Re: [tor-relays] Directory authorities not giving weight to a relay
Hello! Thank you very much for your detailed response. I have been checking everything you and the others have said, and seems like my naivety was the problem all along. TLDR: Hosting (Hostiko) does shady practices and limits server bandwidth Before getting to the solution, let me enumerate a list of things my friend who I work with and I have done over the past week: Checked tor logs, hoping to find some error that told me that something was wrong with my tor setup (nothing was found!) Checked zabbix metrics, but nothing out of the ordinary (also worth to mention that this was setup after the drop in consensus weight) Tried to install vnstat from source and failed miserably, about 15 minutes into the "make install" it threw an error. I cleaned everything that was made (or so I thought) and installed it with pkg because I was too lazy to make the compilation work. Spoiler alert: I was getting tons of permission errors and similar with everything related to vnstat. I just let it be and assummed that zabbix would get me the same values that vnstat would. Updated FreeBSD to the latest version (downloading everything was rather slow, hmm...) Updated my tor relay to 0.4.8.11 Nothing worked, so as a last resort I checked the server bandwidth once more (this was already checked when I first got the server, and it was fine). Speedtest reported around 3 Megabits per second. My friend also ran iperf and we got a similar result. Anyway, I log into the customer area of the hoster and open a live chat. My message was the following: > Hello! I am having issues with my server bandwidth. I should have something > close to 200 mbit but I seem to be getting 3 mbit max After a few minutes they get back to me with this response: > Your server's speed has been limited because it is being used for traffic > proxying. According to our policy, we restrict VPS that are used to hide the > real address or to utilize our DDoS protection. This message seemed a bit weird, mostly because I didn't really understand how did the know what I am using this server for. I am aware that there are several methods (checking the relay search, duh), but on their side I just supposed that they would see traffic from the port 443 and assume that I am hosting a website or something. Then I remembered something strange that happened around the time that the consensus weight dropped. My friend had setup an alert on every login on the system, and we got one at Thursday 0:33 (We both work, so at that time we are usually asleep already) This login stood up a lot, but not because it was a root login (we only login with our users), but because of that specific IP, 178.250.189.20. A simple lookup tells us that it's related with the hosting. The ISP is MDCloud and the organization is Hostiko. At the time we assumed that this happened because the server restarted and some service triggered the login alert. Anyway, fast forward again to today, and I checked the root user command history and this is what we found: The command history was disabled, then history was run again (I guess after whoever got into the server ran some commands) and exited. This is extremely shady. I checked every log in the system, even the system mail where apparently I get daily and weekly security digests (which is just a log of failed logins and some updates recommendations) and could not find anything in that specific timeframe, it's like it never happened and it's all in my head. Anyway, I'm not much of a confrontational person, so I just asked more about that limitation and how can it be. Unless I am missing something, their ToS has nothing against them. Their response: > We do not prohibit VPNs or Tor middle nodes, but we limit network speed once > the traffic exceeds the acceptable amount for your plan. In your case, we > noticed that the server was used solely for proxying and exhibited an > unnaturally consistent level of traffic (almost the same 24/7), so we have > limited it. Since we use more expensive DDoS protection in Germany and Poland, we are forced to take stricter measures. You can use our services in Ukraine, where we can apply more lenient policies. If this is unacceptable to you, we can also offer you a refund. We apologize for the inconvenience. They offered a refund, and even for the whole three months. I already gave them my details, hopefully they keep their word on this at least. I have backed up my relay keys, even though I'm not sure if I can trust them anymore. My next step currently would be to decide on a new hosting provider. I will also try to update the Good Bad ISP table. Thank you very much again! Regards. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Directory authorities not giving weight to a relay
On Montag, 3. Juni 2024 09:20:38 CEST Frank Lý via tor-relays wrote: . > MDCLOUD LTD (AS203394) does not exist on the Good Bad ISPs list. But it's the only one so far in AS203394 and runs with FreeBSD, both of which are great. I think your relay runs in Ukraine. https://bgp.he.net/AS203394#_prefixes > In > addition, the contact information provided in the `torrc` does not match > the email address you used to participate in the `tor-relays` mailing list. The email address in the relay list is completely irrelevant. Mine is also different on the list, the relays and in the forum. > > Almost three months ago I have set up my first node. Everything seemed to > > be going great at first and as documented in the tor lifecycle blog post. > > A few days after being set up the weight drastically dropped to around > > twenty. This seemed a bit odd since that same blog post doesn't mention > > anything about weight dropping so much, but it does about bandwidth, ao I > > just shrugged it off and assumed it was normal. Consensus weight is based on bandwidth observed by the relay and bandwidth measured by the directory & bw authorities. Your observed bandwidth is currently ~500 KiB/s, which is very little especially for a relay in the data center. If you do not have truly unlimited bandwidth from your provider, your bandwidth may be throttled. Or in a KVM|Cloud, the node is oversold. > > Anyway, fast forward to today, and the weight hasn't really gotten above > > two hundred, it has been a month and a half I think since the weight > > drop, and it has been stale at a weight of between one hundred eighty and > > two hundred. > > > I can't put my finger on what is exactly the problem, the relay currently > > has six flags: Fast, HSDir, Running, Stable, V2Dir and Valid. Shortly > > after the drop I have even seen the Guard flag for like a day. The server > > has capacity and is dedicated solely to being a relay, and the ISP is in > > the good providers list. I would first look at the provider's ToS. It often says something about fair usage policies vs. unlimited bandwidth and unlimited traffic. Sometimes only inbound or outbound is unlimited. Then I would install vnstatd or nload and measure the traffic for one to two months. It could be that the bw auths are not measuring properly at the moment because they are under DDoS. -- ╰_╯ Ciao Marco! Debian GNU/Linux It's free software and it gives you freedom! signature.asc Description: This is a digitally signed message part. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Directory authorities not giving weight to a relay
On June 3, 2024 9:20:38 AM GMT+02:00, "Frank Lý via tor-relays" wrote: > In addition, the contact information provided in the `torrc` does not match > the email address you used to participate in the `tor-relays` mailing list. For all what I know, this shouldn't play a role. I'm also using different mail addresses in the contact info fields of my relays and on this mailing list for about one and a half year. Kind regards telekobold ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Directory authorities not giving weight to a relay
> The server has capacity and is dedicated solely to being a relay, and the ISP > is in the good providers list. MDCLOUD LTD (AS203394) does not exist on the Good Bad ISPs list. In addition, the contact information provided in the `torrc` does not match the email address you used to participate in the `tor-relays` mailing list. Frank May 30, 2024, 11:23 PM by tor-relays@lists.torproject.org: > Greetings everyone! > > Almost three months ago I have set up my first node. Everything seemed to be > going great at first and as documented in the tor lifecycle blog post. > A few days after being set up the weight drastically dropped to around > twenty. This seemed a bit odd since that same blog post doesn't mention > anything about weight dropping so much, but it does about bandwidth, ao I > just shrugged it off and assumed it was normal. > > Anyway, fast forward to today, and the weight hasn't really gotten above two > hundred, it has been a month and a half I think since the weight drop, and it > has been stale at a weight of between one hundred eighty and two hundred. > > I can't put my finger on what is exactly the problem, the relay currently has > six flags: Fast, HSDir, Running, Stable, V2Dir and Valid. Shortly after the > drop I have even seen the Guard flag for like a day. > The server has capacity and is dedicated solely to being a relay, and the ISP > is in the good providers list. > > The fingerprint of the node is ACC72E6D0FA76168AE1BA7F26996D191FEA7C9D8. > Maybe someone in this list can give me a hand and point me in the right > direction. > > Thank you in advance! > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Directory authorities not giving weight to a relay
Greetings everyone! Almost three months ago I have set up my first node. Everything seemed to be going great at first and as documented in the tor lifecycle blog post. A few days after being set up the weight drastically dropped to around twenty. This seemed a bit odd since that same blog post doesn't mention anything about weight dropping so much, but it does about bandwidth, ao I just shrugged it off and assumed it was normal. Anyway, fast forward to today, and the weight hasn't really gotten above two hundred, it has been a month and a half I think since the weight drop, and it has been stale at a weight of between one hundred eighty and two hundred. I can't put my finger on what is exactly the problem, the relay currently has six flags: Fast, HSDir, Running, Stable, V2Dir and Valid. Shortly after the drop I have even seen the Guard flag for like a day. The server has capacity and is dedicated solely to being a relay, and the ISP is in the good providers list. The fingerprint of the node is ACC72E6D0FA76168AE1BA7F26996D191FEA7C9D8. Maybe someone in this list can give me a hand and point me in the right direction. Thank you in advance! ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays