[tor-relays] webiron requesting to block several /24 subnet
tor-amuse at foofus.com
Wed Oct 21 16:30:40 UTC 2015
>Some people out there apparently are of the opinion that it is a
>reasonable choice to use the ugly crutch that is "fail2ban" instead of
>deprecating password based authentication for ssh.
You're technically correct (the best kind) but I wanted to point out
that Fail2Ban is a really useful tool for a lot of login protocols which
are NOT SSH and which are still subject to frequent brute-force
attempts. HTTP BASIC and IMAP(s) both come to mind as something I
configure fail2ban to watch for me, neither of which have a strong
key-based auth system to configure and disable passwords.
Still, configuring fail2ban to email people is really stupid. So I'll
give you that with no argument.
On 2015-10-21 04:21, tor at as250.net wrote:
> Dear yl,
> just a few words from the abuse helpdesk of a larger tor-exit-node...
> TL;DR: we ignore those requests. they don't even reach a human.
> While we do handle most genuine/honest/helpful and especially all
> non-automated abuse reports very diligently. Pointless nagging
> services like webiron however are automatically rejected before they
> reach our abuse inbox. It seems that we are not the only ones who deem
> their mass mailings as spam, as evident from the spamhaus listing below:
> Oct 20 03:34:54 mail smtpd: NOQUEUE: reject: RCPT from abuse-reporting.webiron.com[188.8.131.52]: 554 5.7.1 Service unavailable; Client host [184.108.40.206] blocked using sbl.spamhaus.org; http://www.spamhaus.org/sbl/query/SBLCSS ; from=<###@abuse-reporting.webiron.com> to=<abuse@###> proto=ESMTP helo=<abuse-reporting.webiron.com>
> Oct 20 03:34:54 mail smtpd: disconnect from abuse-reporting.webiron.com[220.127.116.11]
> Oct 20 19:49:51 mail postfix/smtpd: NOQUEUE: reject: RCPT from unknown[18.104.22.168]: 554 5.7.1 <###@abuse-reporting.webiron.com>: Sender address rejected: Access denied; from=<###@abuse-reporting.webiron.com> to=<abuse@###> proto=ESMTP helo=<abuse-reporting.webiron.com>
> We had similar problems with report at redsnitch.net and most
> notably with clean-mx.de which seems to be a confused single individual
> (Mr. Recher) sending out not very helpful mass mailings. Repeated
> contact attempts by mail and on his apparently 24/7 reachable mobile
> number (included in every of his mails) did not convince him to stop.
> If you also get these and are annoyed with that, try to give him a call,
> he seems to like feedback and was ok with getting a call at an odd time.
> Also on our inbound-deny-list is a regex match for /^(.*)fail2ban(.*)$/
> to a rather recent phenomenon.
> Some people out there apparently are of the opinion that it is a
> reasonable choice to use the ugly crutch that is "fail2ban" instead of
> deprecating password based authentication for ssh. To make things
> worse, these days this ill-conceived piece of software includes
> an option to advertise itself to other people. automatedly. via mail.
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays 
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the tor-relays