I hate Webiron. They never marked any of my IP abuses as resolved, even though I responded and revised my exit policy within 24 hours of the complaint.
On Oct 4, 2016 12:10 PM, "Markus Koch" <niftybu...@googlemail.com> wrote: > 100% agreed. > > Just let us kick out the bots ... > > Offending/Source IP: 95.85.45.159 > - Issue: Source has attempted the following botnet activity: > Semalt Referrer Spam Tor Exit Bot > > I am not in for free speech for bots and anything without a pulse. > > markus > > > Hello! > > === You are receiving this e-mail in regard to abuse issues against > our clients coming from the host at IP 95.85.45.159. === > > --- Automated Message - To get a response or report issues with the > reports, please see the contact info below. --- > --- Report details are at the bottom of the e-mail. For web attacks > see the "bot" links for more details about the attack. ---- > > Webiron is a security service and this e-mail is being sent on behalf > of our customers. We do not control how our clients configure their > protection and as a result do not control how blocks and bans are > generated. > > We are committed to providing useful information on abuse issues on > behalf of our clients to help stop issues related to issues that seem > to originate from within your network. > > We value your time and effort and appreciate your assistance in > handling these issues! > > If you are responsible for abuse issues however the IP being reported > does not belong to you, please open a ticket or email us to let us > know of the error and we'll correct it as soon as possible. > > Please note due to the retaliatory nature of attackers and the > abundance of internet abuse havens and fake hosting companies, we do > not give out the exact IP of our clients. If you require further > assistance we will be more than happy to work with you. Just open a > ticket our contact us with the details below. > > -- Who We Are -- > A little about our service, we are a server protection solution > designed to help hosting companies, their customers, and SoC > departments improve their system security, stability and lower TCO and > support costs. > > Please feel free to send us your comments or responses. If you are > inquiring for more information you must disclosed the offending IP. > To contact us via e-mail, use <supp...@webiron.com>, however if you > require a ticket tracked response you can open one at > https://www.webiron.com/abuse-soc-issues.html > > -- Abuse Criteria -- > To be considered abusive a bot must either be a clear danger (IE: > exploit attempts, flooding, etc) or match at least two items from the > list athttps://www.webiron.com/supporthome/view-article/33- > criteria-for-what-makes-a-bot-bad.html > > -- Removal Requests -- > To be removed entirely from future reports reply to this e-mail with > REMOVE (in all caps) in the subject line. Please note this will only > stop the e-mail to the address the e-mail was sent to and public > notices will remain as your abuse address will be listed on our BABL > blacklist. > > -- Feed/History Links -- > IP Abuse Feed: https://www.webiron.com/abuse_feed/95.85.45.159 > IP Detailed Information: https://www.webiron.com/iplookup/95.85.45.159 > Your Abuse Report History: > https://www.webiron.com/abuse_feed/ab...@digitalocean.com > > --- Blacklist Warning --- > In an ongoing effort to stop chronic abuse we maintain several > blacklists available as flat data or free public DNSRBL. > > For more information see: https://www.webiron.com/rbl.html > > To check the blacklist status of the offending IP, see: > https://www.webiron.com/iplookup/95.85.45.159 > > -- NEW -- > We have now opened access to our RBL API allowing direct access to the > entire RBL database. For more information please > see:https://www.webiron.com/rbl.html > > > Thank you for your support, > > The WebIron Team > > ---------------------------------------------------------- > *** Note *** - All times are in America/Phoenix (-07:00) > ---------------------------------------------------------- > > > Unwanted and or Abusive Web Requests: > > Offending/Source IP: 95.85.45.159 > - Issue: Source has attempted the following botnet activity: > Semalt Referrer Spam Tor Exit Bot > - Block Type: New Ban > - Time: 2016-10-04 00:33:54-07:00 > - Port: 80 > - Service: http > - Report ID: ff681d81-5ce4-4329-8890-49642bd24a77 > - Bot Fingerprint: d5930168c39511ee975f5943a5f3faac > - Bot Information: > https://www.webiron.com/bot_lookup/d5930168c39511ee975f5943a5f3faac > - Bot Node Feed: > https://www.webiron.com/bot_feed/d5930168c39511ee975f5943a5f3faac > - Abused Range: 45.79.79.0/24 > - Requested URI: / > - User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 > (KHTML, like Gecko) Chrome/37.0.2062.120 Safari/537.36 > > > > > > > > > > > > > > > > 2016-10-04 18:46 GMT+02:00 Moritz Bartl <mor...@torservers.net>: > > On 10/04/2016 06:23 PM, Tristan wrote: > >> Wouldn't it be interesting if we could set up some kind of central "Tor > >> Abuse Center" where all the complaints go, and all the relay operators > >> can help respond to them. I suppose it would be pretty chaotic though... > > > > We actually discussed this briefly again at the recent Tor developers > > meeting, and it comes up every once in a while. It's an interesting > > thought experiment, and it would not take much to turn ourselves into an > > Abuse Management provider. I've seen this actually exists in the > > commercial space. > > > > One thing that makes it hard is that there's no assurance that someone > > is really only running an exit on a certain IP address; even if the > > Abuse Management Service verified that that IP address was a Tor exit at > > that point in time, it cannot in all honesty state that in fact the exit > > relay process caused a particular network activity or not. > > > > I do think we can operate this "in good faith", and we simply cannot set > > it up in a way that we can make it impossible to misuse. > > > > Still, this will not help in this (and related) cases: I have not yet > > seen proven cases where the reputation of the netblock was endangered, > > but if an ISP is afraid of that, there's no good way to cooperate. An > > IDS is their obvious suggestion, which just shows that they don't > > understand how Tor works. I argue strongly against deploying such > > systems on Tor exits. It will mess up more than it does good, and it > > won't be able to reliably detect *and block* bad behaviour. > > > > -- > > Moritz Bartl > > https://www.torservers.net/ > > _______________________________________________ > > tor-relays mailing list > > tor-relays@lists.torproject.org > > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > _______________________________________________ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
