My ISP got a weird Abuse notice with no details. Just said stop. Stop what? When we asked what the "abuse" was they sent a 1mb.gz snapshop of their log files. There were a few references to my IP, but I have no idea what was seen as abuse: Can anyone tell me what they are fussed about? I like to respond in a robust manner. My IP is 5.77.47.142 184.151.178.22 - - [16/May/2016:15:19:40 -0400] "GET /product_imgs/small/R-F35T5-832.jpg HTTP/1.1" 200 23822 "http://www.liteline.com/ALFT5-35-4100-3" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.94 Safari/537.36" 184.151.178.22 - - [16/May/2016:15:19:40 -0400] "GET /product_imgs/small/R-FBT6124-WH-3.jpg HTTP/1.1" 200 23103 "http://www.liteline.com/ALFT5-35-4100-3" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.94 Safari/537.36" 5.77.47.142 - - [16/May/2016:15:19:41 -0400] "GET /admin/ HTTP/1.1" 200 1079 "-" "Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0" 5.77.47.142 - - [16/May/2016:15:19:41 -0400] "GET /admin/css/admin_styles.css HTTP/1.1" 200 1892 "http://www.liteline.com/admin/" "Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0" 5.77.47.142 - - [16/May/2016:15:19:41 -0400] "GET /admin/images/Liteline_logo_horizontal.png HTTP/1.1" 200 2610 "http://www.liteline.com/admin/" "Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0" 5.77.47.142 - - [16/May/2016:15:19:41 -0400] "GET /admin/images/px_bgrnd.png HTTP/1.1" 200 3738 "http://www.liteline.com/admin/css/admin_styles.css" "Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0" 5.77.47.142 - - [16/May/2016:15:19:42 -0400] "GET /favicon.ico HTTP/1.1" 200 1406 "-" "Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0" 209.29.237.34 - - [16/May/2016:15:19:42 -0400] "GET / HTTP/1.1" 200 7949 "-" "Mozilla/5.0 (iPad; CPU OS 9_2_1 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13D15 Safari/601.1" 209.29.237.34 - - [16/May/2016:15:19:42 -0400] "GET /styles2.css HTTP/1.1" 200 11384 "http://www.liteline.com/" "Mozilla/5.0 (iPad; CPU OS 9_2_1 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13D15 Safari/601.1" 209.29.237.34 - - [16/May/2016:15:19:43 -0400] "GET /prettyPhoto.css HTTP/1.1" 200 2769 "http://www.liteline.com/" "Mozilla/5.0 (iPad; CPU OS 9_2_1 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13D15 Safari/601.1" 209.29.237.34 - - [16/May/2016:15:19:43 -0400] "GET /js/functions.js HTTP/1.1" 200 9264 "http://www.liteline.com/" "Mozilla/5.0 (iPad; CPU OS 9_2_1 like Mac OS X) 6.1; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0" 5.77.47.142 - - [16/May/2016:15:19:56 -0400] "POST /admin/ HTTP/1.1" 302 1079 "http://www.liteline.com/admin/" "Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0" 5.77.47.142 - - [16/May/2016:15:19:56 -0400] "GET /admin/admin.php HTTP/1.1" 200 1029 "http://www.liteline.com/admin/" "Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0" 184.151.179.73 - - [16/May/2016:15:19:56 -0400] "GET /Lighting/Recessed/4-in/4-in-Trims/page/2 HTTP/1.1" 200 4961 "http://www.liteline.com/Lighting/Recessed/4-in/4-in-Trims/page/1" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_1 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13B143 Safari/601.1" 184.151.179.73 - - [16/May/2016:15:19:56 -0400] "GET /styles2.css HTTP/1.1" 200 11384 "http://www.liteline.com/Lighting/Recessed/4-in/4-in-Trims/page/2" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_1 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13B143 Safari/601.1" "http://www.liteline.com/Lighting/Recessed/4-in/4-in-Trims/page/2" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_1 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13B143 Safari/601.1" 5.77.47.142 - - [16/May/2016:15:19:57 -0400] "GET /admin/css/admin_styles.css HTTP/1.1" 200 1892 "http://www.liteline.com/admin/admin.php" "Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0" 5.77.47.142 - - [16/May/2016:15:19:57 -0400] "GET /admin/images/rt_arrow.png HTTP/1.1" 200 554 "http://www.liteline.com/admin/css/admin_styles.css" "Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0" 216.123.172.226 - - [16/May/2016: 5.77.47.142 - - [16/May/2016:15:20:03 -0400] "GET /admin/admin.php?admin_add_product HTTP/1.1" 200 1271 "http://www.liteline.com/admin/admin.php" "Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0" 5.77.47.142 - - [16/May/2016:15:20:03 -0400] "GET /admin/css/admin_styles.css HTTP/1.1" 200 1892 "http://www.liteline.com/admin/admin.php?admin_add_product" "Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0" HTTP/1.1" 200 9264 "http://www.liteline.com/ATF7630" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0" 5.77.47.142 - - [16/May/2016:15:20:18 -0400] "GET /admin/ HTTP/1.1" 302 1079 "-" "Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0" 5.77.47.142 - - [16/May/2016:15:20:19 -0400] "GET /admin/admin.php HTTP/1.1" 200 1029 "-" "Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0" 5.77.47.142 - - [16/May/2016:15:20:19 -0400] "GET /admin/css/admin_styles.css HTTP/1.1" 200 1892 "http://www.liteline.com/admin/admin.php" "Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0" 184.151.179.73 - - [16/May/2016:15:20:20 -0400] "GET. 5.77.47.142 - - [16/May/2016:15:19:41 -0400] "GET /admin/images/Liteline_logo_horizontal.png HTTP/1.1" 200 2610 "http://www.liteline.com/admin/" "Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0" 5.77.47.142 - - [16/May/2016:15:19:41 -0400] "GET /admin/images/px_bgrnd.png HTTP/1.1" 200 3738 "http://www.liteline.com/admin/css/admin_styles.css" "Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0" 5.77.47.142 - - [16/May/2016:15:19:42 -0400] "GET /favicon.ico HTTP/1.1" 200 1406 "-" "Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0" 209.29.237.34 - - [16/May/2016:15:19:42 -0400]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 05/20/2016 05:12 PM, Dr Gerard Bulger wrote:
I like to respond in a robust manner. What hinder you to answer politely ?
- -- Toralf PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iF0EAREIAAYFAlc/LEIACgkQxOrN3gB26U6LUwD/X2XkqEN1A30tXzvlNrgu3/BU 6bqU/+jHk1AafcACO88A+NHuspqR36Icvy98lAYxAhiHdZREgbOKj0DtH6TVpO0= =4baY -----END PGP SIGNATURE-----
On 05/20/2016 05:12 PM, Dr Gerard Bulger wrote:
I like to respond in a robust manner. What hinder you to answer politely ?
Did not mean that; might be lost in translation. One can be robust without being rude. I would like to give a knowledgeable answer. There seems to be a whole industry out there offering security services by sending out this stuff, the funds for which would better spent securing their sites. Gerry
Hi, I think they are furious about this POST to (probably) an admin interface. But it could also be the fact that somebody crawled their site over your relay. ~Josef Am 20.05.2016 um 17:12 schrieb Dr Gerard Bulger:
5.77.47.142 - - [16/May/2016:15:19:56 -0400] "POST /admin/ HTTP/1.1" 302 1079 "http://www.liteline.com/admin/" "Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0"
But they did not succeed in a posting to an admin interface. How did they get to it, or just guess that as the URL?. Strikes me as all a bit tenuous as a complaint. -----Original Message----- From: tor-relays [mailto:tor-relays-bounces@lists.torproject.org] On Behalf Of Josef Stautner Sent: 20 May 2016 16:35 To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] What's this Abuse Hi, I think they are furious about this POST to (probably) an admin interface. But it could also be the fact that somebody crawled their site over your relay. ~Josef Am 20.05.2016 um 17:12 schrieb Dr Gerard Bulger:
5.77.47.142 - - [16/May/2016:15:19:56 -0400] "POST /admin/ HTTP/1.1" 302 1079 "http://www.liteline.com/admin/" "Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0"
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 20 May 2016, at 11:12, Dr Gerard Bulger <gerard@bulger.co.uk> wrote:
My ISP got a weird Abuse notice with no details. Just said stop. Stop what? When we asked what the “abuse” was they sent a 1mb.gz snapshop of their log files.
There were a few references to my IP, but I have no idea what was seen as abuse: Can anyone tell me what they are fussed about? I like to respond in a robust manner.
My IP is 5.77.47.142
Hi Gerard, It looks like the website that sent you their logs didn't filter out other people's IP addresses. This reduces the privacy of the users of that website. Please be careful when posting logs like this. The logs you posted link users' IP addresses and their web browsing. One of Tor's goals is to make it difficult to link Internet users' IP addresses and their Internet traffic. We don't want our mailing list messages to go against this goal. (Even if the Internet users involved are not using Tor or another IP anonymisation method.) Tim Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP 968F094B ricochet:ekmygaiu4rzgsk6n
Point taken. Can admin remove my post? -----Original Message----- From: tor-relays [mailto:tor-relays-bounces@lists.torproject.org] On Behalf Of Tim Wilson-Brown - teor Sent: 20 May 2016 16:49 To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] What's this Abuse
On 20 May 2016, at 11:12, Dr Gerard Bulger <gerard@bulger.co.uk> wrote:
My ISP got a weird Abuse notice with no details. Just said stop. Stop what? When we asked what the “abuse” was they sent a 1mb.gz snapshop of their log files.
There were a few references to my IP, but I have no idea what was seen as abuse: Can anyone tell me what they are fussed about? I like to respond in a robust manner.
My IP is 5.77.47.142
Hi Gerard, It looks like the website that sent you their logs didn't filter out other people's IP addresses. This reduces the privacy of the users of that website. Please be careful when posting logs like this. The logs you posted link users' IP addresses and their web browsing. One of Tor's goals is to make it difficult to link Internet users' IP addresses and their Internet traffic. We don't want our mailing list messages to go against this goal. (Even if the Internet users involved are not using Tor or another IP anonymisation method.) Tim Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP 968F094B ricochet:ekmygaiu4rzgsk6n
On 20 May 2016, at 11:52, Dr Gerard Bulger <gerard@bulger.co.uk> wrote:
Point taken. Can admin remove my post?
No, we don't censor our own archives, and we can't censor other public archives.
-----Original Message----- From: tor-relays [mailto:tor-relays-bounces@lists.torproject.org] On Behalf Of Tim Wilson-Brown - teor Sent: 20 May 2016 16:49 To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] What's this Abuse
On 20 May 2016, at 11:12, Dr Gerard Bulger <gerard@bulger.co.uk> wrote:
My ISP got a weird Abuse notice with no details. Just said stop. Stop what? When we asked what the “abuse” was they sent a 1mb.gz snapshop of their log files.
There were a few references to my IP, but I have no idea what was seen as abuse: Can anyone tell me what they are fussed about? I like to respond in a robust manner.
My IP is 5.77.47.142
Hi Gerard,
It looks like the website that sent you their logs didn't filter out other people's IP addresses. This reduces the privacy of the users of that website.
Please be careful when posting logs like this. The logs you posted link users' IP addresses and their web browsing.
One of Tor's goals is to make it difficult to link Internet users' IP addresses and their Internet traffic. We don't want our mailing list messages to go against this goal. (Even if the Internet users involved are not using Tor or another IP anonymisation method.)
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP 968F094B ricochet:ekmygaiu4rzgsk6n
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP 968F094B ricochet:ekmygaiu4rzgsk6n
I thought might stop someone download who is not on line. Lesson learnt! Apologies -----Original Message----- From: tor-relays [mailto:tor-relays-bounces@lists.torproject.org] On Behalf Of Tim Wilson-Brown - teor Sent: 20 May 2016 16:59 To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] What's this Abuse
On 20 May 2016, at 11:52, Dr Gerard Bulger <gerard@bulger.co.uk> wrote:
Point taken. Can admin remove my post?
No, we don't censor our own archives, and we can't censor other public archives.
-----Original Message----- From: tor-relays [mailto:tor-relays-bounces@lists.torproject.org] On Behalf Of Tim Wilson-Brown - teor Sent: 20 May 2016 16:49 To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] What's this Abuse
On 20 May 2016, at 11:12, Dr Gerard Bulger <gerard@bulger.co.uk> wrote:
My ISP got a weird Abuse notice with no details. Just said stop. Stop what? When we asked what the “abuse” was they sent a 1mb.gz snapshop of their log files.
There were a few references to my IP, but I have no idea what was seen as abuse: Can anyone tell me what they are fussed about? I like to respond in a robust manner.
My IP is 5.77.47.142
Hi Gerard,
It looks like the website that sent you their logs didn't filter out other people's IP addresses. This reduces the privacy of the users of that website.
Please be careful when posting logs like this. The logs you posted link users' IP addresses and their web browsing.
One of Tor's goals is to make it difficult to link Internet users' IP addresses and their Internet traffic. We don't want our mailing list messages to go against this goal. (Even if the Internet users involved are not using Tor or another IP anonymisation method.)
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP 968F094B ricochet:ekmygaiu4rzgsk6n
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP 968F094B ricochet:ekmygaiu4rzgsk6n
I'm questioning the competency of the ISP for several reasons. 1) They should be clear in communicating about whatever they view as abuse. Just telling you to "stop" without explanation is unprofessional at best. 2) This doesn't even look like abuse worth reporting (i.e., "welcome to the Internet"). 3) They sent you non-redacted logs containing what looks like browsing history of other customers? Wow. I would personally just explain you are running a Tor relay. If they object, that's within their right really, but it might be time to find a new ISP in any case.
I agree with Green, the mail is very impolite and looks very unprofessional, and saying just "stop" and pasting that raw log, makes me think that they just wanted your attention, hey i see you what you got there, nothing more than that. They should be addressing you in a more educated fashion, other than "stop". I would like to salute everyone and tell everybody that i started a non-exit tor relay in Uruguay (as well as OONI probe also), where i live, place that appears not to have any tor relays of any kind. Let's see how this turns out. Best regards, Santiago Roland.- --------------------------------- Jabber: santiago@undernet.uy GNU Social: http://bit.ly/gnusr openPGP ID: 5ADF0F53 openPGP key: http://bit.ly/pgpun CX1DR - Grid Locator: GF25bf --------------------------------- El 20/05/16 a las 14:33, Green Dream escribió:
I'm questioning the competency of the ISP for several reasons. 1) They should be clear in communicating about whatever they view as abuse. Just telling you to "stop" without explanation is unprofessional at best. 2) This doesn't even look like abuse worth reporting (i.e., "welcome to the Internet"). 3) They sent you non-redacted logs containing what looks like browsing history of other customers? Wow.
I would personally just explain you are running a Tor relay. If they object, that's within their right really, but it might be time to find a new ISP in any case.
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Well there is one, MontevideoCOMM, they are run by the Opus Dei right wing company owners, gossip say. I simply don't trust them. I do run my stuff in my self hosted home server. I think they charge like 50 usd/month for 1Mbps bandwidth, 10gb hdd, 1 core and 1gb ram, i host myself a 5-core, 2.5Mbps, 1TB hdd and 4gb ram for 10usd of electricity. El 20 de mayo de 2016 7:53:06 PM GMT-03:00, I <beatthebastards@inbox.com> escribió:
Do you know of a VPS for an exit?
Robert
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Santiago Roland.- ------------------------------------------------------------------ Jabber: santiago@jabber.undernet.uy Diaspora*: http://bit.ly/diasr GNU Social: http://bit.ly/gnusr openPGP ID: 7BE512C5 openPGP key: http://bit.ly/pgpsr CX1DR - Grid Locator: GF25bf ------------------------------------------------------------------
participants (7)
-
Dr Gerard Bulger -
Green Dream -
I -
Josef Stautner -
Santiago Roland -
Tim Wilson-Brown - teor -
Toralf Förster