[tor-relays] exit node experience: abuse over HTTP, stealrat infection

Tom van der Woerdt info at tvdw.eu
Fri Oct 24 07:16:49 UTC 2014

Manuel Gebauer schreef op 19/10/14 15:29:
> Hi, Tom and Rejo. Same with me. Half of the abuse complaints I
> get are from Valuehost Ru. Because I run on a cheap VPS I don't
> get a reassigned IP. Therefore I always fear that my provider
> might lose patience and shut down my server. That's why I decided
> to block Valuehost's range completely.
> I also wrote to Valuehost Ru and asked them politely to consider
> that their own customers might like to use tor and to reconsider
> their policy for abuse complaints. No answer yet. I think they
> have an automated abuse complaint system and don't care much for
> replies.
> Cheers,
> M.

So I tried getting in contact with them again in an attempt to reduce 
the amount of abuse mails they send us. This time they replied :



We make abuse notices not only for TOR exit node operators, we make it 
to their uplinks too.
If we will stop to do it, it will lead for:

- TOR exit node operators will cease to think to solve this serious 
problem (with all due respect to noble purposes of TOR, like censorship 
resistance for Chinese dissidents etc., we see that a large part of of 
TOR traffic is malicious)

- TOR exit node uplinks will not notified about malicious activity in 
their networks

Also, if we'll except over 1000 IP's of Tor exit nodes from the security 
system, it will be spent too many resources.
So we suggest to ignore abuse messages if you don't care about the 
safety of Internet.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3729 bytes
Desc: S/MIME-cryptografische ondertekening
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20141024/fbd77b93/attachment.bin>

More information about the tor-relays mailing list