Thank you all for replying, I will answer the notification with the template mentioned by Rejo and include the link for ExoneraTor recommended by Jon.
Best Regards, Tanous 2017-10-04 11:34 GMT-03:00 Jonathan Proulx <[email protected]>: > Here's my version of the same: > > Hello, > > The source address 128.52.128.105 is a Tor exit node, and is not the > origin point for the traffic in question. See > http://tor-exit.csail.mit.edu (which is the host in your logs) for > details. Any action taken on this node would simply result in the > problem traffic using a different exit. > > For further information please read http://tor-exit.csail.mit.edu/ the > bottom of this page includes information on how to block all Tor exits > should you wish to do so (including links to get a list of all current > Tor exits). > > Sincerely, > The Infrastructure Group > MIT Computer Science and Artificial Intelligence Laboratory > > I recently learned about https://exonerator.torproject.org/ if you > don't have a large institutional name to hide behind like I do you > may want to include that in want ever response you use to lend > credibility to your exit claim. > > -Jon > > On Wed, Oct 04, 2017 at 08:26:06AM +0200, Rejo Zenger wrote: > :Hey, > : > :Yes, I do more or less the same. If the complaint is sent using some > automated system, I "do nothing." If the complaint is sent by a human, I'll > answer them with a template, see below. If there is a followup response to > that, I'll do some more explaining, oftentimes pointing them at the block > lists provided by the Tor Project. > : > :Here's the default answer: > : > :--- > : > :Thanks a lot for your notification. The traffic originating from the > IP-address is traffic from a Tor exit-node. As I am not sure whether you > are familiar with the Tor network, I would like to provide some explanation. > : > :Tor is network software that helps users to enhance their privacy, > security, and safety online. It does not host any content. Rather, it is > part of a network of nodes on the Internet that simply pass packets among > themselves before sending them to their destinations, just as any Internet > intermediary does. The difference is that Tor tunnels the connections such > that no hop can learn both the source and destination of the packets, > giving users protection from nefarious snooping on network traffic. The > result is that, unlike most other Internet traffic, the final IP address > that the recipient receives is not the IP address of the sender. > : > :I run a Tor node to provide privacy to people who need it most: average > computer users. Tor sees use by many important segments of the population, > including whistle blowers, journalists, Chinese dissidents skirting the > Great Firewall and oppressive censorship, abuse victims, stalker targets, > the US military, and law enforcement, just to name a few. While Tor is not > designed for malicious computer users, it is true that they can use the > network for malicious ends. > : > :Of course, the Tor network may be abused by others and apparently this is > what you are seeing. I am very sorry for this to happen to you. In reality > however, the actual amount of abuse is quite low. This is largely because > criminals and hackers have significantly better access to privacy and > anonymity than do the regular users whom they prey upon. Criminals can and > do build, sell, and trade far larger and more powerful networks than Tor on > a daily basis. > : > :To avoid any more traffic from this source, you could (temporarily) block > the IP-address of my Tor exit node. You also have the option of blocking > all exit nodes on the Tor network if you so desire. The Tor project > provides a web service to fetch a list of all IP addresses of Tor exit > nodes that allow exiting to a specified IP:port combination, and an > official DNSRBL is also available to determine if a given IP address is > actually a Tor exit server. > : > :--- > : > : > : > : > :++ 04/10/17 02:44 +0000 - teor: > :> > :>> On 3 Oct 2017, at 22:35, tanous .c <[email protected]> wrote: > :>> > :>> Have any of you had this sort of problem? I'm having difficulty > determining if this log information represents a normal exit relay > ocurrence or if my server has been compromised... What could i do in order > to solve this? > :> > :>Yes, Profihost sent me one recently that looked very similar. > :>Fortunately, I use OutboundBindAddress, so I knew it was > :>(very likely to be) exit traffic. > :> > :>You can: > :>* do nothing > :>* respond and ask for verification that they want your exit > :> to block their site, but explain that they need to block > :> all Tor Exits for the traffic to stop > :>* add exit policy entries to block each of the mentioned > :> IPs and ports > :>* block port 22 on your exit > :> > :>I'll be doing nothing. > :> > :>You should consider your provider's reaction, because they > :>may want you do something about the complaint, even if > :>it's something ineffective. > :> > :>Tim > :>_______________________________________________ > :>tor-relays mailing list > :>[email protected] > :>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > : > : > :-- > :Rejo Zenger > :E [email protected] | P +31(0)639642738 | W https://rejo.zenger.nl > :T @rejozenger | J [email protected] > : > :OpenPGP 1FBF 7B37 6537 68B1 2532 A4CB 0994 0946 21DB EFD4 > :XMPP OTR 271A 9186 AFBC 8124 18CF 4BE2 E000 E708 F811 5ACF > > > > :_______________________________________________ > :tor-relays mailing list > :[email protected] > :https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > > > -- > > _______________________________________________ > tor-relays mailing list > [email protected] > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > >
_______________________________________________ tor-relays mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
