Re: [tor-relays] Digital Ocean - running Exit node locked
Guess I'm next. My relay has been running for 3 months now. I'm doing my best to be a good neighbor though. After the first month, I got an SSH abuse, so now I reject SSH traffic. A month later I got an SQL hack attempt, and I switched to the reduced-reduced exit policy. Haven't gotten anything else yet. On Oct 7, 2016 4:34 PM, "Markus Koch" <niftybunny@googlemail.com> wrote: They will kick you after 2-3 months. Delete account, make new account. They will kick you after 2-3 months. Delete account, make new account. They will kick you after 2-3 months. Delete account, make new account. They will kick you after 2-3 months. Delete account, make new account. Welcome to DigitalOcean! Markus 2016-10-07 23:23 GMT+02:00 pa011 <pa011@web.de>:
Seems like even DO is not very much in favour of running Exits any more ?
Anybody made the same experience - how to handle this please ?
Thanks and Regards Paul
"Hello -Although we do not specifically disallow TOR exit nodes, as the account holder you are responsible for all the traffic going through your droplet (including traffic that an exit node may generate).
Also be aware that we do not allow some of the traffic types that come out of a typical TOR exit node (torrents, spam, SSH probes, hacking attempts, botnets, DDoS, etc).
If you are unable to stop this sort of traffic, please reconsider running a TOR exit node as it may lead to your account suspension or termination.
Please refer to our Terms of Service for greater detail on this issue: https://www.digitalocean.com/legal/terms/
Best,
DigitalOcean Support " _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
# The following sets which ports can exit the tor network through you. For more # information and updates on the suggested policy see: # https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy ExitPolicy accept *:53 # DNS # ports for general internet browsing ExitPolicy reject 103.11.130.162:* # Gute Frage :( ExitPolicy reject 23.254.211.232:* # gute Frage :( ExitPolicy reject 211.234.112.4:* # South Korea ExitPolicy reject 147.67.119.2:* # tax spam ExitPolicy reject 147.67.119.20:* # tax spam ExitPolicy reject 147.67.119.102:* # tax spam ExitPolicy reject 147.67.136.2:* # tax spam ExitPolicy reject 147.67.136.20:* # tax spam ExitPolicy reject 147.67.136.102:* # tax spam ExitPolicy reject 147.67.136.103 # TAX SPAM ExitPolicy reject 147.67.136.21 # TAX SPAM ExitPolicy reject 147.67.119.103 # TAX SPAM ExitPolicy reject 147.67.119.3 # TAX SPAM ExitPolicy reject 147.67.136.3 # TAX SPAM ExitPolicy reject 147.67.119.21 # TAX SPAM ExitPolicy reject 138.197.129.153:* #Hacking Fail2ban ExitPolicy accept *:80 # HTTP ExitPolicy accept *:81 # HTTP Alternate ExitPolicy accept *:443 # HTTPS ExitPolicy accept *:3128 # SQUID ExitPolicy accept *:8008 # HTTP Alternate ExitPolicy accept *:8080 # HTTP Proxy ExitPolicy reject *:* # prevents any exit traffic not permitted above Thats part of my DigitalOcean torrc file. I got the fucking tax spam and the south korea bank on every droplet ever, so I would advise you to do the same reject. Its helping to only allow HTTP + HTTPS. But with the new circle I am just 2 weeks in and already 5 abuse mails. And these exits should go to a friend ... I need more spare time :/ Markus 2016-10-07 23:49 GMT+02:00 Tristan <supersluether@gmail.com>:
Guess I'm next. My relay has been running for 3 months now. I'm doing my best to be a good neighbor though. After the first month, I got an SSH abuse, so now I reject SSH traffic. A month later I got an SQL hack attempt, and I switched to the reduced-reduced exit policy. Haven't gotten anything else yet.
On Oct 7, 2016 4:34 PM, "Markus Koch" <niftybunny@googlemail.com> wrote:
They will kick you after 2-3 months. Delete account, make new account. They will kick you after 2-3 months. Delete account, make new account. They will kick you after 2-3 months. Delete account, make new account. They will kick you after 2-3 months. Delete account, make new account. Welcome to DigitalOcean!
Markus
2016-10-07 23:23 GMT+02:00 pa011 <pa011@web.de>:
Seems like even DO is not very much in favour of running Exits any more ?
Anybody made the same experience - how to handle this please ?
Thanks and Regards Paul
"Hello -Although we do not specifically disallow TOR exit nodes, as the account holder you are responsible for all the traffic going through your droplet (including traffic that an exit node may generate).
Also be aware that we do not allow some of the traffic types that come out of a typical TOR exit node (torrents, spam, SSH probes, hacking attempts, botnets, DDoS, etc).
If you are unable to stop this sort of traffic, please reconsider running a TOR exit node as it may lead to your account suspension or termination.
Please refer to our Terms of Service for greater detail on this issue: https://www.digitalocean.com/legal/terms/
Best,
DigitalOcean Support " _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
reduced-reduced exit policy. ? Illuminate me, pls. Markus
On 08.10.16 00:00, Markus Koch wrote:
reduced-reduced exit policy. ?
The reduced-reduced policy variant is shown here: https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy -Ralph
This page has 3 policies: Reduce exit policy, reduced-reduced exit policy, and a lightweight example policy. https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy On Oct 7, 2016 5:01 PM, "Markus Koch" <niftybunny@googlemail.com> wrote:
reduced-reduced exit policy. ?
Illuminate me, pls.
Markus _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Thank you both! Will try https://tornull.org. Perhaps it helps. Markus 2016-10-08 0:09 GMT+02:00 Tristan <supersluether@gmail.com>:
This page has 3 policies: Reduce exit policy, reduced-reduced exit policy, and a lightweight example policy.
https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy
On Oct 7, 2016 5:01 PM, "Markus Koch" <niftybunny@googlemail.com> wrote:
reduced-reduced exit policy. ?
Illuminate me, pls.
Markus _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Sat, Oct 08, 2016 at 12:16:39AM +0200, Markus Koch wrote:
2016-10-08 0:09 GMT+02:00 Tristan <supersluether@gmail.com>:
This page has 3 policies: Reduce exit policy, reduced-reduced exit policy, and a lightweight example policy.
https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy
On Oct 7, 2016 5:01 PM, "Markus Koch" <niftybunny@googlemail.com> wrote:
reduced-reduced exit policy. ?
Illuminate me, pls.
Thank you both!
Will try https://tornull.org. Perhaps it helps.
Markus
I spotchecked a few of the rejects on the list. Spamhaus returned a page showing only [0][1][2][3]: Error SH-403-001 Are all of those tornull rejects legit? Another one I checked said: "Network operated by cybercriminals, providing services to spammers and botnet operators. Can't trust anything originating from AS59564." And that came from [4]: "Upstream Adjacent AS list AS3255 UARNET-AS State Enterprise Scientific and Telecommunication Centre "Ukrainian Academic and Research Network" of the Institute for Condensed Matter Physics of the National Academy of Science of Ukraine (UARNet),UA" I worry about blindly following a list of rejected subnets. I won't argue that it's not safer for the exit operator, but I hope someone's cross-checking and confirming each entry is needed. [0] https://www.spamhaus.org/sbl/query/SBL113323 [1] https://www.spamhaus.org/sbl/query/SBL169644 [2] https://www.spamhaus.org/sbl/query/SBL300589 [3] https://www.spamhaus.org/sbl/query/SBL310432 [4] https://www.spamhaus.org/sbl/query/SBL244638
I'm running on DO as well with the reduced exit policy and have had about five complaints in 2 months. DO certainly appears to be getting less and less happy. I'm glad to know it's not just me, though. Hopefully a curated list of IPs to reject will help a lot. Thanks for the link to tornull. Exit Node fingerprints: E553AC1CA05365EA218D477C2FF4C48986919D07 889550CB9C98CF172CB977AA942B77E9759056C2 Alecks On 10/07/2016 07:04 PM, Matthew Finkel wrote:
On Sat, Oct 08, 2016 at 12:16:39AM +0200, Markus Koch wrote:
2016-10-08 0:09 GMT+02:00 Tristan <supersluether@gmail.com>:
This page has 3 policies: Reduce exit policy, reduced-reduced exit policy, and a lightweight example policy.
https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy
On Oct 7, 2016 5:01 PM, "Markus Koch" <niftybunny@googlemail.com> wrote:
reduced-reduced exit policy. ?
Illuminate me, pls.
Thank you both!
Will try https://tornull.org. Perhaps it helps.
Markus
I spotchecked a few of the rejects on the list. Spamhaus returned a page showing only [0][1][2][3]:
Error SH-403-001
Are all of those tornull rejects legit?
Another one I checked said:
"Network operated by cybercriminals, providing services to spammers and botnet operators. Can't trust anything originating from AS59564."
And that came from [4]:
"Upstream Adjacent AS list AS3255 UARNET-AS State Enterprise Scientific and Telecommunication Centre "Ukrainian Academic and Research Network" of the Institute for Condensed Matter Physics of the National Academy of Science of Ukraine (UARNet),UA"
I worry about blindly following a list of rejected subnets. I won't argue that it's not safer for the exit operator, but I hope someone's cross-checking and confirming each entry is needed.
[0] https://www.spamhaus.org/sbl/query/SBL113323 [1] https://www.spamhaus.org/sbl/query/SBL169644 [2] https://www.spamhaus.org/sbl/query/SBL300589 [3] https://www.spamhaus.org/sbl/query/SBL310432 [4] https://www.spamhaus.org/sbl/query/SBL244638
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
OK further bad news, Exit shut down by DO yesterday. Here the latest statement from them: "Additionally, we are not allowing further TOR exit nodes on our infrastructure - they generate a large amount of abuse, are used for various illegal activities, and attract a large number of DDoS attacks. You're more than welcome to run bridges, obfs proxies, and relays, but running an exit node is at your own risk, and sufficient abuse may result in suspension of service." Am 08.10.2016 um 05:00 schrieb Alecks Gates:
I'm running on DO as well with the reduced exit policy and have had about five complaints in 2 months. DO certainly appears to be getting less and less happy. I'm glad to know it's not just me, though.
Hopefully a curated list of IPs to reject will help a lot. Thanks for the link to tornull.
Exit Node fingerprints: E553AC1CA05365EA218D477C2FF4C48986919D07 889550CB9C98CF172CB977AA942B77E9759056C2
Alecks
On 10/07/2016 07:04 PM, Matthew Finkel wrote:
On Sat, Oct 08, 2016 at 12:16:39AM +0200, Markus Koch wrote:
2016-10-08 0:09 GMT+02:00 Tristan <supersluether@gmail.com>:
This page has 3 policies: Reduce exit policy, reduced-reduced exit policy, and a lightweight example policy.
https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy
On Oct 7, 2016 5:01 PM, "Markus Koch" <niftybunny@googlemail.com> wrote:
reduced-reduced exit policy. ?
Illuminate me, pls.
Thank you both!
Will try https://tornull.org. Perhaps it helps.
Markus
Thats really really bad news. Over 400 Digitalocean relays out there :( Markus 2016-10-09 11:44 GMT+02:00 pa011 <pa011@web.de>:
OK further bad news, Exit shut down by DO yesterday. Here the latest statement from them:
"Additionally, we are not allowing further TOR exit nodes on our infrastructure - they generate a large amount of abuse, are used for various illegal activities, and attract a large number of DDoS attacks.
You're more than welcome to run bridges, obfs proxies, and relays, but running an exit node is at your own risk, and sufficient abuse may result in suspension of service."
Am 08.10.2016 um 05:00 schrieb Alecks Gates:
I'm running on DO as well with the reduced exit policy and have had about five complaints in 2 months. DO certainly appears to be getting less and less happy. I'm glad to know it's not just me, though.
Hopefully a curated list of IPs to reject will help a lot. Thanks for the link to tornull.
Exit Node fingerprints: E553AC1CA05365EA218D477C2FF4C48986919D07 889550CB9C98CF172CB977AA942B77E9759056C2
Alecks
On 10/07/2016 07:04 PM, Matthew Finkel wrote:
On Sat, Oct 08, 2016 at 12:16:39AM +0200, Markus Koch wrote:
2016-10-08 0:09 GMT+02:00 Tristan <supersluether@gmail.com>:
This page has 3 policies: Reduce exit policy, reduced-reduced exit policy, and a lightweight example policy.
https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy
On Oct 7, 2016 5:01 PM, "Markus Koch" <niftybunny@googlemail.com> wrote:
reduced-reduced exit policy. ?
Illuminate me, pls.
Thank you both!
Will try https://tornull.org. Perhaps it helps.
Markus
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
True, about 40 Exits as of my count yesterday... The back of that medal - concentration on only a few big providers gets resolved that way :-) Paul Am 09.10.2016 um 11:57 schrieb Markus Koch:
Thats really really bad news. Over 400 Digitalocean relays out there :(
Markus
2016-10-09 11:44 GMT+02:00 pa011 <pa011@web.de>:
OK further bad news, Exit shut down by DO yesterday. Here the latest statement from them:
"Additionally, we are not allowing further TOR exit nodes on our infrastructure - they generate a large amount of abuse, are used for various illegal activities, and attract a large number of DDoS attacks.
You're more than welcome to run bridges, obfs proxies, and relays, but running an exit node is at your own risk, and sufficient abuse may result in suspension of service."
Am 08.10.2016 um 05:00 schrieb Alecks Gates:
I'm running on DO as well with the reduced exit policy and have had about five complaints in 2 months. DO certainly appears to be getting less and less happy. I'm glad to know it's not just me, though.
Hopefully a curated list of IPs to reject will help a lot. Thanks for the link to tornull.
Exit Node fingerprints: E553AC1CA05365EA218D477C2FF4C48986919D07 889550CB9C98CF172CB977AA942B77E9759056C2
Alecks
On 10/07/2016 07:04 PM, Matthew Finkel wrote:
On Sat, Oct 08, 2016 at 12:16:39AM +0200, Markus Koch wrote:
2016-10-08 0:09 GMT+02:00 Tristan <supersluether@gmail.com>:
This page has 3 policies: Reduce exit policy, reduced-reduced exit policy, and a lightweight example policy.
https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy
On Oct 7, 2016 5:01 PM, "Markus Koch" <niftybunny@googlemail.com> wrote: > > reduced-reduced exit policy. ? > > Illuminate me, pls. > Thank you both!
Will try https://tornull.org. Perhaps it helps.
Markus
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
not that we have a really big pool of providers to choose from ... 2016-10-09 12:03 GMT+02:00 pa011 <pa011@web.de>:
True, about 40 Exits as of my count yesterday...
The back of that medal - concentration on only a few big providers gets resolved that way :-)
Paul
Am 09.10.2016 um 11:57 schrieb Markus Koch:
Thats really really bad news. Over 400 Digitalocean relays out there :(
Markus
2016-10-09 11:44 GMT+02:00 pa011 <pa011@web.de>:
OK further bad news, Exit shut down by DO yesterday. Here the latest statement from them:
"Additionally, we are not allowing further TOR exit nodes on our infrastructure - they generate a large amount of abuse, are used for various illegal activities, and attract a large number of DDoS attacks.
You're more than welcome to run bridges, obfs proxies, and relays, but running an exit node is at your own risk, and sufficient abuse may result in suspension of service."
Am 08.10.2016 um 05:00 schrieb Alecks Gates:
I'm running on DO as well with the reduced exit policy and have had about five complaints in 2 months. DO certainly appears to be getting less and less happy. I'm glad to know it's not just me, though.
Hopefully a curated list of IPs to reject will help a lot. Thanks for the link to tornull.
Exit Node fingerprints: E553AC1CA05365EA218D477C2FF4C48986919D07 889550CB9C98CF172CB977AA942B77E9759056C2
Alecks
On 10/07/2016 07:04 PM, Matthew Finkel wrote:
On Sat, Oct 08, 2016 at 12:16:39AM +0200, Markus Koch wrote:
2016-10-08 0:09 GMT+02:00 Tristan <supersluether@gmail.com>: > This page has 3 policies: Reduce exit policy, reduced-reduced exit policy, > and a lightweight example policy. > > https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy > > > On Oct 7, 2016 5:01 PM, "Markus Koch" <niftybunny@googlemail.com> wrote: >> >> reduced-reduced exit policy. ? >> >> Illuminate me, pls. >> Thank you both!
Will try https://tornull.org. Perhaps it helps.
Markus
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Okay, I have tornull.org running on 10 exists and got 2 abuse mails (both bots). No clue if it helps, I will try it for half a year and see what happens. I really cant tell if all the rejects are legit. I only checked a few and it looked legit. Markus 2016-10-08 2:04 GMT+02:00 Matthew Finkel <matthew.finkel@gmail.com>:
On Sat, Oct 08, 2016 at 12:16:39AM +0200, Markus Koch wrote:
2016-10-08 0:09 GMT+02:00 Tristan <supersluether@gmail.com>:
This page has 3 policies: Reduce exit policy, reduced-reduced exit policy, and a lightweight example policy.
https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy
On Oct 7, 2016 5:01 PM, "Markus Koch" <niftybunny@googlemail.com> wrote:
reduced-reduced exit policy. ?
Illuminate me, pls.
Thank you both!
Will try https://tornull.org. Perhaps it helps.
Markus
I spotchecked a few of the rejects on the list. Spamhaus returned a page showing only [0][1][2][3]:
Error SH-403-001
Are all of those tornull rejects legit?
Another one I checked said:
"Network operated by cybercriminals, providing services to spammers and botnet operators. Can't trust anything originating from AS59564."
And that came from [4]:
"Upstream Adjacent AS list AS3255 UARNET-AS State Enterprise Scientific and Telecommunication Centre "Ukrainian Academic and Research Network" of the Institute for Condensed Matter Physics of the National Academy of Science of Ukraine (UARNet),UA"
I worry about blindly following a list of rejected subnets. I won't argue that it's not safer for the exit operator, but I hope someone's cross-checking and confirming each entry is needed.
[0] https://www.spamhaus.org/sbl/query/SBL113323 [1] https://www.spamhaus.org/sbl/query/SBL169644 [2] https://www.spamhaus.org/sbl/query/SBL300589 [3] https://www.spamhaus.org/sbl/query/SBL310432 [4] https://www.spamhaus.org/sbl/query/SBL244638
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
participants (6)
-
Alecks Gates -
Markus Koch -
Matthew Finkel -
pa011 -
Ralph Seichter -
Tristan