That's understandable and stuff happens. I too live in a country that celebrates Christmas which is why I didn't respond to the abuse report and my IP was blocked.
That being said we should avoid making unsubstantiated claims. saying: >These emails suggest Hetzner monitors flow-level data (e.g., NetFlow), which raises concerns about potential exposure of >Tor traffic characteristics. sounds funny. Any Network admin worth their salt managing a large network will know they should protect the network from port scanners otherwise any schmuck can rent a VPS and start port scanning other networks, so based on your claim all competent network admins should be a danger to Tor Network. As for your other claim, I decided to do a relay search. Out of over 9400 Tor relays 407 of them are operated out of Hetzner (As24940). You as a single Tor operator control around 750 relays give or take. Which one would you say is a bigger security risk? On 12/29/2025 1:56 AM, Tor at 1AEO wrote: > Repeating email threads - here's the previous one covering the same > topics: > https://lists.torproject.org/mailman3/hyperkitty/list/[email protected]/message/UPW4GC3AYSP5HIK3OJ3PRGWEPX37BDOK/ > > The internet and Tor operate with an understanding any relay at any > point in time can be unreachable. > > Thousands of hosting providers for Tor relays and only Hetzner sends > false abuse reports. > > 3 days ago the datacenter had an emergency maintenance power event, > the day before Christmas in a country that celebrates Christmas, and > took all the servers in their rack offline with no notice. > We had the opportunity to spend hours on Christmas day getting the > server back online because, as it turns out, the technician > accidentally "bumped" the NIC and disconnected our server as well, all > while handling their original emergency maintenance power event. > > For past events, we've seen upstream switches go offline dropping BGP > routes and Ubuntu 24.04 default installs with only Tor running > suddenly crash. > On Sunday, December 28th, 2025 at 10:30 PM, Chris Enkidu-6 via > tor-relays <[email protected]> wrote: >> >> Hello, >> >> It's worth noting that these abuse reports are not a Hetzner issue. >> They, just like all major operators have a legitimate reason to keep >> monitoring their network. This is also not just about all Tor >> operators. These abuse reports are issued as a result of the >> operation of a single Tor operator. >> >> All the abuse reports I receive (and frequently) are for >> 64.65.62.0/24 and less frequently from 64.65.1.0/24 and 96.9.98.0/24 >> all of which are served and operated by a single Tor operator. >> >> If out of over 9400 Tor relays in operation, only the ones operated >> by a single operator cause these reports, it is safe to assume it's >> not necessarily Tor related but operator related. There are major >> operators operating great number of IP addresses and I can safely say >> I have never received an abuse report regarding any of those. >> >> My guess is that each of these blocks of IPs are served on a single >> server. Each time the server is rebooted the network loses a whole >> block of Tor relays -- and not so gracefully -- and due to the number >> of those servers, Each operator that's connected to those IP >> addresses keep sending packets to port 443 (Or Port) in an attempt to >> discover what happened and try to reconnect. Those multiple attempts >> on the whole block of IP addresses justifiably are flagged as port >> scans of a whole block. Perhaps shutting down each relay individually >> and gracefully before a reboot could allow the network to adjust to >> the loss gradually? >> >> The most recent abuse report I received was for 64.65.62.0/24 about 3 >> days ago and looking at those relays you can tell the server was >> rebooted at that time. Unfortunately because I was away and didn't >> have time to respond to the report, one of my IP addresses was >> blocked and my relay become inoperable. It is now unblocked (took >> about a few minutes to get it unblocked) and all is well but this >> whole thing is becoming quite annoying and I can't blame Hetzner for >> that and I can certainly not ask them to change their whole security >> practice pretending that this a Tor issue when it's something that's >> caused by a single operator. >> >> As for how to deal with it, simply click on the retest link in the >> abuse report. The ticket will be closed and they'll ask for a >> statement from you and you can copy and paste the same response over >> and over again and you'll be fine. >> >> Cheers >> >> >> On 12/24/2025 6:39 PM, Diyar Ciftci via tor-relays wrote: >>> Good evening, >>> >>> Apologies as this is likely the incorrect way to do things. I'm not >>> fantastic with mailing lists. I saw on tor forum that some people >>> were getting these netscan emails from hetzner. >>> https://forum.torproject.org/t/tor-relays-abuse-report-from-relays-in-family-7eaac49a7840d33b62fa276429f3b03c92aa9327/20693 >>> >>> I got my first a few months ago and I just got my second one about >>> an hour ago. Both times it was to the 1st amendment group IP >>> addresses. Last time I just clicked their check button and it passed >>> and then I gave reasoning in the next link. For some reason it >>> doesn't seem to be liking when I click the first link this time and >>> keeps saying not solved. I don't know what my best course of action >>> is. I've gotten 2 reports for hetzner for a guard and 0 for netcup >>> for an exit relay :( I saw in the forum post (which is to a clone of >>> the mailing list) about temporarily blocking tor but that feels a >>> bit deceptive so I don't really want to go down that route. The best >>> thing though it may be a long process as there may be a potential >>> harm to how circuits are built negatively affecting user anonymity >>> is for the tor program to operate in a manner so that it doesn't >>> look like a netscan to some sensitive providers like hetzner even >>> though we know it isn't a netscan anyways. >>> >>> If this issue keeps coming up with hetzner I may look at not hosting >>> a tor relay with them because I have a lot of stuff on this server >>> like my personal website and project mirrors and such and don't want >>> those to be negatively affected due to a unjust IP ban by hetzner >>> for running a tor relay. >>> >>> Any advice? >>> >>> Kind regards, >>> Diyar Ciftci >>> >>> _______________________________________________ >>> tor-relays mailing list -- [email protected] >>> To unsubscribe send an email to [email protected] >
_______________________________________________ tor-relays mailing list -- [email protected] To unsubscribe send an email to [email protected]
