[tor-relays] Exit relay is apparently being used to attack other servers

spiros_spiros at freemail.gr spiros_spiros at freemail.gr
Sat Jun 13 19:12:15 UTC 2015 

Hi Trillium,

It is always sad when Tor is used to hack/DoS/compromise servers. As operator of an Exit Node unfortunately you will see as well as the DMCA notice the hacking/abuse/spamming/botnet alerts from some service provider, also you will get notification that the node is added to this blacklist and that spammer list. 

My advice is to work very closely with your Exit Node datacentre and make them know that you respond quickly to abuse emails (even the annoying automatic ones) with polite message to tell them you have a Tor Exit and cannot provide details of traffic source or realistically block individual user or IP. If the datacentre is friendly you will hopefully not be shut down or account closed. 

If you get paranoid about one particular provider, or they harass you with email threats/notifications you could use iptables or ipfw to block individual host, or close the port to the Exit Node in your torrc. It would be better to explain situation if you are in contact with them and go from there. In my experience when I email complaining party to explain I run Tor relays I almost never get a response but sometimes they just block the Exit Node IP on their firewall which is fine. 

If really paranoid, consider moving to provider that does not require scan of government ID or passport, pay with BitCoin if possible, don't provide real house address and don't log in to server from your home IP. As others have written before me, Linode is not great for Tor friendliness. 

S




On 13 Jun 2015, at 19:03, trillium <trillium at riseup.net> wrote:

Hello,

I’m running an exit relay (fingerprint: 5793CB9E1F5BAD3D5DA6C4158E16067D80CD8A2E) on a Linode VPS right now, and so far they’ve been really fantastic with dealing with a couple of DMCA notices that were sent to them. However, in the last week, I received notice from them that my server is attacking multiple sites around the web. Their suggestion was to go through my logs and remove the offending user, which is obviously unhelpful advice as I don’t keep any logs on my relay’s users.

I’d like to keep running the exit relay, but I’m not really sure how to best go about mitigating these sorts of threats and don’t want Linode to shut down the entire server.

Any suggestions are very much welcomed.

Thanks,
trillium
_______________________________________________
tor-relays mailing list
tor-relays at lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

More information about the tor-relays mailing list