[tor-relays] Keeping an exit node off of blacklists due to botnet activity.
julian at amity.be
Thu Jun 4 19:28:38 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
I have a fairly high bandwidth exit node running for about a month now
that I'm having difficulty keeping off of the http://cbl.abuseat.org/
blacklist and have been informed of this listing by the VPS provider.
The relay is running with a reduced exit policy -- and additionally I've
blocked common mail ports, etc via IPFW so I know that no spam is
actually being sent out of the relay. Still, various botnets connections
are connecting to abuseat.org botnet sinkholes via port 80
Command&Control connection attempts. I'm at a loss at how to stop this
or somehow detect and filter botnet traffic.
I've informed the VPS provider that I'm on top of it and have the
machine configured to not actually allow this sort of malicious traffic
out and they seem to be generally happy with that explanation, but a
better solution if one exists would be appreciated.
julian (at) amity.be
-----BEGIN PGP SIGNATURE-----
Version: Mailvelope v0.13.1
-----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the tor-relays