Dealing with OVH Abuse Complaints
Hi, Does anyone have experience running a long-lived Exit on OVH / So You Start? We've just received a threat to shut down our OVH Exit due to abuse complaints. We were responding to these automated reports (mainly SSH brute force) with template responses, offering to block the destination IP and port if the remote site wanted us to. We never received a reply. What does OVH expect its Exit operators to do with complaints? Should we have blocked each complaining IP address as soon as we received a complaint? Tim T -- Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org
On Wed, 5 Oct 2016 18:55:26 +1100 teor <teor2345@gmail.com> wrote:
Does anyone have experience running a long-lived Exit on OVH / So You Start?
We've just received a threat to shut down our OVH Exit due to abuse complaints. We were responding to these automated reports (mainly SSH brute force) with template responses, offering to block the destination IP and port if the remote site wanted us to. We never received a reply.
What does OVH expect its Exit operators to do with complaints? Should we have blocked each complaining IP address as soon as we received a complaint?
https://www.soyoustart.com/fr/documents_legaux/Conditions_particulieres_serv... 6.4 Pour des raisons de sécurité, OVH se réserve la possibilité de procéder à la suspension immédiate et sans préavis de tout Serveur sur lequel serait proposé à titre gracieux ou onéreux, un service ouvert au public de Proxy, IRC, VPN, TOR, pour lequel OVH aurait connaissance d'une utilisation malveillante, frauduleuse ou illicite. --- 6.4 For security reasons, OVH reserves the chance to make the immediate suspension without notice of any server on which would be proposed as or without charge, a service open to the public Proxy, IRC, VPN, TOR, for which OVH has knowledge a malicious, fraudulent or illegal. --- Some take this as "OVH doesn't allow Tor", I take this as "don't run exits there". -- With respect, Roman
Interesting seeing as how OVH is one of the biggest VPS services running Tor exits. On Oct 5, 2016 3:10 AM, "Roman Mamedov" <rm@romanrm.net> wrote:
On Wed, 5 Oct 2016 18:55:26 +1100 teor <teor2345@gmail.com> wrote:
Does anyone have experience running a long-lived Exit on OVH / So You Start?
We've just received a threat to shut down our OVH Exit due to abuse complaints. We were responding to these automated reports (mainly SSH brute force) with template responses, offering to block the destination IP and port if the remote site wanted us to. We never received a reply.
What does OVH expect its Exit operators to do with complaints? Should we have blocked each complaining IP address as soon as we received a complaint?
https://www.soyoustart.com/fr/documents_legaux/Conditions_ particulieres_serveur_SoyouStart.pdf
6.4 Pour des raisons de sécurité, OVH se réserve la possibilité de procéder à la suspension immédiate et sans préavis de tout Serveur sur lequel serait proposé à titre gracieux ou onéreux, un service ouvert au public de Proxy, IRC, VPN, TOR, pour lequel OVH aurait connaissance d'une utilisation malveillante, frauduleuse ou illicite. --- 6.4 For security reasons, OVH reserves the chance to make the immediate suspension without notice of any server on which would be proposed as or without charge, a service open to the public Proxy, IRC, VPN, TOR, for which OVH has knowledge a malicious, fraudulent or illegal. ---
Some take this as "OVH doesn't allow Tor", I take this as "don't run exits there".
-- With respect, Roman
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
*cough* Resellers *cough* 2016-10-05 14:21 GMT+02:00 Tristan <supersluether@gmail.com>:
Interesting seeing as how OVH is one of the biggest VPS services running Tor exits.
On Oct 5, 2016 3:10 AM, "Roman Mamedov" <rm@romanrm.net> wrote:
On Wed, 5 Oct 2016 18:55:26 +1100 teor <teor2345@gmail.com> wrote:
Does anyone have experience running a long-lived Exit on OVH / So You Start?
We've just received a threat to shut down our OVH Exit due to abuse complaints. We were responding to these automated reports (mainly SSH brute force) with template responses, offering to block the destination IP and port if the remote site wanted us to. We never received a reply.
What does OVH expect its Exit operators to do with complaints? Should we have blocked each complaining IP address as soon as we received a complaint?
https://www.soyoustart.com/fr/documents_legaux/Conditions_particulieres_serv...
6.4 Pour des raisons de sécurité, OVH se réserve la possibilité de procéder à la suspension immédiate et sans préavis de tout Serveur sur lequel serait proposé à titre gracieux ou onéreux, un service ouvert au public de Proxy, IRC, VPN, TOR, pour lequel OVH aurait connaissance d'une utilisation malveillante, frauduleuse ou illicite. --- 6.4 For security reasons, OVH reserves the chance to make the immediate suspension without notice of any server on which would be proposed as or without charge, a service open to the public Proxy, IRC, VPN, TOR, for which OVH has knowledge a malicious, fraudulent or illegal. ---
Some take this as "OVH doesn't allow Tor", I take this as "don't run exits there".
-- With respect, Roman
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Hi, I was considering moving my relay to OVH and asked them about their policies The answer is that Tor is tolerated on physical servers, but strictly forbidden on VPS And BTW, their support is indeed terrible... So, if someone could recommend a Tor friendly ISP in Belgium, I would be pretty much interested! Cheers 2016-10-05 10:10 GMT+02:00 Roman Mamedov <rm@romanrm.net>:
On Wed, 5 Oct 2016 18:55:26 +1100 teor <teor2345@gmail.com> wrote:
Does anyone have experience running a long-lived Exit on OVH / So You Start?
We've just received a threat to shut down our OVH Exit due to abuse complaints. We were responding to these automated reports (mainly SSH brute force) with template responses, offering to block the destination IP and port if the remote site wanted us to. We never received a reply.
What does OVH expect its Exit operators to do with complaints? Should we have blocked each complaining IP address as soon as we received a complaint?
https://www.soyoustart.com/fr/documents_legaux/Conditions_ particulieres_serveur_SoyouStart.pdf
6.4 Pour des raisons de sécurité, OVH se réserve la possibilité de procéder à la suspension immédiate et sans préavis de tout Serveur sur lequel serait proposé à titre gracieux ou onéreux, un service ouvert au public de Proxy, IRC, VPN, TOR, pour lequel OVH aurait connaissance d'une utilisation malveillante, frauduleuse ou illicite. --- 6.4 For security reasons, OVH reserves the chance to make the immediate suspension without notice of any server on which would be proposed as or without charge, a service open to the public Proxy, IRC, VPN, TOR, for which OVH has knowledge a malicious, fraudulent or illegal. ---
Some take this as "OVH doesn't allow Tor", I take this as "don't run exits there".
-- With respect, Roman
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-- Patrick Derwael Rue de la fontaine, 3 4210 Burdinne G:0479.80.50.79
The problem with Belgium isn't finding a Tor friendly provider, the problem is that bandwidth costs a lot of money, very weird considering Belgium is supposed to be a developed nation (up until recently, residential lines had a traffic limit too, maybe they still do): http://www.belgonet.com/ - 5GB - EUR 3 https://www.kinamo.be/en/servers/virtual - 100GB - EUR 40 https://www.combell.com/nl/servers/virtual-servers-vps - unlimited - EUR 40 http://www.easyhost.be/nl/virtual-servers-linux/ - unlimited @ 10MBit - EUR 20 http://www.shift.eu/en - 1 TB @ 100MBit - EUR 15 http://www.behostings.be/francais/vps.html - unlimited - EUR 30 + EUR 50 setup I have to admit though, now this list looks a lot better than a few years ago. On 05.10.2016 02:38 PM, Patrick DERWAEL wrote:
Hi,
I was considering moving my relay to OVH and asked them about their policies
The answer is that Tor is tolerated on physical servers, but strictly forbidden on VPS
And BTW, their support is indeed terrible...
So, if someone could recommend a Tor friendly ISP in Belgium, I would be pretty much interested!
Cheers
2016-10-05 10:10 GMT+02:00 Roman Mamedov <rm@romanrm.net>:
On Wed, 5 Oct 2016 18:55:26 +1100 teor <teor2345@gmail.com> wrote:
Does anyone have experience running a long-lived Exit on OVH / So You Start?
We've just received a threat to shut down our OVH Exit due to abuse complaints. We were responding to these automated reports (mainly SSH brute force) with template responses, offering to block the destination IP and port if the remote site wanted us to. We never received a reply.
What does OVH expect its Exit operators to do with complaints? Should we have blocked each complaining IP address as soon as we received a complaint?
https://www.soyoustart.com/fr/documents_legaux/Conditions_particulieres_serv...
[1]
6.4 Pour des raisons de sécurité, OVH se réserve la possibilité de procéder à la suspension immédiate et sans préavis de tout Serveur sur lequel serait proposé à titre gracieux ou onéreux, un service ouvert au public de Proxy, IRC, VPN, TOR, pour lequel OVH aurait connaissance d'une utilisation malveillante, frauduleuse ou illicite. --- 6.4 For security reasons, OVH reserves the chance to make the immediate suspension without notice of any server on which would be proposed as or without charge, a service open to the public Proxy, IRC, VPN, TOR, for which OVH has knowledge a malicious, fraudulent or illegal. ---
Some take this as "OVH doesn't allow Tor", I take this as "don't run exits there".
-- With respect, Roman
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays [2]
--
Patrick Derwael Rue de la fontaine, 3 4210 Burdinne G:0479.80.50.79
Links: ------ [1] https://www.soyoustart.com/fr/documents_legaux/Conditions_particulieres_serv... [2] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
I am running an exit relay on OVH VPS for almost a year: 5CA2D60F30F6A2FE61F66CAB248C5484AC3F13B1 During that time I received about 5 abuse reports, most of them were about SYN flood. Also, I expirienced some strange bandwidth limitation during February 2016, but in March this limitation silently disappeared. No other problems for half a year now. 5 Окт 2016 г. 10:56 AM пользователь "teor" <teor2345@gmail.com> написал:
Hi,
Does anyone have experience running a long-lived Exit on OVH / So You Start?
We've just received a threat to shut down our OVH Exit due to abuse complaints. We were responding to these automated reports (mainly SSH brute force) with template responses, offering to block the destination IP and port if the remote site wanted us to. We never received a reply.
What does OVH expect its Exit operators to do with complaints? Should we have blocked each complaining IP address as soon as we received a complaint?
Tim
T
-- Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 2016-10-05 at 09:55, teor wrote:
Hi,
Does anyone have experience running a long-lived Exit on OVH / So You Start?
We've just received a threat to shut down our OVH Exit due to abuse complaints. We were responding to these automated reports (mainly SSH brute force) with template responses, offering to block the destination IP and port if the remote site wanted us to. We never received a reply.
What does OVH expect its Exit operators to do with complaints? Should we have blocked each complaining IP address as soon as we received a complaint?
Tim
T
-- Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Hi Tim, I am hosting a Tor exit node on kimsufi (also a company of OVH, it's very similar to So You Start) and got two complaints from them. The first one was a 4K port scan on port 10000 done via my exit node and they said, they'll have to shut down the server if it happens again. I responded to that incident via mail that I blocked port 10000 and got no answer so far (that was about 2 months ago). Currently, only a few days/weeks back, they sent another abuse report to my mail address, 5K port scans on port 22. This time around, they put my server into recovery mode (read-only) to prevent further "hacking attacks" as they call it. I reset the boot mode (Netboot in your customer interface btw) to normal HDD boot and blocked port 22 via exit policy, but this time I didn't sent an email to them, as they didn't answer my first one. Abuse complaints from other companies or individuals were never sent to me though if there were any on OVH's side. Those two incidents were automatic reports and detections from OVH's anti-abuse/anti-hacking infrastructure. Best, Michael
participants (8)
-
Markus Koch -
Michael Armbruster -
Patrick DERWAEL -
Roman Mamedov -
Schokomilch NOC -
teor -
Tristan -
Артём