New Exit-Relay / First abuse issues
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hey *, I run C65EF5E06B8338CF976D376048BE2C8FBD499C9C for about a month. On Monday I received the first abuse ticket from my ISP (Contabo GmbH). The ticket contained lots and lots of log information from a fail2ban system so GMail sent it right into the spam folder. 24 hours later I received a monitoring e-mail that my server was down. After a little search through my mails I found out that Contabo shuts down all services within 24h if there is no reply. That kinda sucked because I run some private services on this machine (different ip). Contabo's mail claimed that a 30€ fee would be due in order to cover their work for disabling and enabling the server. A very very unfriendly e-mail and about an hour of time later my server was back online :) (Note: the e-mail was sent around 10 PM and I received the answer at about 11 PM, so the abuse department is there 24/7. Their hotline however, can't deal with abuse complaints, they can only be handled via e-mail.) Contabo sent me a (probably) automated e-mail that the issue was resolved and no further action is needed. Overall I think its a little unprofessional to shutdown servers within 24 hours without trying to call a customer, or at least several e-mail reminders over a day or two. Markus This is my new abuse e-mail template for German speaking hosting providers: Sehr geehrte Damen und Herren, Auf dem Server wird eine Tor-Exit Node betrieben. NachTMG §8ist der Betreiber von jeder Haftung für die durchgeleiteten Daten befreit, dies gilt für mich als Ihren Kunden sowohl als auch für Sie als mein ISP. Die IP X.X.X.X leitet ausschließlich Tor-Exit Traffic durch. Diese Übermittlungen sind weder von mir veranlasst noch wird der Adressant oder die zu übermittelnden Informationen ausgesucht und oder verändert. Unter der IP Adresse X.X.X.X werden keinerlei Daten bereitgestellt. Diese Ports werden durchgeleitet: 20-21, 43, 53, 80-81, 88, 110, 143, 194, 220, 389, 443, 464-465, 531, 543-544, 554, 563, 587, 636, 706, 749, 853, 873, 902-904, 981, 989-995, 1194, 1220, 1293, 1500, 1533, 1677, 1723, 1755, 1863, 2082-2083, 2086-2087, 2095-2096, 2102-2104, 3128, 3389, 3690, 4321, 4643, 5050, 5190, 5222-5223, 5228, 5900, 6660-6669, 6679, 6697, 8000, 8008, 8074, 8080, 8082, 8087-8088, 8232-8233, 8332-8333, 8443, 8888, 9418, 9999-10000, 11371, 19294, 19638, 50002, 64738. Im Falle von Spam / Brute Force empfehlen ich dem Absender der abuse E-Mail seine Systeme mit Tools wieFail2Ban,reCAPTCHA zu schützen. Im Falle von gehäuften (D)DoS Attacken gibt es die Möglichkeit das gesamte Tor Netzwerk zu blockieren. Hierfür steht ein eine jederzeit aktuelle Blacklist aller Tor-ExitNodes bereit: https://www.torproject.org/projects/tordnsel.html Falls ausschließlich über die IP X.X.X.X bösartiger Traffic ausgeht kann der Absender der abuse E-Mail diesen mithilfe von iptables blockieren: iptables -A INPUT -s X.X.X.X -j DROP Falls der Absender diese Möglichkeit nicht hinnehmen möchte, kann von meiner Seite aus jeder Traffic zu seiner IP bzw. zu einzelnen Ports unterbunden werden. Dem Absender der Abuse E-Mail können sie in meinem Namen folgende Nachricht zukommen lassen:
Dear Sir or Madame,
we would like to forward this message on behalf of our customer who is responsible for this particular server with the IP X.X.X.X.
The IP address in question is a Tor exit node.https://www.torproject.org/overview.html
There is little we can do to trace this matter further. As can be seen from theoverview page, the Tor network is designed to make tracing of users impossible. The Tor network is run by some 5000 volunteers who use the free software provided by the Tor Project to run Tor routers. Client connections are routed through multiple relays, and are multiplexed together on the connections between relays. The system does not record logs of client connections or previous hops. This is because the Tor network is a censorship resistance, privacy, and anonymity system used by whistle blowers, journalists, Chinese dissidents skirting the Great Firewall, abuse victims, stalker targets, the US military, and law enforcement, just to name a few. Seehttps://www.torproject.org/about/torusers.html.enfor more info. Unfortunately, some people misuse the network. However, compared to the rate of legitimate use, abuse complaints are rare.https://www.torproject.org/docs/faq-abuse.html.en This does not mean that nothing can be done, however. The Tor project provides an automated DNSRBL for you to query to flag traffic coming from Tor nodes.https://www.torproject.org/projects/tordnsel.html.en. In general, we believe that problems like this are best solved by improving your service to defend against the attack from the Internet at large.
As a German individual I fully comply with the Germantelemedia law §15. This prohibits logging any personally identifiable data or usage data except for billing purposes. As we do not charge any users any fees we will not be able to keep any connection data now and in the future. Furthermore I am protected by German telemedia law §8, which protects me from any liability for traffic that passes through my infrastructure on behalf of users. This also protects my ISP (XXX) from any liability.
Thanks for your understanding, XXX
Für dringliche Angelegenheiten bitte ich Sie mich direkt unter +XXXX zu kontaktieren. Mit dieser automatisierten Antwort erkenne ich eine Fristsetzung für ein Abuse-Ticket nicht an. Desweiteren fordere ich Sie dazu auf den Server nicht zu deaktivieren, da keine Rechtsverletzungen in irgendeiner Form durch den Server und seine angebotenen Dienste entstehen können. Das TMG im Paragraphen 8 schützt sowohl Sie als auch mich vor jedweder Haftung für den Traffic der durch die Nutzer der Tor-Exit Node entsteht. Einer etwaigen Bearbeitungsgebühr widerspreche ich, da dies weder im Vertrag noch in den AGBs zum Zeitpunkt des Vertragsschluss kommuniziert wurde. Im Falle einer ungerechtfertigten Deaktivierung behalte ich mir vor Zahlungen für den Zeitraum den Zeitraum der Deaktivierung einzubehalten. Mit freundlichen Grüßen, XXX Sent with ProtonMail Secure Email. -----BEGIN PGP SIGNATURE----- Version: ProtonMail Comment: https://protonmail.com wsBcBAEBCAAQBQJboklXCRB9CI1YHT0L1QAAZIEIAKRgL+rUVz255CLBxGIj 9Iq34ifPlGJr0xtJUWZoB0/+dWtqc253dU1JqLiEzUlzwiVUhBclFzM6WsIr KoEjOvUqMc3Bfq3g3cj4FhPASXPCAw8ZxSUIV8KI85uLCbzwAI/nU/LUnh99 7v351MPxIZJsdCTuWjT5MjxAndys/g5gC3XtrwC7pCQ1D2gpEAAIRWA7NvUW xJBaMb4KADnVBAMETj8oV9q8KxX3fXJwPLSC5cldC3jiA7wV3njHIiV70V08 1ZT3rEVKryAt82tvNY86MKRLxvi/OJMiSM0kFbAlsGs5s9czPnzw3Jau9bk8 2ccQ3G8IMyLdrHjKhcaMvBU= =tyGN -----END PGP SIGNATURE-----
thanks for sharing your experience with your hoster. tor-markus:
Hey *,
I run C65EF5E06B8338CF976D376048BE2C8FBD499C9C for about a month. On Monday I received the first abuse ticket from my ISP (Contabo GmbH). The ticket contained lots and lots of log information from a fail2ban system so GMail sent it right into the spam folder. 24 hours later I received a monitoring e-mail that my server was down. After a little search through my mails I found out that Contabo shuts down all services within 24h if there is no reply. That kinda sucked because I run some private services on this machine (different ip).
strongly recommended: do NOT mix tor exit relay services with other services you depend on on the same operating system. for multiple reasons: - don't suffer as much when the server gets shutdown or seized - easier to argue that the server was a tor exit and only a tor exit - smaller attack surface -- https://twitter.com/nusenu_ https://mastodon.social/@nusenu
On 19.09.18 15:04, tor-markus wrote:
After a little search through my mails I found out that Contabo shuts down all services within 24h if there is no reply. That kinda sucked because I run some private services on this machine (different ip).
No surprise there, see https://contabo.de/agb.html §5 (4). All ISPs I have had business dealings with do this to counter abuse, with Hetzner reducing the reaction time before shutdown depending on the number of abuse complaints, down to 4h.
Contabo's mail claimed that a 30€ fee would be due in order to cover their work for disabling and enabling the server.
Sounds like scare tactics to me, but like you wrote, that's nonsense. -Ralph
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hey all, the second abuse ticket reached Contabo yesterday about my service. They now threaten to take down the server when the next ticket arrives so I had to shutdown the Exit Relay (I will reconfigure it as normal relay tomorrow). I requested to have a phone call with the Contabo Abuse department to figure out a solution because Germany now provides the legal grounds to operate a tor relay with (little to) no liability. If I find a solution with Contabo I'll keep you updated. ~~~Markus Sent with ProtonMail Secure Email. ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Wednesday, 19. September 2018 16:09, Ralph Seichter <m16+tor@monksofcool.net> wrote:
On 19.09.18 15:04, tor-markus wrote:
After a little search through my mails I found out that Contabo shuts down all services within 24h if there is no reply. That kinda sucked because I run some private services on this machine (different ip).
No surprise there, seehttps://contabo.de/agb.html §5 (4). All ISPs I have had business dealings with do this to counter abuse, with Hetzner reducing the reaction time before shutdown depending on the number of abuse complaints, down to 4h.
Contabo's mail claimed that a 30€ fee would be due in order to cover their work for disabling and enabling the server.
Sounds like scare tactics to me, but like you wrote, that's nonsense.
-Ralph
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-----BEGIN PGP SIGNATURE----- Version: ProtonMail Comment: https://protonmail.com wsBcBAEBCAAQBQJbqV7oCRB9CI1YHT0L1QAAhGIH/1s/kzfwVfAXQ2EPzSpt Hw6I+i7Eybln1dK+rhaPsxP2SZ4TbQnTc9oZnCHtcOg+tqqCdVXOB8y8DAOi jY7Vtw4K3rTUG9890l+gDAykTwlGPKpBEfNgVNaGpw7LN6Sb4xggWTYaUAhB Ln1/piABb+55q6wsGyOoWjNvwv7zT6P9ADhMF5zIVYa2FyH5n1uXZyKCnofH k6wLcQmt4pOa6DUwiUPZX4f12eVgjqA8pEXxl2qH1h2p9kNSV8KZKbrUPWFv QSmukFcJrHpvKJgiGpQ4ywItou3hfqq0BkINtODhB2m+wcnJuzT9ZFJYh7SA 9JUbcUDpk/NpmptuygSGHCw= =7kv3 -----END PGP SIGNATURE-----
On 9/25/18 12:02 AM, tor-markus wrote:
the second abuse ticket reached Contabo yesterday about my service. They now threaten to take down the server when the next ticket arrives so I had to shutdown the Exit Relay (I will reconfigure it as normal relay tomorrow). I requested to have a phone call with the Contabo Abuse department to figure out a solution because Germany now provides the legal grounds to operate a tor relay with (little to) no liability.
If I find a solution with Contabo I'll keep you updated.
It is most likely that they just don't want it, not for legal risks but because of the work of processing complaints and the risk of ending up on blacklists. I am picking this up because I am not sure what you mean by "Germany now provides the legal grounds", because it always has, and it is dangerous and misleading to use the recent discussions around liability of shared internet access (open wifi, freifunk etc) -- you do not fall into that category and you should stay out of it, it is only around ACCESS providers. An exit operator does not provide "access", users need another point of entry into the network. You want to stay out of Telekommunikationsgesetz (TKG) and stick to the regulations of Telemediengesetz (TMG), as a service provided "outside/on top of" Internet access. In that space, exclusion of liability for carriers of traffic is uncontroversial and not a new thing. Most relevant sections of TMG: http://www.gesetze-im-internet.de/tmg/__8.html -> you are not liable https://www.gesetze-im-internet.de/tmg/__15.html -> you are not ALLOWED to store user identifiers unless you need it for billing purposes §8 is a good argument for not filtering traffic either, because the law requires you to not interfere with forwarded traffic. There's a section in the "Exit Guidelines" document listing relevant laws for various jurisdictions: https://trac.torproject.org/projects/tor/wiki/doc/TorExitGuidelines#Legal Good luck! -- Moritz Bartl https://www.torservers.net/
On 26. Sep 2018, at 11:03, Moritz Bartl <moritz@torservers.net> wrote:
On 9/25/18 12:02 AM, tor-markus wrote:
the second abuse ticket reached Contabo yesterday about my service. They now threaten to take down the server when the next ticket arrives so I had to shutdown the Exit Relay (I will reconfigure it as normal relay tomorrow). I requested to have a phone call with the Contabo Abuse department to figure out a solution because Germany now provides the legal grounds to operate a tor relay with (little to) no liability.
If I find a solution with Contabo I'll keep you updated.
It is most likely that they just don't want it, not for legal risks but because of the work of processing complaints and the risk of ending up on blacklists.
This! This sooooooo much. Moritz is 100% correct.
-- Moritz Bartl https://www.torservers.net/ _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>
niftybunny
Hi, i am with my exit node also on an Contabo VServer. I got now also some Abuse Notices, mostly from one ISP/Serverhoster who did them with a bot and only one from a Fail2Ban server. Contabo is allways angry with me, becouse i just block the IPS in the Abusemail and tell them that i did this and that, that im a TOR Exit node and that i also not looking in the Packets. They also threated me with the shoutdown of my Server since it would be getting too many Abuse Complains, but at this point it only had 3 or so, so that was bullshit. Furthermore i would say that they just dont want to work with this legal stuff, so they just try to scare ppl away. Greetz, Erwin. Am 2018-09-26 11:22, schrieb niftybunny:
On 26. Sep 2018, at 11:03, Moritz Bartl <moritz@torservers.net> wrote:
On 9/25/18 12:02 AM, tor-markus wrote:
the second abuse ticket reached Contabo yesterday about my service. They now threaten to take down the server when the next ticket arrives so I had to shutdown the Exit Relay (I will reconfigure it as normal relay tomorrow). I requested to have a phone call with the Contabo Abuse department to figure out a solution because Germany now provides the legal grounds to operate a tor relay with (little to) no liability.
If I find a solution with Contabo I'll keep you updated.
It is most likely that they just don't want it, not for legal risks but because of the work of processing complaints and the risk of ending up on blacklists.
This! This sooooooo much. Moritz is 100% correct.
-- Moritz Bartl https://www.torservers.net/ _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>
niftybunny
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
participants (6)
-
hallo@d-ku.de -
Moritz Bartl -
niftybunny -
nusenu -
Ralph Seichter -
tor-markus