[tor-relays] AWS abuse handling

Wed Jul 27 18:24:28 UTC 2016

Hi All,

I have a *free* membership for a year on Amazon's AWS (*capped* at
15GB/month of traffic each way).

I've been running an exit node with a reduced exit policy on an ec2
instance for months and have received my first abuse notice. I'm sure a few
on this mailing list may have received the same or similar abuse
notification from Amazon. Besides shutting down the exit, what measures did
you take to deal with this? What would be the consequences of ignoring
their email and continuing to run it?

Note: I'm a student and am running on a really tight budget at the moment
(reason for not hosting it on a paid vps)

Any suggestion(s)/help is appreciated :)

Best,
Snehan

-----------------------------------------------
The contents of the Abuse notice:
Hello,

We've received a report(s) that your EC2 instance(s)

Instance Id:
IP Address:

has been has been operating as a TOR Exit node. Operating a TOR Exit node
is forbidden in the AWS Acceptable Use Policy (hxxps://aws.amazon.com/aup/).
We've included the original report below for your review.

Please take action to stop the reported activity and reply directly to this
email with details of the corrective actions you have taken. If you do not
consider the activity described in these reports to be abusive, please
reply to this email with details of your use case.

If you're unaware of this activity, it's possible that your environment has
been compromised by an external attacker, or a vulnerability is allowing
your machine to be used in a way that it was not intended.

We are unable to assist you with troubleshooting or technical inquiries.
However, for guidance on securing your instance, we recommend reviewing the
following resources:

* Amazon EC2 Security Groups User Guide:
hxxps://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html
 (Linux)
hxxps://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/using-network-security.html
 (Windows)

* Tips for Securing EC2 Instances:
hxxps://aws.amazon.com/articles/1233 (Linux)
hxxps://aws.amazon.com/articles/1767 (Windows)

* AWS Security Best Practices:
hxxp://media.amazonwebservices.com/AWS_Security_Best_Practices.pdf

If you require further assistance with this matter, you can take advantage
of our developer forums:

hxxps://forums.aws.amazon.com/index.jspa

Or, if you are subscribed to a Premium Support package, you may reach out
for one-on-one assistance here:

hxxps://console.aws.amazon.com/support/home#/case/create?issueType=technical

Please remember that you are responsible for ensuring that your instances
and all applications are properly secured. If you require any further
information to assist you in identifying or rectifying this issue, please
let us know in a direct reply to this message.

Regards,
AWS Abuse "

---------------------------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20160727/8c0dedd1/attachment.html>