[tor-relays] webiron requesting to block several /24 subnet

AMuse tor-amuse at foofus.com
Wed Oct 21 16:30:40 UTC 2015 

 

>Some people out there apparently are of the opinion that it is a
>reasonable choice to use the ugly crutch that is "fail2ban" instead of
>deprecating password based authentication for ssh.

You're technically correct (the best kind) but I wanted to point out
that Fail2Ban is a really useful tool for a lot of login protocols which
are NOT SSH and which are still subject to frequent brute-force
attempts. HTTP BASIC and IMAP(s) both come to mind as something I
configure fail2ban to watch for me, neither of which have a strong
key-based auth system to configure and disable passwords. 

Still, configuring fail2ban to email people is really stupid. So I'll
give you that with no argument. 

On 2015-10-21 04:21, tor at as250.net wrote: 

> Dear yl,
> 
> just a few words from the abuse helpdesk of a larger tor-exit-node...
> 
> TL;DR: we ignore those requests. they don't even reach a human.
> 
> While we do handle most genuine/honest/helpful and especially all
> non-automated abuse reports very diligently. Pointless nagging
> services like webiron however are automatically rejected before they
> reach our abuse inbox. It seems that we are not the only ones who deem
> their mass mailings as spam, as evident from the spamhaus listing below:
> 
> Oct 20 03:34:54 mail smtpd: NOQUEUE: reject: RCPT from abuse-reporting.webiron.com[23.91.17.162]: 554 5.7.1 Service unavailable; Client host [23.91.17.162] blocked using sbl.spamhaus.org; http://www.spamhaus.org/sbl/query/SBLCSS [1]; from=<###@abuse-reporting.webiron.com> to=<abuse@###> proto=ESMTP helo=<abuse-reporting.webiron.com>
> Oct 20 03:34:54 mail smtpd: disconnect from abuse-reporting.webiron.com[23.91.17.162]
> Oct 20 19:49:51 mail postfix/smtpd: NOQUEUE: reject: RCPT from unknown[23.239.20.29]: 554 5.7.1 <###@abuse-reporting.webiron.com>: Sender address rejected: Access denied; from=<###@abuse-reporting.webiron.com> to=<abuse@###> proto=ESMTP helo=<abuse-reporting.webiron.com>
> 
> We had similar problems with report at redsnitch.net and most
> notably with clean-mx.de which seems to be a confused single individual
> (Mr. Recher) sending out not very helpful mass mailings. Repeated
> contact attempts by mail and on his apparently 24/7 reachable mobile
> number (included in every of his mails) did not convince him to stop.
> If you also get these and are annoyed with that, try to give him a call,
> he seems to like feedback and was ok with getting a call at an odd time.
> 
> Also on our inbound-deny-list is a regex match for /^(.*)fail2ban(.*)$/
> to a rather recent phenomenon.
> Some people out there apparently are of the opinion that it is a
> reasonable choice to use the ugly crutch that is "fail2ban" instead of
> deprecating password based authentication for ssh. To make things
> worse, these days this ill-conceived piece of software includes
> an option to advertise itself to other people. automatedly. via mail.
> *sigh*
> 
> Cheers
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays [2]

 

Links:
------
[1] http://www.spamhaus.org/sbl/query/SBLCSS
[2] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20151021/fc35bb9a/attachment.html>

More information about the tor-relays mailing list