[tor-relays] So long and thanks for all the abuse complaints

Tue Dec 5 14:35:06 UTC 2017

Abuse complaints are how this thing goes. With your limited exit 
policy, you would hardly see any complaints (relatively speaking), and 
what you do see would be mostly like SQL hack complaints and such. 
It's usually not going to be cases where someone got all the way into 
someone's machine, it's going to be mainly complaints about attempts.

I feel like a short notification should be all you need and you're 
done with responses to stuff like that, such as:

Hi <person>,

That is the Tor exit router we host. https://www.torproject.org . 
Unfortunately, bad actors sometimes misuse Tor for things like this.

If your attacker proves to be a serious problem, you may wish to block 
the entire Tor network from your device. A list of Tor exits can be 
seen here (and there is also an RBL somewhere): 
https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=1.1.1.1 . 
Blocking one Tor exit such as mine won't really stop the person. Also, 
if I configure my node not to exit to you, the attacker won't 
necessarily even notice, as Tor will automatically route him through a 
different exit node.

Regards,

- < your sig >

While it's true that the suggestion about blocking all of Tor isn't 
ideal for the internet at large, in particular as a response to stupid 
scans or web hack attempts that don't actually get in, there are cases 
where it may make sense for a server operator to do that on a single 
system, if only temporarily.

The main points in this response are the explanations of what Tor is 
(via the provided link) and why it never makes sense from the attacked 
server's perspective for a single exit to stop exiting to it 
specifically. The affected server operator has the choice of ignoring 
the attempts, or fixing whatever vulnerability is there if one is 
being exploited, or blocking all of Tor. You as a single exit operator 
are not a part of that.

There was only one time that I got a bullshit response back from 
someone as a result of what I'd sent, and he could be safely ignored, 
as he was just an idiot who thought that Tor was a bad thing. There 
was another guy who was ignoring my responses and emailing our abuse 
box repeatedly - he comes from a relatively rare mindspring.com 
address. If that is the one complaining about your exit, he's 
worthless. I  configured our mail server to reject his abuse 
complaints outright (we own our own IP space, so, this is simpler for 
us than it would be for you). That mindspring.com guy also had the 
bright idea of emailing the networks he saw along his traceroute, 
thinking that we are a customer of those networks (we're not).