Am 04.10.2016 um 16:48 schrieb krishna e bera: > On 04/10/16 08:48 AM, pa011 wrote: >> One of my main ISP is going mad with the number of abuses he gets from my >> Exits (currently most on port 80). >> He asks me to install "Intrusion Prevention System Software" or shutting >> down the servers. > > You can first ask him for a copy of the complaints in order to > understand what sort of alleged abuses are taking place. Are the > complaints about spam or scraping or web server exploits or something else?
I do get a copy of every complaint - they are unfortunately: - Http browser intrucion - /var/log/apache2/other_vhosts_access.log:soldierx.com:80 xxx.xxx.xxx.xxx - - [30/Sep/2016:11:14:34 -0400] "HEAD / HTTP/1.0" 302 192 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12" - invalid VAT number requests -recorded connection attempt(s) from your hosts to our honeypots - Issue: Source has attempted the following botnet activity: Semalt Referrer Spam Tor Exit Bot - botnet drone|Description: Ramnit botnet victim connection to sinkhole details, - attackers used the method/service: *imap* > You can change your exit policy to reduce likelihood of complaints: > https://blog.torproject.org/blog/tips-running-exit-node I know, but I hardly like to block port 80 >> As far as I understand implementing such a software is not going together >> with Tor - am I right? > > If your exit nodes tamper with traffic in any way they will be labelled > as Bad Exit. (Tor tries to be net neutral.) > https://trac.torproject.org/projects/tor/wiki/doc/badRelays > > > _______________________________________________ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
