[tor-relays] wubthecaptain1 relay is no longer an exit

[Juuso Lapinlampi]

On Tue, Jul 12, 2016 at 10:10:56PM +0200, Markus Koch wrote:
> running 3 exit nodes with HTTP + HTTPS (niftymouse,niftygerbil and
> niftyguineapig) on cheap VPSs and can confirm: There are heavily used
> and meaningful. Even with only HTTP + HTTPS. I got 12 abuse mails ...
> so you wont get rid of this issue but I will be way less. Please think
> about using less ports.

Most of the abuse that my ISP receives are TCP/80 bots. c2, virut, gozi,
Zeus/Gameover, Tinba, pony, nymaim malware get lots of sinkhole hits, on
average 3-6 abuse reports every hour. A government agency FICORA was
interested in a case of Ramnit bot from my exit, but that's nothing
surprising or alerting.

A majority of the > 8200 abuse reports are these autoreporter logs about
these bots, so allowing ports 80 and 443 in my exit policy would not
reduce the amount of abuse reports generated.

I am in belief that my ISP would not actually see port 80 and 443 bots
being "malicious traffic" per AUP, but their recommendation for me was
to start looking elsewhere with reverse DNS appropriately set for a Tor
exit node. Still, they say to be pro-anonymity and have given me some
leanway for that goal.

For me, it's not as meaningful to run an exit and deal with abuse
complaints if it doesn't allow at least ports 22 (SSH), 80 (HTTPS), 110
(POP3), 143 (IMAP), 443 (HTTPS) and 6667 (6665-6669) (IRC). There's also
a high barrier of entry to colocation services in Finland, so hosting an
exit somewhere else in this country is not easy to accomplish.