This will be my lengthy opinion on Webiron to get everything out of my
mind without redactions.
> Webiron's system sends notifications to both the abusix.org contact
> for the IP and to abuse at base-domain.tld for the reverse-DNS name of
> the relay IP.
This doesn't seem to be the case for us.
FYI Webiron ceased sending these for my relay sometime between 11/24
and today (no reports for 11/25-27).
Possibly this is because I never look at or resolve the reports and
their system eliminates non-responding addresses to avoid listing by
spam honeypots.
If you wish to continue receiving
Maybe something to add because I ran into a mistake:
ExitPolicy is a first match szenario.
The reject rules for abuse reports and stuff has to be the first one,
afterwards your accept rules and then a reject *:*.
For exampe my current policy is:
ExitPolicy reject 5.133.182.0/24 # WebIron report
My hosting provider also go these requests. Their terms of service requires
that I will answer something to acknowledge I got that.
I just answer "ok, I'll handle it" and that's it.
The reverse lookup of my nodes points to a hostname that shows the Tor
text. The host name is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I'm currently in the middle of a somewhat heated e-mail debate with
their vice-president.
Pasting the e-mails below would be indelicate, but their position is
that the Tor network is responsible for the abuse it generates and
should take measures to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I'm currently in the middle of a somewhat heated e-mail debate with
their vice-president.
Pasting the e-mails below would be indelicate, but their position is
that the Tor network is responsible for the abuse it generates and
should take measures to
>. . .I have to understand how my ISP reacts to this kind of things.
>For the moment I will keep a low profile and I will block the
>mentioned IP range for a month.
Webiron's system sends notifications to both the abusix.org contact
for the IP and to ab...@base-domain.tld for the reverse-DNS
Hi Christian,
sorry, I marked that message as "Todo" but forgot :-)
My replay to my provider is:
-
Hello Martin,
I've blocked the whole /24 (originally the target IP range is inside a
/16 but this would be too much) to prevent further
2015-11-16 12:46 GMT+01:00 Josef 'veloc1ty' Stautner :
> sorry, I marked that message as "Todo" but forgot :-)
Thank you. This is very helpful!.
> -
> Hello Martin,
>
> I've blocked the whole /24 (originally the target IP
> On 16 Nov 2015, at 22:58, Cristian Consonni wrote:
>
> Ok, so you did block a range for a limited period. I will need to
> learn how to do that.
Try:
ExitPolicy reject4 1.2.3.4/24:*
There's an extensive description of ExitPolicy in the tor man page.
Tim
Tim
2015-11-17 0:36 GMT+01:00 Dhalgren Tor :
> Webiron's system sends notifications to both the abusix.org contact
> for the IP and to ab...@base-domain.tld for the reverse-DNS name of
> the relay IP. So if you can configure abuse@ for the relay domain to
> forward to you, you
Hi,
2015-10-21 22:23 GMT+02:00 teor :
> Would you mind putting the statement on the wiki or posting it to this list?
>
> It might help other exit operators to respond to these kind of abuse reports.
+1. Can somebody point me to this?
I have just received a notification from
++ 17/11/15 02:08 +0100 - Cristian Consonni:
>2015-11-17 0:36 GMT+01:00 Dhalgren Tor :
>> Webiron's system sends notifications to both the abusix.org contact
>> for the IP and to ab...@base-domain.tld for the reverse-DNS name of
>> the relay IP. So if you can configure
Il 17/Nov/2015 08:27, "Rejo Zenger" ha scritto:
>
> ++ 17/11/15 02:08 +0100 - Cristian Consonni:
> >2015-11-17 0:36 GMT+01:00 Dhalgren Tor :
> >> Webiron's system sends notifications to both the abusix.org contact
> >> for the IP and to
>Some people out there apparently are of the opinion that it is a
>reasonable choice to use the ugly crutch that is "fail2ban" instead of
>deprecating password based authentication for ssh.
You're technically correct (the best kind) but I wanted to point out
that Fail2Ban is a really useful
> On 21 Oct 2015, at 07:41, Josef Stautner wrote:
>
> I also ask my hoster for the mail addresses of the abuse reporter and
> write a little statement why he got attacked and what tor is and why I
> running a relay. Mostly the abuse reports from WebIron reports about
>
++ 20/10/15 13:57 -0700 - AMuse:
>The TOR directory of exit nodes is readily available for ISP's and
>website operators to apply in their filters. I don't see why them
>putting the onus on tens of thousands of exit operators to exit-block
>THEIR addresses is in any way reasonable.
I do agree
Dear yl,
just a few words from the abuse helpdesk of a larger tor-exit-node...
TL;DR: we ignore those requests. they don't even reach a human.
While we do handle most genuine/honest/helpful and especially all
non-automated abuse reports very diligently. Pointless nagging
services like webiron
Hello,
I received an abuse email today from my hoster (several emails from
webiron in one email), typical automated abuse emails, not much
information.
However, they request, if the origin IP is a Tor exit, to block the full
/24 subnet. As they also state, they will not provide the full IP of
Hello yl,
I also got some reports from WebIron.
I also made some thoughts about blocking Tor from reaching some parts of
the internet and if it's agains the ethics of tor. I think that blocking
the destination for two weeks by an reject rule satisfies the "victim"
and your hoster thus helps
The TOR directory of exit nodes is readily available for ISP's and
website operators to apply in their filters. I don't see why them
putting the onus on tens of thousands of exit operators to exit-block
THEIR addresses is in any way reasonable.
On 2015-10-20 12:51, yl wrote:
> Hello,
> I
I agree. I just bin these, or send the standard "abuse" response
template, which includes a snippet about using a DNSBL.
On 10/20/2015 04:57 PM, AMuse wrote:
>
>
> The TOR directory of exit nodes is readily available for ISP's and
> website operators to apply in their filters. I don't see why
>snake oil service like webiron
A most excellent characterization!
As a sales maneuver WebIron has been grandstanding
for months saying that Tor operators are "unwilling
to cleanup" when they know full-well that tor operators
can not / should not filter traffic due to minor brute-
force login
23 matches
Mail list logo