-) /etc/iptables/rules.v4 & rules.v6 must be created. SSH fail2ban is ready out of the box in Debian. -- ╰_╯ Ciao Marco! Debian GNU/Linux It's free software and it gives you freedom!
* Volker Mink:
I was running an exit at my home connection for close to one year. I removed it because normal internet usage became absolutely anoying. Capchas and DOS-Protections nearly everywhere. No streaming-portal was running. And lots of complaints from my provider.
Which fully confirms that running a Tor exit at home is usually a dumb move, police involvement or not. -Ralph
What about running a bridge from home? Many of us now have 1GB fibre at home, and much wasted, it would be nice to use it for TOR without creating problems for yourself by getting on block lists, abuse complaints and ISP protesting, PC Plod calling round. So far IPV6, even with many open posts does not seem to attract attention. This won't last of course. Currently you cannot set up TOR as IPV6 only with no reachable IP4 address. I look forward to TOR being fully IPV6. Gerry -----Original Message----- From: tor-relays <tor-relays-bounces@lists.torproject.org> On Behalf Of Ralph Seichter Sent: 17 April 2020 11:26 To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] Got my first abuse * Volker Mink:
TOR needs brave people.
Tor needs running nodes and exits. That can be achieved using smart or dumb setups. The latter do not imply "being courageous" in any way. -Ralph _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 04/17/2020 02:02 AM, Volker Mink wrote:
you call it dumb. other call i coursageous. it was worth a try. i have decent internet connection at home and could provide a reliable and fast exit for close to a year. TOR needs brave people.
Well, that does provide residential IPs. And there's quite the demand for VPN services with them, because they're less likely blocked. And so more useful for streaming Disney+ or whatever. But with Tor, all relay IPs are (so far) published, so it doesn't help at all.
*Gesendet:* Freitag, 17. April 2020 um 04:08 Uhr *Von:* "Ralph Seichter" <abbot@monksofcool.net> *An:* tor-relays@lists.torproject.org *Betreff:* Re: [tor-relays] Got my first abuse * Volker Mink:
I was running an exit at my home connection for close to one year. I removed it because normal internet usage became absolutely anoying. Capchas and DOS-Protections nearly everywhere. No streaming-portal was running. And lots of complaints from my provider.
Which fully confirms that running a Tor exit at home is usually a dumb move, police involvement or not.
-Ralph _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
I said most not 100%. My exits were in a Datacenter yet they showed up at my home. Actually it depends who it is. The local police here was very friendly and send me a invitation to visit them in cases with computer fraud that were made over the exits, the BKA just gave zero fucks and showed up at 06:00 at my home. And took anything looking like tech. The exits had this.is.a.tor.exit.node as reverse dns and displayed on port 80 what tor is, how it works and why i don't have any usefull data for them. So if they would have done any kind of more than asking the provider who pays for that IP they could have get a hint that they won't find anything useful for their case at my home or on the servers.... On 16.04.2020 20:18, Volker Mink wrote:
Not 100% accurate. I was running an exit at my home connection for close to one year. I removed it because normal internet usage became absolutely anoying. Capchas and DOS-Protections nearly everywhere. No streaming-portal was running. And lots of complaints from my provider. But no Cop action! And now i am running 2 exits hosted in datacenters, one in germany, one in malaysia. No problems by now. br, volker *Gesendet:* Donnerstag, 16. April 2020 um 13:32 Uhr *Von:* "NOC" <tor@afo-tm.org> *An:* tor-relays@lists.torproject.org *Betreff:* Re: [tor-relays] Got my first abuse They raid your home even if the Tor node is run in a datacenter. Sadly the police in germany is still stuck in the 90s and most of them don't know and/or care what Tor is and how it works.
On 16.04.2020 12:45, Mario Costa wrote:
Where you running an exit from home? It’s really discouraged because of what happened to you.
-m
Il giorno 16 apr 2020, alle ore 04:50, Kolja Sagorski <hallo@koljasagorski.de> ha scritto:
I had a police house search for my exit... I hate the stupid German police.
Am 15.04.2020 um 22:53 schrieb "lists@for-privacy.net" <lists@for-privacy.net>:
Hi,
my Family¹ has had an exit for 2 weeks and today the first abuse mail has arrived.
First of all, thanks for the templates:
https://www.torservers.net/wiki/abuse/templates <https://www.torservers.net/wiki/abuse/templates>
https://trac.torproject.org/projects/tor/wiki/doc/TorAbuseTemplates <https://trac.torproject.org/projects/tor/wiki/doc/TorAbuseTemplates>
I linked these two from the Tor-project:
- Common Boilerplate (Tor Intro)
- SSH Bruteforce Attempts
and wrote the following myself: -------------------------------------- Another good option that we use ourselves is: fail2ban And report to blacklists, which can then be loaded into the router
firewalls:
https://www.abuseipdb.com/user/33280 <https://www.abuseipdb.com/user/33280>
Hope this helps! --------------------------------------
I actually wanted to add that the SSH login attempts can be limited. (3-6) Because the logs from the abuse mail showed 100 attempts pro IP. ;-)
_Are such notes useful or do such instructions cause even more problems?_
¹https://metrics.torproject.org/rs.html#search/TorOrDie4privacyNET
-- ╰_╯ Ciao Marco!
Debian GNU/Linux
It's free software and it gives you freedom! _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Am Fr., 17. Apr. 2020 um 10:20 Uhr schrieb NOC <tor@afo-tm.org>:
I said most not 100%. My exits were in a Datacenter yet they showed up at my home. Actually it depends who it is. The local police here was very friendly and send me a invitation to visit them in cases with computer fraud that were made over the exits, the BKA just gave zero fucks and showed up at 06:00 at my home. And took anything looking like tech.
The exits had this.is.a.tor.exit.node as reverse dns and displayed on port 80 what tor is, how it works and why i don't have any usefull data for them. So if they would have done any kind of more than asking the provider who pays for that IP they could have get a hint that they won't find anything useful for their case at my home or on the servers....
Could you give us more info about it? How long ago was it? Was it your own hardware in the datacenter? Which provider was it? Was there anything in the news about it? Cheers
On 17.04.2020 11:07, [REDACTED] wrote:
Am Fr., 17. Apr. 2020 um 10:20 Uhr schrieb NOC <tor@afo-tm.org <mailto:tor@afo-tm.org>>:
I said most not 100%. My exits were in a Datacenter yet they showed up at my home. Actually it depends who it is. The local police here was very friendly and send me a invitation to visit them in cases with computer fraud that were made over the exits, the BKA just gave zero fucks and showed up at 06:00 at my home. And took anything looking like tech.
The exits had this.is.a.tor.exit.node as reverse dns and displayed on port 80 what tor is, how it works and why i don't have any usefull data for them. So if they would have done any kind of more than asking the provider who pays for that IP they could have get a hint that they won't find anything useful for their case at my home or on the servers....
Could you give us more info about it?
How long ago was it? Was it your own hardware in the datacenter? Which provider was it?
Was there anything in the news about it?
Cheers 2014 no I had exits at online.net, 1blu, myloc, hosteurope and strato at that time. In the documents i got they went after the myloc IPs. No there was nothing in the news about it, as far as i know there are only news if it is a big coordinated action or if the operator makes it public, both is not the case.
No, it was in a datacenter. Here the case https://www.lawblog.de/index.php/archives/2018/02/13/strafbare-beihilfe-durc... Sorry, only German.
Am 16.04.2020 um 12:45 schrieb Mario Costa <mario.costa@icloud.com>:
Where you running an exit from home? It’s really discouraged because of what happened to you.
-m
Il giorno 16 apr 2020, alle ore 04:50, Kolja Sagorski <hallo@koljasagorski.de> ha scritto:
I had a police house search for my exit... I hate the stupid German police.
Am 15.04.2020 um 22:53 schrieb "lists@for-privacy.net" <lists@for-privacy.net>:
Hi,
my Family¹ has had an exit for 2 weeks and today the first abuse mail has arrived.
First of all, thanks for the templates:
https://www.torservers.net/wiki/abuse/templates
https://trac.torproject.org/projects/tor/wiki/doc/TorAbuseTemplates
I linked these two from the Tor-project:
- Common Boilerplate (Tor Intro)
- SSH Bruteforce Attempts
and wrote the following myself: -------------------------------------- Another good option that we use ourselves is: fail2ban And report to blacklists, which can then be loaded into the router firewalls: https://www.abuseipdb.com/user/33280
Hope this helps! --------------------------------------
I actually wanted to add that the SSH login attempts can be limited. (3-6) Because the logs from the abuse mail showed 100 attempts pro IP. ;-)
_Are such notes useful or do such instructions cause even more problems?_
¹https://metrics.torproject.org/rs.html#search/TorOrDie4privacyNET
-- ╰_╯ Ciao Marco!
Debian GNU/Linux
It's free software and it gives you freedom! _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 17.04.2020 21:13, Kolja Sagorski wrote:
No, it was in a datacenter. Here the case
https://www.lawblog.de/index.php/archives/2018/02/13/strafbare-beihilfe-durc...
That was only 2 years ago. :-( I live in Bonn, the same state. And I still have things somewhere on old HD's that were legal before 9/11. (Sprengstoff e.V.) It is probably not bad to be prepared. Can someone recommend lawyers to me. Please email. Does anyone know a German IRC channel or similar, where German exit operators exchange ideas? One could possibly found an association like Torservers.net. The address could be the C4 (Chaos Computer Club Cologne) or our Freifunk Treff in Bonn. -- ╰_╯ Ciao Marco! Debian GNU/Linux It's free software and it gives you freedom!
On 15.04.2020 23:30, Kolja Sagorski wrote:
I had a police house search for my exit... I hate the stupid German police.
Did you have your exit at home or in the data center? I also live in Germany, Hoster is from the USA (Frantec) and the server in Luxembourg. My old IBM RS/6000 rack already weighs more than half a ton. And I have a lot of IT in the house + lots of 'freifunk' AP and antennas. Also Laptop's from my boss's company. -- ╰_╯ Ciao Marco! Debian GNU/Linux It's free software and it gives you freedom!
participants (12)
-
[REDACTED] -
Artur Pedziwilk -
gerard@bulger.co.uk -
I -
Jason Odoom -
Kolja Sagorski -
lists@for-privacy.net -
Mario Costa -
Mirimir -
NOC -
Ralph Seichter -
Volker Mink