[tor-relays] webiron requesting to block several /24 subnet

Josef Stautner hello at veloc1ty.de
Tue Oct 20 20:41:40 UTC 2015


Hello yl,

I also got some reports from WebIron.
I also made some thoughts about blocking Tor from reaching some parts of
the internet and if it's agains the ethics of tor. I think that blocking
the destination for two weeks by an reject rule satisfies the "victim"
and your hoster thus helps preventing the exit node from being shut
down. For me, this is the best solution for this situation.

I also ask my hoster for the mail addresses of the abuse reporter and
write a little statement why he got attacked and what tor is and why I
running a relay. Mostly the abuse reports from WebIron reports about
WordPress login bruteforce attacks. I then try to explain how the
"victim" can prevent such attacks by setting up allow/deny rules in
their webserver software and a pre-setted basic authentication. I mostly
get positives responses.

~Josef


Am 20.10.2015 um 21:51 schrieb yl:
> Hello,
> I received an abuse email today from my hoster (several emails from
> webiron in one email), typical automated abuse emails, not much
> information.
>
> However, they request, if the origin IP is a Tor exit, to block the full
> /24 subnet. As they also state, they will not provide the full IP of
> there customer and request to block the exit to the /24.
>
> Any thoughts on this? I don't like to block the whole /24, just because
> one idiot using one of the IPs is using some snake oil service like
> webiron, the collateral damage is to big in my eyes. All other IPs in
> the same range will be blocked as well.
>
> Why should I even care about blocking such IPs given by webiron? In my
> opinion the blocking is useless from my side and in the worst case the
> users of webiron will block my exit node IP. Would it be better for the
> tor network if I'd block the IPs? Is there any bad consequences if I
> don't for the Tor network?
>
> Let me know your thoughts. The services URL is https://www.webiron.com,
> don't need to go there, I didn't because such services are just useless.
> Better use fail2ban or something similar.
>
> Greeting
> yl
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays



More information about the tor-relays mailing list