Wouldn't it be interesting if we could set up some kind of central "Tor Abuse Center" where all the complaints go, and all the relay operators can help respond to them. I suppose it would be pretty chaotic though...
On Oct 4, 2016 11:18 AM, "pa011" <pa...@web.de> wrote: > Yes its ISP - plus 10 times more fire-power both, Markus and me > which is 10 times more work, sadly :-( > > > Am 04.10.2016 um 18:12 schrieb Markus Koch: > > Short answer: ISP > > > > I got 2 abuse mails (1 false positive) from Hostwinds in 4 months and > > I get weekly mass reports from DigitalOcean. > > And the thing that pisses me off is: Its all bots or Tax spam or other > > stuff I got weeks/months ago. Different day, same shitty abuse mail. > > > > Markus > > > > > > 2016-10-04 18:03 GMT+02:00 Tristan <supersluet...@gmail.com>: > >> I don't know what I'm doing different, because I only got 2 complaints > in > >> the last 2 months, and that was for SSH and SQL stuff. > >> > >> > >> On Oct 4, 2016 11:01 AM, "pa011" <pa...@web.de> wrote: > >>> > >>> Me too Markus -could fill a folder with that tax issue :-(( > >>> Costing a lot of time to answer and restrict the IPs > >>> > >>> Plus my ISP moaning with good reason: "It's not just about you, but > you're > >>> giving a bad reputation to one /21 and one /22 subnet. That's ~ 3000 > IPs > >>> which are potentionaly endagered to be marked as source of malicious > content > >>> / blacklisted / whatever ... so you see, this is quite critical for > us." > >>> > >>> Am 04.10.2016 um 17:48 schrieb Markus Koch: > >>>> same shit here: > >>>> > >>>> Dear User, > >>>> We are contacting you because of unusual activity coming from your IP > >>>> address towards the IT infrastructure of the European Commission. > >>>> In specific, since 03/10/2016, IP addresses 95.85.45.159 & > >>>> 104.236.225.19 of Digital Ocean, located in the Netherlands (NL) and > >>>> the USA respectively, have submitted a significantly large number of > >>>> invalid VAT number requests as compared to the total number of > >>>> requests (89,59% & 89,96% respectively) towards VAT numbers from a > >>>> multiple of EU member States (MS) through the VIES on the Web service > >>>> (http://ec.europa.eu/taxation_customs/vies/). For more information on > >>>> Invalid VAT number requests please refer to FAQ, questions 7, 11, 12, > >>>> 13 and 20 of the VIES on the WEB site > >>>> (http://ec.europa.eu/taxation_customs/vies/faq.html). > >>>> The scope of our team is to monitor on a daily basis the performance > >>>> of the VIES-on-the-Web (VoW) service in order to ensure its > >>>> performance in accordance with the standards agreed upon between EU's > >>>> Directorate General for Taxation and Customs Union (DG TAXUD) and the > >>>> EU Member States. > >>>> Our objective is to secure constant and uninterrupted availability and > >>>> flow of traffic (requests for VAT validation) at all times. > >>>> Under this framework, our team intervenes whenever there is out of the > >>>> ordinary, unusual and potentially suspicious use of the system that > >>>> violates the rules of use as they are stated in the Specific > >>>> disclaimer for this service, which is available at the VoW site > >>>> (http://ec.europa.eu/taxation_customs/vies/disclaimer.html). > >>>> Consequently, in order to allow flawless use of the service, we were > >>>> obliged to block the access to VIES on the Web for the IP address > >>>> 88.198.110.130. > >>>> Following our action, we would like to know if you are aware of this > >>>> situation. Furthermore, your cooperation and contribution is necessary > >>>> in order to determine the reason for this occurrence. > >>>> Please inform us if this behaviour is normal and if such, how often it > >>>> should occur; we would then take action to unblock the traffic coming > >>>> from the corresponding IP address assuming you will agree to follow a > >>>> set ITSM VIES/Web Team > >>>> "ITSM2 is a contracted support partner for the IT Service Management > >>>> of the European Commission. > >>>> This e-mail is a reply to your message sent to the > >>>> taxud-vies...@ec.europa.eu<mailto:taxud-vies...@ec.europa.eu> e-mail. > >>>> Answers provided by the contactor are on behalf and according to > >>>> policy guidelines of DG TAXUD, but not binding for the European > >>>> Commission." > >>>> > >>>> I am so done with it, I added > >>>> > >>>> ExitPolicy reject 147.67.136.103 # TAX SPAM > >>>> ExitPolicy reject 147.67.136.21 # TAX SPAM > >>>> ExitPolicy reject 147.67.119.103 # TAX SPAM > >>>> ExitPolicy reject 147.67.119.3 # TAX SPAM > >>>> ExitPolicy reject 147.67.136.3 # TAX SPAM > >>>> ExitPolicy reject 147.67.119.21 # TAX SPAM > >>>> > >>>> Thats going on for months now and by all means, this is not free > speech > >>>> ... > >>>> > >>>> Markus. > >>>> > >>>> > >>>> > >>>> 2016-10-04 17:42 GMT+02:00 pa011 <pa...@web.de>: > >>>>> Am 04.10.2016 um 16:48 schrieb krishna e bera: > >>>>>> On 04/10/16 08:48 AM, pa011 wrote: > >>>>>>> One of my main ISP is going mad with the number of abuses he gets > >>>>>>> from my Exits (currently most on port 80). > >>>>>>> He asks me to install "Intrusion Prevention System Software" or > >>>>>>> shutting down the servers. > >>>>>> > >>>>>> You can first ask him for a copy of the complaints in order to > >>>>>> understand what sort of alleged abuses are taking place. Are the > >>>>>> complaints about spam or scraping or web server exploits or > something > >>>>>> else? > >>>>> > >>>>> I do get a copy of every complaint - they are unfortunately: > >>>>> > >>>>> - Http browser intrucion - > >>>>> /var/log/apache2/other_vhosts_access.log:soldierx.com:80 > xxx.xxx.xxx.xxx - - > >>>>> [30/Sep/2016:11:14:34 -0400] "HEAD / HTTP/1.0" 302 192 "-" > "Mozilla/5.0 > >>>>> (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) > >>>>> Gecko/20080201Firefox/2.0.0.12" > >>>>> > >>>>> - invalid VAT number requests > >>>>> > >>>>> -recorded connection attempt(s) from your hosts to our honeypots > >>>>> > >>>>> - Issue: Source has attempted the following botnet activity: Semalt > >>>>> Referrer Spam Tor Exit Bot > >>>>> > >>>>> - botnet drone|Description: Ramnit botnet victim connection to > sinkhole > >>>>> details, > >>>>> > >>>>> - attackers used the method/service: *imap* > >>>>> > >>>>>> You can change your exit policy to reduce likelihood of complaints: > >>>>>> https://blog.torproject.org/blog/tips-running-exit-node > >>>>> > >>>>> I know, but I hardly like to block port 80 > >>>>> > >>>>>>> As far as I understand implementing such a software is not going > >>>>>>> together with Tor - am I right? > >>>>>> > >>>>>> If your exit nodes tamper with traffic in any way they will be > >>>>>> labelled > >>>>>> as Bad Exit. (Tor tries to be net neutral.) > >>>>>> https://trac.torproject.org/projects/tor/wiki/doc/badRelays > >>>>>> > >>>>>> > >>>>>> _______________________________________________ > >>>>>> tor-relays mailing list > >>>>>> tor-relays@lists.torproject.org > >>>>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > >>>>>> > >>>>> _______________________________________________ > >>>>> tor-relays mailing list > >>>>> tor-relays@lists.torproject.org > >>>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > >>>> _______________________________________________ > >>>> tor-relays mailing list > >>>> tor-relays@lists.torproject.org > >>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > >>>> > >>> _______________________________________________ > >>> tor-relays mailing list > >>> tor-relays@lists.torproject.org > >>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > >> > >> > >> _______________________________________________ > >> tor-relays mailing list > >> tor-relays@lists.torproject.org > >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > >> > > _______________________________________________ > > tor-relays mailing list > > tor-relays@lists.torproject.org > > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > > > _______________________________________________ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
