Short answer: ISP I got 2 abuse mails (1 false positive) from Hostwinds in 4 months and I get weekly mass reports from DigitalOcean. And the thing that pisses me off is: Its all bots or Tax spam or other stuff I got weeks/months ago. Different day, same shitty abuse mail.
Markus 2016-10-04 18:03 GMT+02:00 Tristan <supersluet...@gmail.com>: > I don't know what I'm doing different, because I only got 2 complaints in > the last 2 months, and that was for SSH and SQL stuff. > > > On Oct 4, 2016 11:01 AM, "pa011" <pa...@web.de> wrote: >> >> Me too Markus -could fill a folder with that tax issue :-(( >> Costing a lot of time to answer and restrict the IPs >> >> Plus my ISP moaning with good reason: "It's not just about you, but you're >> giving a bad reputation to one /21 and one /22 subnet. That's ~ 3000 IPs >> which are potentionaly endagered to be marked as source of malicious content >> / blacklisted / whatever ... so you see, this is quite critical for us." >> >> Am 04.10.2016 um 17:48 schrieb Markus Koch: >> > same shit here: >> > >> > Dear User, >> > We are contacting you because of unusual activity coming from your IP >> > address towards the IT infrastructure of the European Commission. >> > In specific, since 03/10/2016, IP addresses 95.85.45.159 & >> > 104.236.225.19 of Digital Ocean, located in the Netherlands (NL) and >> > the USA respectively, have submitted a significantly large number of >> > invalid VAT number requests as compared to the total number of >> > requests (89,59% & 89,96% respectively) towards VAT numbers from a >> > multiple of EU member States (MS) through the VIES on the Web service >> > (http://ec.europa.eu/taxation_customs/vies/). For more information on >> > Invalid VAT number requests please refer to FAQ, questions 7, 11, 12, >> > 13 and 20 of the VIES on the WEB site >> > (http://ec.europa.eu/taxation_customs/vies/faq.html). >> > The scope of our team is to monitor on a daily basis the performance >> > of the VIES-on-the-Web (VoW) service in order to ensure its >> > performance in accordance with the standards agreed upon between EU's >> > Directorate General for Taxation and Customs Union (DG TAXUD) and the >> > EU Member States. >> > Our objective is to secure constant and uninterrupted availability and >> > flow of traffic (requests for VAT validation) at all times. >> > Under this framework, our team intervenes whenever there is out of the >> > ordinary, unusual and potentially suspicious use of the system that >> > violates the rules of use as they are stated in the Specific >> > disclaimer for this service, which is available at the VoW site >> > (http://ec.europa.eu/taxation_customs/vies/disclaimer.html). >> > Consequently, in order to allow flawless use of the service, we were >> > obliged to block the access to VIES on the Web for the IP address >> > 88.198.110.130. >> > Following our action, we would like to know if you are aware of this >> > situation. Furthermore, your cooperation and contribution is necessary >> > in order to determine the reason for this occurrence. >> > Please inform us if this behaviour is normal and if such, how often it >> > should occur; we would then take action to unblock the traffic coming >> > from the corresponding IP address assuming you will agree to follow a >> > set ITSM VIES/Web Team >> > "ITSM2 is a contracted support partner for the IT Service Management >> > of the European Commission. >> > This e-mail is a reply to your message sent to the >> > taxud-vies...@ec.europa.eu<mailto:taxud-vies...@ec.europa.eu> e-mail. >> > Answers provided by the contactor are on behalf and according to >> > policy guidelines of DG TAXUD, but not binding for the European >> > Commission." >> > >> > I am so done with it, I added >> > >> > ExitPolicy reject 147.67.136.103 # TAX SPAM >> > ExitPolicy reject 147.67.136.21 # TAX SPAM >> > ExitPolicy reject 147.67.119.103 # TAX SPAM >> > ExitPolicy reject 147.67.119.3 # TAX SPAM >> > ExitPolicy reject 147.67.136.3 # TAX SPAM >> > ExitPolicy reject 147.67.119.21 # TAX SPAM >> > >> > Thats going on for months now and by all means, this is not free speech >> > ... >> > >> > Markus. >> > >> > >> > >> > 2016-10-04 17:42 GMT+02:00 pa011 <pa...@web.de>: >> >> Am 04.10.2016 um 16:48 schrieb krishna e bera: >> >>> On 04/10/16 08:48 AM, pa011 wrote: >> >>>> One of my main ISP is going mad with the number of abuses he gets >> >>>> from my Exits (currently most on port 80). >> >>>> He asks me to install "Intrusion Prevention System Software" or >> >>>> shutting down the servers. >> >>> >> >>> You can first ask him for a copy of the complaints in order to >> >>> understand what sort of alleged abuses are taking place. Are the >> >>> complaints about spam or scraping or web server exploits or something >> >>> else? >> >> >> >> I do get a copy of every complaint - they are unfortunately: >> >> >> >> - Http browser intrucion - >> >> /var/log/apache2/other_vhosts_access.log:soldierx.com:80 xxx.xxx.xxx.xxx >> >> - - >> >> [30/Sep/2016:11:14:34 -0400] "HEAD / HTTP/1.0" 302 192 "-" "Mozilla/5.0 >> >> (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) >> >> Gecko/20080201Firefox/2.0.0.12" >> >> >> >> - invalid VAT number requests >> >> >> >> -recorded connection attempt(s) from your hosts to our honeypots >> >> >> >> - Issue: Source has attempted the following botnet activity: Semalt >> >> Referrer Spam Tor Exit Bot >> >> >> >> - botnet drone|Description: Ramnit botnet victim connection to sinkhole >> >> details, >> >> >> >> - attackers used the method/service: *imap* >> >> >> >>> You can change your exit policy to reduce likelihood of complaints: >> >>> https://blog.torproject.org/blog/tips-running-exit-node >> >> >> >> I know, but I hardly like to block port 80 >> >> >> >>>> As far as I understand implementing such a software is not going >> >>>> together with Tor - am I right? >> >>> >> >>> If your exit nodes tamper with traffic in any way they will be >> >>> labelled >> >>> as Bad Exit. (Tor tries to be net neutral.) >> >>> https://trac.torproject.org/projects/tor/wiki/doc/badRelays >> >>> >> >>> >> >>> _______________________________________________ >> >>> tor-relays mailing list >> >>> tor-relays@lists.torproject.org >> >>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >> >>> >> >> _______________________________________________ >> >> tor-relays mailing list >> >> tor-relays@lists.torproject.org >> >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >> > _______________________________________________ >> > tor-relays mailing list >> > tor-relays@lists.torproject.org >> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >> > >> _______________________________________________ >> tor-relays mailing list >> tor-relays@lists.torproject.org >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > > > _______________________________________________ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
