Hi all,
FYI: Yesterday I got the notice below from Leaseweb. I picked them because Leaseweb is mentioned in the Good/Bad ISP https://trac.torproject.org/projects/tor/wiki/doc/GoodBadISPs post. Apparently a blacklist named SECTOOR added a whole IP block of Leaseweb to block my Exit relay. Since this list is used by some bigger corporations, it got some other customers in trouble and they asked me to restrict the mentioned ports.
I understand the reasoning and can't blame them for asking my I guess (and since most relevant ports are not mentioned I guess it is not too bad), but I found it a bit weird that a whole subnet is being listed.
On 05/20/2015 03:20 PM, Lesley Koomen wrote:> Dear sir, madam,
It appears you are hosting a TOR node on your LeaseWeb IP address. This has resulted in the block of a (part) LeaseWeb IP subnet. (/24) As the subnet is added on the SECTOOR blacklist (http://www.sectoor.de/tor.php) this is affecting customers in the same range as yourself.
The SECTOOR blacklist is e.g. implemented by Hotmail, Live and Gmail. This results in other customers not being able to longer use the mail services of these companies. Sectoor TOR DNSBL lists every IP address which is known to run a tor server and allow their clients to connect to one of the following ports:
- Port 25
- Port 194
- Port 465
- Port 587
- Port 994
- Port 6657
- Ports 6660-6670
- Port 6697
- Ports 7000-7005
- Port 7070
- Ports 8000-8004
- Port 9000
- Port 9001
- Port 9998
- Port 9999
Therefore, we kindly, yet urgently ask you to disable the connection to the mentioned ports within 24 hours. Failure to comply and respond (confirm) to this warning, will result in a block of your involved IP address(es).
Thank you for your co-operation and understanding.
Kind regards,
Lesley Koomen Team Manager Abuse Prevention
Hi,
I got the same message yesterday, I asked leaseweb to put our exit node(hviv103) in a "dirty" ip-block and asked sectoor for a clarification on what happened. No reply to date of any party.
For now, I have shutdown the server.
Sorry to hear :(
Best, Jurre
On 05/21/2015 09:36 PM, blaatenator wrote:
Hi all,
FYI: Yesterday I got the notice below from Leaseweb. I picked them because Leaseweb is mentioned in the Good/Bad ISP https://trac.torproject.org/projects/tor/wiki/doc/GoodBadISPs post. Apparently a blacklist named SECTOOR added a whole IP block of Leaseweb to block my Exit relay. Since this list is used by some bigger corporations, it got some other customers in trouble and they asked me to restrict the mentioned ports.
I understand the reasoning and can't blame them for asking my I guess (and since most relevant ports are not mentioned I guess it is not too bad), but I found it a bit weird that a whole subnet is being listed.
On 05/20/2015 03:20 PM, Lesley Koomen wrote:> Dear sir, madam,
It appears you are hosting a TOR node on your LeaseWeb IP address. This has resulted in the block of a (part) LeaseWeb IP subnet. (/24) As the subnet is added on the SECTOOR blacklist (http://www.sectoor.de/tor.php) this is affecting customers in the same range as yourself.
The SECTOOR blacklist is e.g. implemented by Hotmail, Live and Gmail. This results in other customers not being able to longer use the mail services of these companies. Sectoor TOR DNSBL lists every IP address which is known to run a tor server and allow their clients to connect to one of the following ports:
- Port 25
- Port 194
- Port 465
- Port 587
- Port 994
- Port 6657
- Ports 6660-6670
- Port 6697
- Ports 7000-7005
- Port 7070
- Ports 8000-8004
- Port 9000
- Port 9001
- Port 9998
- Port 9999
Therefore, we kindly, yet urgently ask you to disable the connection to the mentioned ports within 24 hours. Failure to comply and respond (confirm) to this warning, will result in a block of your involved IP address(es).
Thank you for your co-operation and understanding.
Kind regards,
Lesley Koomen Team Manager Abuse Prevention
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
I got the same. Restricting the exit policy to 80/443 until Sectoor replies.
Tom
Jurre van Bergen schreef op 21/05/15 om 22:04:
Hi,
I got the same message yesterday, I asked leaseweb to put our exit node(hviv103) in a "dirty" ip-block and asked sectoor for a clarification on what happened. No reply to date of any party.
For now, I have shutdown the server.
Sorry to hear :(
Best, Jurre
On 05/21/2015 09:36 PM, blaatenator wrote:
Hi all,
FYI: Yesterday I got the notice below from Leaseweb. I picked them because Leaseweb is mentioned in the Good/Bad ISP https://trac.torproject.org/projects/tor/wiki/doc/GoodBadISPs post. Apparently a blacklist named SECTOOR added a whole IP block of Leaseweb to block my Exit relay. Since this list is used by some bigger corporations, it got some other customers in trouble and they asked me to restrict the mentioned ports.
I understand the reasoning and can't blame them for asking my I guess (and since most relevant ports are not mentioned I guess it is not too bad), but I found it a bit weird that a whole subnet is being listed.
On 05/20/2015 03:20 PM, Lesley Koomen wrote:> Dear sir, madam,
It appears you are hosting a TOR node on your LeaseWeb IP address. This has resulted in the block of a (part) LeaseWeb IP subnet. (/24) As the subnet is added on the SECTOOR blacklist (http://www.sectoor.de/tor.php) this is affecting customers in the same range as yourself.
The SECTOOR blacklist is e.g. implemented by Hotmail, Live and Gmail. This results in other customers not being able to longer use the mail services of these companies. Sectoor TOR DNSBL lists every IP address which is known to run a tor server and allow their clients to connect to one of the following ports:
- Port 25
- Port 194
- Port 465
- Port 587
- Port 994
- Port 6657
- Ports 6660-6670
- Port 6697
- Ports 7000-7005
- Port 7070
- Ports 8000-8004
- Port 9000
- Port 9001
- Port 9998
- Port 9999
Therefore, we kindly, yet urgently ask you to disable the connection to the mentioned ports within 24 hours. Failure to comply and respond (confirm) to this warning, will result in a block of your involved IP address(es).
Thank you for your co-operation and understanding.
Kind regards,
Lesley Koomen Team Manager Abuse Prevention
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
++ 21/05/15 22:04 +0200 - Jurre van Bergen:
I got the same message yesterday, I asked leaseweb to put our exit node(hviv103) in a "dirty" ip-block and asked sectoor for a clarification on what happened. No reply to date of any party.
This DNSBL has a fairly straightforward listing for an IP-address: ((the IP-address itself is a Tor exit-node OR the IP-address is within a /24 that has some other IP-address with a Tor exit-node) AND the Tor exit-node(s) allow clients to connect to a list of about 15 different ports). Administrators are supposed to use this list as a scoring mechanisme, not for blocking. Of course, any administrator is free to use this DNSBL he or she wants.
There's not much you can do - other than just not running the Tor-node.
On Thu, May 21, 2015 at 10:04:19PM +0200, Jurre van Bergen wrote:
I got the same message yesterday, I asked leaseweb to put our exit node(hviv103) in a "dirty" ip-block and asked sectoor for a clarification on what happened. No reply to date of any party.
Doesn't sectoor publish two lists, one which is just Tor exit IP addresses, and another which is the /24's around them? And then they encourage people to use the more conservative list, but of course they hint that using the broader list will catch more spammers?
So it's possible that the answer is "some website somewhere on the Internet is using sectoor's lists wrong". :/
And in case you haven't read this lately (I read it every few months and it makes me freshly angry each time), here's your pointer to http://paulgraham.com/spamhausblacklist.html
--Roger
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
The lists of SECTOOR might be used wrongly but they sound like they belong to the ever growing list of 'shitty blacklists'. In my work for a hosting company I receive complaints regarding malpractices of such lists on a daily basis. For example there are lists who blacklist whole IP ranges based on generic rDNS (hello Spamrats Dyna). Being a company that sets rDNS to [IP-ADDRESS].companyname.tld for all non-used IP addresses you are basically fucked.
Most of these blacklists are actually used by parties who probably started using them when these lists were not vigilante-like.
Hooray for shitty blacklists...
On 5/21/15 10:15 PM, Roger Dingledine wrote:
On Thu, May 21, 2015 at 10:04:19PM +0200, Jurre van Bergen wrote:
I got the same message yesterday, I asked leaseweb to put our exit node(hviv103) in a "dirty" ip-block and asked sectoor for a clarification on what happened. No reply to date of any party.
Doesn't sectoor publish two lists, one which is just Tor exit IP addresses, and another which is the /24's around them? And then they encourage people to use the more conservative list, but of course they hint that using the broader list will catch more spammers?
So it's possible that the answer is "some website somewhere on the Internet is using sectoor's lists wrong". :/
And in case you haven't read this lately (I read it every few months and it makes me freshly angry each time), here's your pointer to http://paulgraham.com/spamhausblacklist.html
--Roger
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
- -- Tim Semeijn Babylon Network pgp 0x5B8A4DDF
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
I forgot to mention the list of 'shitty blacklists' offers hardly any way to request delisting when the event occurs an IP address gets handed out to a different user. As far as I have seen SECTOOR belongs on this list based on the fact that delisting is a pain.
On 5/21/15 10:35 PM, Tim Semeijn wrote:
The lists of SECTOOR might be used wrongly but they sound like they belong to the ever growing list of 'shitty blacklists'. In my work for a hosting company I receive complaints regarding malpractices of such lists on a daily basis. For example there are lists who blacklist whole IP ranges based on generic rDNS (hello Spamrats Dyna). Being a company that sets rDNS to [IP-ADDRESS].companyname.tld for all non-used IP addresses you are basically fucked.
Most of these blacklists are actually used by parties who probably started using them when these lists were not vigilante-like.
Hooray for shitty blacklists...
On 5/21/15 10:15 PM, Roger Dingledine wrote:
On Thu, May 21, 2015 at 10:04:19PM +0200, Jurre van Bergen wrote:
I got the same message yesterday, I asked leaseweb to put our exit node(hviv103) in a "dirty" ip-block and asked sectoor for a clarification on what happened. No reply to date of any party.
Doesn't sectoor publish two lists, one which is just Tor exit IP addresses, and another which is the /24's around them? And then they encourage people to use the more conservative list, but of course they hint that using the broader list will catch more spammers?
So it's possible that the answer is "some website somewhere on the Internet is using sectoor's lists wrong". :/
And in case you haven't read this lately (I read it every few months and it makes me freshly angry each time), here's your pointer to http://paulgraham.com/spamhausblacklist.html
--Roger
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
- -- Tim Semeijn Babylon Network pgp 0x5B8A4DDF
The problem is compounded by the fact each BL company is racing it's way to the bottom, adding each others finds to their own lists. SpamHaus has OVER 1 *BILLION* addresses listed.
I lost several relays (11) from OVH because DanTor recorded my relays, then CBL recorded DanTor, then SpamHaus Zen recorded CBL, which allowed OVH to claim "100% of your IPs are blacklisted on multiple lists" when in reality it was from a guy in the UK who publishes all Tor relays - guard, middle, exit - that caused this whole problem for me. Not one single complaint from anyone against any of my relays.
Matt Speak Freely
++ 21/05/15 22:35 +0200 - Tim Semeijn:
The lists of SECTOOR might be used wrongly but they sound like they belong to the ever growing list of 'shitty blacklists'. In my work for
In my personal opinion: you are barking at the wrong tree. It's your freedom to create a list of whatever you like with whatever criteria you please and name it whatever it makes you feel good. And yes, of course, it is your freedom to label one more of those lists as "shitty blacklists".
Point is: I don't think there is such a thing as a shitty blacklist. In the end it's up to the administrator of a server to use or not to use a list.
And yes, I am aware some issues may arise if one of thoses lists has a large user base (as, in that case, the compiler of that list may (ab)use that power). It's not that I am 100% in favor of these lists. :)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Good point. I should have thought better about phrasing my opinion as labeling the lists as simply shitty might be a bit blindsighted. Listing whole ranges though seems to do more damage than good in most cases, certainly when no proper delisting policy is in place.
On 5/21/15 10:46 PM, Rejo Zenger wrote:
++ 21/05/15 22:35 +0200 - Tim Semeijn:
The lists of SECTOOR might be used wrongly but they sound like they belong to the ever growing list of 'shitty blacklists'. In my work for
In my personal opinion: you are barking at the wrong tree. It's your freedom to create a list of whatever you like with whatever criteria you please and name it whatever it makes you feel good. And yes, of course, it is your freedom to label one more of those lists as "shitty blacklists".
Point is: I don't think there is such a thing as a shitty blacklist. In the end it's up to the administrator of a server to use or not to use a list.
And yes, I am aware some issues may arise if one of thoses lists has a large user base (as, in that case, the compiler of that list may (ab)use that power). It's not that I am 100% in favor of these lists. :)
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
- -- Tim Semeijn Babylon Network pgp 0x5B8A4DDF
blaatenator:
- Port 25
- Port 194
- Port 465
- Port 587
- Port 994
- Port 6657
- Ports 6660-6670
- Port 6697
- Ports 7000-7005
- Port 7070
- Ports 8000-8004
- Port 9000
- Port 9001
- Port 9998
- Port 9999
Were you using the recommended reduced exit policy? It seems like it'd block most of the ports they're complaining about: https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy
If you haven't, you might want to start now, and make sure it covers the extra ports they're mentioning, to make them happy.
You may also want to see the other of tips for running an exit node with less harassment: https://blog.torproject.org/blog/tips-running-exit-node-minimal-harassment
tor-relays@lists.torproject.org
-
blaatenator -
Jurre van Bergen -
ncl@cock.li -
Rejo Zenger -
Roger Dingledine -
Speak Freely -
Tim Semeijn -
Tom van der Woerdt