[tor-relays] Reaching out to webiron

teor teor2345 at gmail.com
Wed Feb 8 07:22:33 UTC 2017

> On 8 Feb 2017, at 18:03, Andrew Deason <adeason at dson.org> wrote:
> On Wed, 8 Feb 2017 15:09:47 +1100
> Tor <tor at xemurieh.co.uk> wrote:
>> I don't ignore abuse reports, and I've found that Tor's boilerplate
>> abuse templates almost always provide a good response. So it's just a
>> matter of copying and pasting the relevant section and sending it to them.
>> https://trac.torproject.org/projects/tor/wiki/doc/TorAbuseTemplates
> Normally, yes sure, but this isn't some random place that's never heard
> of tor before. WebIron is well aware of what tor is, and they seem to
> have an issue with the tor network in general, not my specific node.
> They used to include this in their automated reports:
>>> ====== Tor: Please note as the abuse from Tor has gotten out of hand,
>>> we do not give free passes to abuse coming from Tor exits. See the
>>> leader board linked below for more details on the issue. ======
> And they even gave instructions for how to block ranges from individual
> exits:
> <https://www.webiron.com/supporthome/view-article/32-blocking-traffic-from-tor-exit-nodes.html>
> (They no longer include this info in their reports, from what I can
> tell.)
> But blocking ranges from individual exits doesn't seem useful to them at
> all; it's even counterproductive, since the attacks/abuse will use a
> different IP, bypassing their IP-based blacklist.

And it's wrong:

Tor attempts to find the closest exit node to the end point in attempts to speed up service. In most cases, because of this it is possible to curb abuse originating from the same places by blocking outbound traffic from just a few exit nodes.

And their firewall method is unhelpful, as it may get exits the BadExit flag:

There are a few ways exit traffic can be rejected:

	• On the exit nodes themselves
		• Tor exit itself (see: https://www.torproject.org/docs/tor-manual.html.en re: "ExitPolicy policy,policy,…")
		• Local firewall (ie: IPTables/Windows firewall)

> From my current conversation with them, they are aware of at least some
> suggested ways of blocking tor entirely, but claim some issues with
> doing so. (Something having to do with exit node IPs changing too
> frequently, making the existing methods useless.)
> I am not sure if there are real technical limitations, or there is just
> a misunderstanding. Since I don't work with the technical details of tor
> in and out every day, I'm a little hesitant to be arguing with them
> about the various technical details, since I might get something wrong.
> And of course, if there _are_ actual problems with the mechanisms of tor
> blacklisting, I can't do anything about it myself, and we have to play
> "telephone" with me reporting some issue second-hand or whatever.

They are probably using the wrong list, there are reliable lists
maintained by Tor, as far as I know.

> So... I was wondering if there's someone I should "pass off" to :)

Ask them to join tor-access@ and explain their issues?


Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
xmpp: teor at torproject dot org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20170208/4c851da4/attachment-0001.sig>

More information about the tor-relays mailing list