[tor-relays] exit node experience: abuse over HTTP, stealrat infection

Thomas White thomaswhite at riseup.net
Fri Oct 24 15:36:04 UTC 2014

Hash: SHA1

Ask your upstream to filter their reports if you can, I can testify I
have received in excess of 300 complaints from them and ironically,
they ignored all of my responses to them for the first 200 or so I
responded to.

Ultimately (if you'll excuse my language), they are acting like a
bunch of tossers and so I am not wasting my time on them when it could
be spent productively elsewhere (ie liaising with police and branching
out my contacts to talk about Tor).

One important thing to remember here is that they only append current
Tor IP's to their abuse list. 5 of my exits have recently changed IP
address and in the several days following, they are still sending
abuse complaints to them when Tor isn't even running.

- -T

On 24/10/2014 08:16, Tom van der Woerdt wrote:
> Manuel Gebauer schreef op 19/10/14 15:29:
>> Hi, Tom and Rejo. Same with me. Half of the abuse complaints I 
>> get are from Valuehost Ru. Because I run on a cheap VPS I don't 
>> get a reassigned IP. Therefore I always fear that my provider 
>> might lose patience and shut down my server. That's why I
>> decided to block Valuehost's range completely.
>> I also wrote to Valuehost Ru and asked them politely to consider 
>> that their own customers might like to use tor and to reconsider 
>> their policy for abuse complaints. No answer yet. I think they 
>> have an automated abuse complaint system and don't care much for 
>> replies.
>> Cheers,
>> M.
> So I tried getting in contact with them again in an attempt to
> reduce the amount of abuse mails they send us. This time they
> replied :
> -------------------------
> Hello,
> We make abuse notices not only for TOR exit node operators, we make
> it to their uplinks too. If we will stop to do it, it will lead
> for:
> - TOR exit node operators will cease to think to solve this
> serious problem (with all due respect to noble purposes of TOR,
> like censorship resistance for Chinese dissidents etc., we see that
> a large part of of TOR traffic is malicious)
> - TOR exit node uplinks will not notified about malicious activity
> in their networks
> Also, if we'll except over 1000 IP's of Tor exit nodes from the
> security system, it will be spent too many resources. So we suggest
> to ignore abuse messages if you don't care about the safety of
> Internet.
> -------------------------
> Tom
> _______________________________________________ tor-relays mailing
> list tor-relays at lists.torproject.org 
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Version: GnuPG v2.0.22 (MingW32)


More information about the tor-relays mailing list