On Sun, Oct 19, 2014 at 01:53:40PM +0200, Tom van der Woerdt wrote: > Kees Goossens schreef op 19/10/14 13:24: > >Part 1: Abuse over HTTP. > > > >Within one week of being an exit, my provider forwarded the following > >abuse notification to me (XXXX is the abused Russian website, ZZZZ is me): > >==== > >Greetings, > > > >XXXX abuse team like to inform you, that we have had mass bruteforce > >attempts to the Joomla / WordPress control panel on the our > >shared-hosting server XXXX from your network, from IP address ZZZZ > > > >During the last 30 minutes we recorded 333 attempts like this: > > > >XXXX - [14/Oct/2014:14:17:49 +0400] "POST /administrator/index.php > >HTTP/1.1" 200 11646 "-" "-" > >XXXX - [14/Oct/2014:14:17:49 +0400] "POST /administrator/index.php > >HTTP/1.1" 200 11646 "-" "-" > >XXXX - [14/Oct/2014:14:17:51 +0400] "POST /administrator/index.php > >HTTP/1.1" 200 11646 "-" "-" > >XXXX - [14/Oct/2014:14:17:51 +0400] "POST /administrator/index.php > >HTTP/1.1" 200 11646 "-" "-“ > >XXXX - [14/Oct/2014:14:17:54 +0400] "POST /administrator/index.php > >HTTP/1.1" 499 0 "-" "-" > >==== > > > >Lesson (for me at least): since HTTP was used, even a very reduced exit > >policy is does not make one immune to abuse problems. > >At this point I reverted back to being a non-exit relay, as I have no > >interest in having to deal with this. > > Hi Kees, > > Sounds familiar. This same company (valuehost.ru?) sends me about 20 abuse > reports a day. At first I replied with explanations of what Tor is, > explaining why it's hard to do anything against this kind of abuse. Later I > started sending the same replies but with a note "Please reply if you have > read this message." - no replies. Their message mentions a contact address > so I started cc'ing that address - still no reply. After replying for two > months and never getting any replies, I stopped replying. > > IANAL but you can probably just ignore those. > > Abuse reports are very common but there's usually not much you can do other > than write a message back explaining why there's not much you can do. Make > sure your server provider knows that you run an exit relay! > > Tom >
Same here, I've blacklisted their /24 in my torrc. The complaints stopped. > _______________________________________________ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
