Re: [tor-relays] Abuse Complaints
> I've had a "discussion" with a WebIron employee once, where I patiently > explained about Tor. It ended with him making stupid threats, and since > that day I blacklisted W.I. on our mail servers. . > > -Ralph Would that be in USA? ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Abuse Complaints
On 30.08.18 22:07, Andrew Deason wrote: > For what it's worth, webiron has actually responded to my replies to > their reports before. I'm not saying it's a great use of time arguing > with them, but the replies are actually read by a human (at least, > sometimes). I've had a "discussion" with a WebIron employee once, where I patiently explained about Tor. It ended with him making stupid threats, and since that day I blacklisted W.I. on our mail servers. I think I posted about this experience here on the mailing list some years ago. -Ralph ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Abuse Complaints
On Wed, 29 Aug 2018 14:48:33 +0200 Ralph Seichter wrote: > Automated complaints are a different matter. I don't feel the need to > converse with Fail2ban or WebIron bots. For what it's worth, webiron has actually responded to my replies to their reports before. I'm not saying it's a great use of time arguing with them, but the replies are actually read by a human (at least, sometimes). -- Andrew Deason adea...@dson.org ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Abuse Complaints
What if we kept a (central) score of all complaints received, the type and the responses to our sensible explanations? If we were responding with that to the VPS business they might see that it is rare for complaints to be serious. Rob ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Abuse Complaints
> Is Irdeto harassing you with DMCAs or just the hacking / forum spam > complaints? >> I am thankful that I have my own AS and IP space. I would even think >> about running mass relays like I do. >> I am running the reduced exit policy on all 50 of my relays and still get >> tons of automated stuff like you spoke about. >> >> Now, If you leave all ports open like Conrad and I do on most of our >> relays, a copyright enforcement company called Irdeto USA (the same >> replies, and contact upstreams directly rather than the contact on the >> SWIP >> Record - be rich and get your own ASN to get around this. Now, Irdeto's >> business strategy is a simple one they need only to flood your ISP's >> abuse >> department with as many automated DMCA Emails as possible until they get >> too many to ever hope to respond to and then try to get them to terminate >> your account. Depending on the ISP it'll work. Own AS helps as with SWIP... you look like a biz / isp... the upper tiers are less likely to cut your connection unless bill unpaid, though you're hardly likely to actually be peering with them, so you're still somewhat subject to the smaller ISP FUD game. ISP meetups in every city, make friends. Automated? Waste of time, filter into archive and ignore. Copied to upstream? Same unless relationship says otherwise. Handwritten? Stuff with a hello back and a Here's Tor template. Get cracked? Say thank you. For the most part, it's all a game... bluster, corp i-dot t-cross fud, and whack a mole. Rarely to court in jurisdiction, which will happen or not no matter how you process mail. Simple incorporation filing solves that, fold in civil and reboot, unless jurisdiction is insane, for which you'd be insane to risk criminal jail to operate there non structured / defended / anon. Book counsel and plan before deploying. Or fight, isp rarely lose speech / proxy anyway. Irdeto bittorrent and all others can go spin... https://www.techspot.com/news/76190-us-court-appeals-ip-address-isnt-enough-identify.html http://cdn.ca9.uscourts.gov/datastore/opinions/2018/08/27/17-35041.pdf Generally, automatia is noise to cancel, bluster back at fud threats with well collated set of links / info / education, maybe they end up converting using overlays and crypto lol, thank the occaisional helpful human, etc. No best answer. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Abuse Complaints
On Wed, Aug 29, 2018 at 9:32 AM Nathaniel Suchy wrote: > > Almost never if you use the reduced exit policy or the browser only policy > (only allowing 80,443,53). I only run one exit relay, but this is also my experience. I use the reduced exit policy and also blacklist port 22 (SSH) and I haven't had any complaints in some time. However, the last time I tried opening up SSH, I _immediately_ got a half-dozen complaints about port-scanning. It's too bad; SSH is something people have good reasons to want to use over Tor. But I don't have time to respond to multiple complaints per day, so. zw ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Abuse Complaints
Almost never if you use the reduced exit policy or the browser only policy (only allowing 80,443,53). Now, If you leave all ports open like Conrad and I do on most of our relays, a copyright enforcement company called Irdeto USA (the same people behind Denuvo Game DRM) will send you threats and harassment, ignore your replies, and contact upstreams directly rather than the contact on the SWIP Record - be rich and get your own ASN to get around this. Now, Irdeto's business strategy is a simple one they need only to flood your ISP's abuse department with as many automated DMCA Emails as possible until they get too many to ever hope to respond to and then try to get them to terminate your account. Depending on the ISP it'll work. Cordially, Nathaniel Suchy On Wed, Aug 29, 2018 at 8:49 AM Ralph Seichter wrote: > On 29.08.2018 12:48, John Ricketts wrote: > > > For the non-automated emails I reply each time. > > Same here. At one time I had written a generator script that fills in > details of the complaining party, like IP addresses, and adds general > descriptions about what Tor is, with links to facilitate further > reading. Only very rarely the generated reply was not enough to satisfy > or at least placate the complaining party. Unfortunately I can't seem > find my script any more. > > Automated complaints are a different matter. I don't feel the need to > converse with Fail2ban or WebIron bots. > > -Ralph > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Abuse Complaints
On 29.08.2018 12:48, John Ricketts wrote: > For the non-automated emails I reply each time. Same here. At one time I had written a generator script that fills in details of the complaining party, like IP addresses, and adds general descriptions about what Tor is, with links to facilitate further reading. Only very rarely the generated reply was not enough to satisfy or at least placate the complaining party. Unfortunately I can't seem find my script any more. Automated complaints are a different matter. I don't feel the need to converse with Fail2ban or WebIron bots. -Ralph ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Abuse Complaints
Rob, For the non-automated emails I reply each time. John > On Aug 29, 2018, at 05:47, I wrote: > > John > > Do you do anything in reply? > > Rob > > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Abuse Complaints
John Do you do anything in reply? Rob ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Abuse Complaints
Paul, On an average day I receive 50 or so automated complaints. Once a week I will get a real human emailing me, even more rare do I get a subpoena. John > On Aug 28, 2018, at 23:38, Paul Templeton wrote: > > Question: are exit operators seeing many abuse complaints now days? I have > only had one in the last two months from 5 exits. I used to see a lot now > nothing really. > > I just find it weird. > > Paul > > 137CF322859E400455E457DB920F65FFDD222CDF > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Abuse Complaints
I have been running an exit at Linode.com for a month now - no complaints yet On 2018/08/29 06:38, Paul Templeton wrote: Question: are exit operators seeing many abuse complaints now days? I have only had one in the last two months from 5 exits. I used to see a lot now nothing really. I just find it weird. Paul 137CF322859E400455E457DB920F65FFDD222CDF ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Abuse Complaints
Question: are exit operators seeing many abuse complaints now days? I have only had one in the last two months from 5 exits. I used to see a lot now nothing really. I just find it weird. Paul 137CF322859E400455E457DB920F65FFDD222CDF ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Abuse complaints about brute forceing via ssh
On Sat, Dec 31, 2011 at 07:59:31AM +0100, Klaus Layer wrote: within two days I received abuse complaints from my ISP that someone used my exit node to brute force ssh accounts of two different ISP. Unfortunately I am forced to block port 22 to avoid shutdown. Anyone else who suffered from such attacks these days? We've seen some claims of port 22 attacks, as well. I think the rate has been fairly consistent over the last several months, though. We send our standard explanation and offer of assistance (DNSBL, suggestions of how to rate-limit, reminders that it's the server's responsibility to secure their own systems). -andy ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Abuse complaints about brute forceing via ssh
We haven't seen anything out of the ordinary. Here's the normal response we give for ssh bruit force complaints: https://trac.torproject.org/projects/tor/wiki/doc/TorAbuseTemplates#SSHBruteforceAttempts I take this back, just got one from a Goran Matovinovic this morning. I'm a little tempted to tell him to get a life, though we tend to ignore automated spam complaints like this. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays