[tor-relays] Preventing wp-admin related abuse report

[Christian Gagneraud]

On 16/09/15 07:42, spiros_spiros at freemail.gr wrote:
>
> Greetings community,
>

> Over last eight weeks a Tor exit that I operate has attracted more
> and
more abuse reports and the VPS data centre is starting to lose their
patience with the amount of tickets they open for each incident.
>
> Almost all of the abuse reports are relate to attempts to access
wordpress blogs by exploiting wp-admin or other scripts, and the servers
are protected by bitninja, abusix, spamcop etc to automatically send
abuse complaint. I am now receiving average of 2-3 per week.
>
> I have two questions. First question - is everyone getting this high
amount of wordpress related attacks from exits? Second - are there
recommended steps to take to reduce or prevent this kind of activity?
>

Hi,

I had 2 similar abuse reports this month so far - and countless ssh scan 
complains until I decided to block port 22. :(

Chris

> Things I try so far: - run exit on reduced policy (obviously not
> going to have an impact on
abuse traffic but did make the data centre people happy for a while)
> - full security check on VPS including tripwire, clamav, lastcomm
> etc
to assure provider that the VPS is not compromised
> - Tor port on server has website running explaining that this is a
> Tor
exit and linking to more information
> - I have offered to work with ISP to change WHOIS to my email
> address,
but they do not seem keen on it (some blacklists that the server is
added to will also block the /16 of the IP range)
> - Block offended host on the firewall (as a last resort)
>
> Thanks for any suggestions
>
> Spiros
>
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>