[tor-relays] Fwd: [Abuse[...]] GameoverZeus-Infektionen

Zack Weinberg zackw at cmu.edu
Sat Jul 19 17:58:41 UTC 2014

On Sat, Jul 19, 2014 at 12:32 PM, Thomas White <thomaswhite at riseup.net> wrote:
> Speaking from experience of operating 25 servers doing 4Gbps, I can
> quite safely say that if your host has been supportive of Tor, I would
> simply respond with the normal boilerplate regardless of what the
> complaint is or who made it.

I have found that if the complaint is of this type - that is, "this
machine appears to be [infected with $MALWARE | running an unsafely
obsolete version of $OPERATING_SYSTEM | part of $BOTNET]" - it is
useful to augment the normal boilerplate along the lines of

| Scanners that aim to detect misconfigured, vulnerable, or infected
| computers will, from time to time, pick up Tor exits as false
| positives, whenever they happen to be emitting traffic that
| originates from such computers. By design, we have no way to pass
| your report along to the true source of the traffic. We can assure
| you that the actual computer at [EXIT'S IP ADDRESS] is not infected
| with any malware and is kept up to date with security fixes.
| However, you should expect it to continue to appear in your scans as
| a false positive.


More information about the tor-relays mailing list