Re: [tor-relays] Digital Ocean - running Exit node locked

Guess I'm next. My relay has been running for 3 months now. I'm doing my best to be a good neighbor though. After the first month, I got an SSH abuse, so now I reject SSH traffic. A month later I got an SQL hack attempt, and I switched to the reduced-reduced exit policy. Haven't gotten anything else yet. On Oct 7, 2016 4:34 PM, "Markus Koch" <niftybunny@googlemail.com> wrote: They will kick you after 2-3 months. Delete account, make new account. They will kick you after 2-3 months. Delete account, make new account. They will kick you after 2-3 months. Delete account, make new account. They will kick you after 2-3 months. Delete account, make new account. Welcome to DigitalOcean! Markus 2016-10-07 23:23 GMT+02:00 pa011 <pa011@web.de>:
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

# The following sets which ports can exit the tor network through you. For more # information and updates on the suggested policy see: # https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy ExitPolicy accept *:53 # DNS # ports for general internet browsing ExitPolicy reject 103.11.130.162:* # Gute Frage :( ExitPolicy reject 23.254.211.232:* # gute Frage :( ExitPolicy reject 211.234.112.4:* # South Korea ExitPolicy reject 147.67.119.2:* # tax spam ExitPolicy reject 147.67.119.20:* # tax spam ExitPolicy reject 147.67.119.102:* # tax spam ExitPolicy reject 147.67.136.2:* # tax spam ExitPolicy reject 147.67.136.20:* # tax spam ExitPolicy reject 147.67.136.102:* # tax spam ExitPolicy reject 147.67.136.103 # TAX SPAM ExitPolicy reject 147.67.136.21 # TAX SPAM ExitPolicy reject 147.67.119.103 # TAX SPAM ExitPolicy reject 147.67.119.3 # TAX SPAM ExitPolicy reject 147.67.136.3 # TAX SPAM ExitPolicy reject 147.67.119.21 # TAX SPAM ExitPolicy reject 138.197.129.153:* #Hacking Fail2ban ExitPolicy accept *:80 # HTTP ExitPolicy accept *:81 # HTTP Alternate ExitPolicy accept *:443 # HTTPS ExitPolicy accept *:3128 # SQUID ExitPolicy accept *:8008 # HTTP Alternate ExitPolicy accept *:8080 # HTTP Proxy ExitPolicy reject *:* # prevents any exit traffic not permitted above Thats part of my DigitalOcean torrc file. I got the fucking tax spam and the south korea bank on every droplet ever, so I would advise you to do the same reject. Its helping to only allow HTTP + HTTPS. But with the new circle I am just 2 weeks in and already 5 abuse mails. And these exits should go to a friend ... I need more spare time :/ Markus 2016-10-07 23:49 GMT+02:00 Tristan <supersluether@gmail.com>:

reduced-reduced exit policy. ? Illuminate me, pls. Markus

On 08.10.16 00:00, Markus Koch wrote:
reduced-reduced exit policy. ?
The reduced-reduced policy variant is shown here: https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy -Ralph

This page has 3 policies: Reduce exit policy, reduced-reduced exit policy, and a lightweight example policy. https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy On Oct 7, 2016 5:01 PM, "Markus Koch" <niftybunny@googlemail.com> wrote:

Thank you both! Will try https://tornull.org. Perhaps it helps. Markus 2016-10-08 0:09 GMT+02:00 Tristan <supersluether@gmail.com>:

On Sat, Oct 08, 2016 at 12:16:39AM +0200, Markus Koch wrote:
I spotchecked a few of the rejects on the list. Spamhaus returned a page showing only [0][1][2][3]: Error SH-403-001 Are all of those tornull rejects legit? Another one I checked said: "Network operated by cybercriminals, providing services to spammers and botnet operators. Can't trust anything originating from AS59564." And that came from [4]: "Upstream Adjacent AS list AS3255 UARNET-AS State Enterprise Scientific and Telecommunication Centre "Ukrainian Academic and Research Network" of the Institute for Condensed Matter Physics of the National Academy of Science of Ukraine (UARNet),UA" I worry about blindly following a list of rejected subnets. I won't argue that it's not safer for the exit operator, but I hope someone's cross-checking and confirming each entry is needed. [0] https://www.spamhaus.org/sbl/query/SBL113323 [1] https://www.spamhaus.org/sbl/query/SBL169644 [2] https://www.spamhaus.org/sbl/query/SBL300589 [3] https://www.spamhaus.org/sbl/query/SBL310432 [4] https://www.spamhaus.org/sbl/query/SBL244638

I'm running on DO as well with the reduced exit policy and have had about five complaints in 2 months. DO certainly appears to be getting less and less happy. I'm glad to know it's not just me, though. Hopefully a curated list of IPs to reject will help a lot. Thanks for the link to tornull. Exit Node fingerprints: E553AC1CA05365EA218D477C2FF4C48986919D07 889550CB9C98CF172CB977AA942B77E9759056C2 Alecks On 10/07/2016 07:04 PM, Matthew Finkel wrote:

OK further bad news, Exit shut down by DO yesterday. Here the latest statement from them: "Additionally, we are not allowing further TOR exit nodes on our infrastructure - they generate a large amount of abuse, are used for various illegal activities, and attract a large number of DDoS attacks. You're more than welcome to run bridges, obfs proxies, and relays, but running an exit node is at your own risk, and sufficient abuse may result in suspension of service." Am 08.10.2016 um 05:00 schrieb Alecks Gates:

Okay, I have tornull.org running on 10 exists and got 2 abuse mails (both bots). No clue if it helps, I will try it for half a year and see what happens. I really cant tell if all the rejects are legit. I only checked a few and it looked legit. Markus 2016-10-08 2:04 GMT+02:00 Matthew Finkel <matthew.finkel@gmail.com>:
participants (6)
-
Alecks Gates
-
Markus Koch
-
Matthew Finkel
-
pa011
-
Ralph Seichter
-
Tristan