[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] LeaseWeb disconnects Tor exit node for forum "spam"

Eric (and the rest of the list),

If you have a problem with LeaseWeb & Tor mail me at a.dejoode@xxxxxxxxxxxx,
so I can recity any problems.

If you can mail me the ticket numer on the above address I'll fix it.

Cheers,
Alex de Joode

On Tue, Feb 28, 2012 at 04:28:56PM +0000, Beyond Hosting wrote:
> I just thought I would notify the list that leaseweb is not a safe place to
> host a Tor exit node.
> 
> Occasionally I would get a complaint from leaseweb but it would be marked
> as priority "normal" (basically meaning its informational only and you
> don't have to reply to it) but recently they are now null routing the
> server.
> 
> My node was running for about 8 months without any real problems.
> Now it seems leaseweb has subscribed to lists from stop forum spam and
> project honeypot and is not accepting Tor as an explanation.
> 
> I thought I was safe from complaints by only allowing http/https ports so
> no p2p so I am curious if any other exit node operators had to deal with
> this problem with forum spam.
> 
> This was a surprise to be treated like this by leaseweb which I am a large
> customer with many servers and I have heard only good things about how they
> stand up for their customers and don't respond to DMCA's and such.
> 
> Does anyone have any ideas how to prevent this or a better strategy for
> responding to these type of complaints?
> 
> Also does anyone know if forum spam is really illegal under dutch law?
> I was almost going to hire a lawyer since they pissed me off and it seems
> quite clear that there is nothing in their contract that prohibits this but
> I do not want to make an issue of it and have them cancel my entire service
> since my business is based around leaseweb servers and there is no real
> alternative at their price/bandwidth level.
> 
> I have included my full exchange with them below.
> 
> Eric.
> 
> > On 13/02/2012 08:21, LeaseWeb - Security - Feeds wrote:
> >> Eric,
> >>
> >> If you have a server with us, you?ll have to prevent it from generating
> >> abuse, if you don?t the IP gets nullrouted it?s as simple as that. We
> >> have many other customers that operate anonymous VPN services and none
> >> of them had any problem blocking abuse generated by X-Rumer with the
> >> information provided by Stopforumspam so there is no reason why you
> >> would not be able to do so.
> >> Regarding the definition of spam, Dutch law states that spam is any
> >> form of unwanted electronic communication such as but not limited to e-
> >> mail, sms, forum posts and faxes. This law is enforced by OPTA, the
> >> Dutch telecom agency. The acceptable use policy forbids unlawful
> >> activities. Violating the Dutch anti-spam law with forum spam qualifies
> >> as such. The IP will be unblocked once you are ready to implement a
> >> solution.
> >>
> >> Kind Regards,
> >>
> >> Rob Kruit CISSP
> >> Senior Security Engineer
> >>
> >> LeaseWeb B.V.
> >> P.O. Box 93054
> >> 1090BB Amsterdam
> >> The Netherlands
> >> Tel: +31 20 3162880
> >> Fax: +31 20 3162890
> >> Skype: lsw.sec.rob.kruit
> >> E-Mail: r.kruit@xxxxxxxxxxxx
> >> PGP KeyID: 1FC92F92
> >> http://www.leaseweb.com
> >>
> >> On Sat Feb 11 09:16:29 2012, beyondhosting.com wrote:
> >>> That agreement still defines spam as email.
> >>> Dutch and European law also defines spam as email and there is no law
> >>> against forum "spam", and stopforumspam.com are not a law enforcement
> >>> agency.
> >>>
> >>> I do not understand why you are being difficult about this.
> >>> No actual person has made a complaint, If a person made a complaint,
> >>> I can block access to his site from my Tor node.
> >>> Stopforumspam.com purposely hides the details of the complainant making
> >>> it impossible to respond to it or block access.
> >>>
> >>> Your complaint has not listed any URL that I can block, so there is
> >>> nothing I can do about it.
> >>> Also that Tor connections last only 10 minutes, so the activity you are
> >>> referring to is long finished and cannot be undone.
> >>> So nothing can be done to prevent this, also websites that do not wish
> >>> to receive Tor traffic are free to block Tor without any assistance
> from me.
> >>> As a Tor node operator I am acting as an ISP and have no liability for
> >>> the actions of my users, and leaseweb has no liability either.
> >>> Anonymity is not a crime and Tor is legal in The Netherlands.
> >>>
> >>> You have the ability to close this complaint and restore my server so
> >>> please do so, since no laws have been broken.
> >>>
> >>> I have almost 100 servers and pay your company over ?11,000 per month
> and
> >>> your reaction to this has put doubt in my mind that you are a company I
> >>> can rely on for the continuation of my business, it seems you don't care
> >>> about standing up for the rights of your customers, or about following
> >>> the wording of your own contract.
> >>>
> >>> Thanks,
> >>> Eric.
> >>>
> >>> On 09/02/2012 12:07, LeaseWeb - Security - Feeds wrote:
> >>>> Master agreement: section 2.1 and 2.2
> >>>> Again, as the IP has been assigned to you, you are responsible to
> >>>> prevent any abuse originating from that IP. Running TOR, a VPN service
> >>>> or any other network relay service does not exclude you from that
> >>>> responsibility. If you are unable to take appropriate measures, then I
> >>>> suggest you'll remove the TOR exit node from that system.
> >>>>
> >>>> Kind Regards,
> >>>>
> >>>> Rob Kruit CISSP
> >>>> Senior Security Engineer
> >>>>
> >>>> LeaseWeb B.V.
> >>>> P.O. Box 93054
> >>>> 1090BB Amsterdam
> >>>> The Netherlands
> >>>> Tel: +31 20 3162880
> >>>> Fax: +31 20 3162890
> >>>> Skype: lsw.sec.rob.kruit
> >>>> E-Mail: r.kruit@xxxxxxxxxxxx
> >>>> PGP KeyID: 1FC92F92
> >>>> http://www.leaseweb.com
> >>>>
> >>>> On Thu Feb 09 10:59:08 2012, beyondhosting.com wrote:
> >>>>> Please note that I am a large leaseweb customer paying over ?11,000
> per month.
> >>>>>
> >>>>> I refer to the definition of "spam" in your contract.
> >>>>>
> http://www.leaseweb.nl/uploads/legal/20111115_NL_General_Conditions_v2011-1_11.pdf
> >>>>>
> >>>>> "Spam means unsolicited broadcast e-mail or unsolicited commercial
> >>>>> email that is sent to addresses that do not affirmatively and
> >>>>> verifiably request such e-mail from that specific sender, including
> >>>>> but
> >>>>> not limited to advertising, surveys, information pieces, third party
> >>>>> spamming, website addresses, sales, and auctions"
> >>>>>
> >>>>> Please unblock my server or point me to exactly what specific
> >>>>> condition
> >>>>> of the service you claim I have violated.
> >>>>>
> >>>>> It seems you just shut off my server because of some automated report
> >>>>> and no actual person sent you any complaint.
> >>>>>
> >>>>> What solution do you propose?
> >>>>> I have no way to identify which traffic might be forum spam, and there
> >>>>> is no law requiring me to do, the content is not hosted on the server,
> >>>>> I
> >>>>> am only acting as a network relay which have no liability.
> >>>>>
> >>>>> Thanks,
> >>>>> Eric.
> >>>>>
> >>>>> On 09/02/2012 09:43, LeaseWeb - Security - Feeds wrote:
> >>>>>> Dear Customer,
> >>>>>>
> >>>>>> The IP has been nullrouted as no action has been taken. Running a TOR
> >>>>>> node cannot be seen as an excuse for generating abuse. Forum spam is
> >>>>>> generated by the Xrumer application
> http://en.wikipedia.org/wiki/XRumer
> >>>>>> As you can see, these activities are in fact spamming and thus
> illegal.
> >>>>>> The Stopforumspam reports are accurate and this form of abuse needs
> to
> >>>>>> be prevented. Since the IP is assigned to you, implementing a working
> >>>>>> solution to prevent this kind of activity is your responsibility.
> >>>>>> Kind Regards,
> >>>>>>
> >>>>>> Rob Kruit CISSP
> >>>>>> Senior Security Engineer
> >>>>>>
> >>>>>> LeaseWeb B.V.
> >>>>>> P.O. Box 93054
> >>>>>> 1090BB Amsterdam
> >>>>>> The Netherlands
> >>>>>> Tel: +31 20 3162880
> >>>>>> Fax: +31 20 3162890
> >>>>>> Skype: lsw.sec.rob.kruit
> >>>>>> E-Mail: r.kruit@xxxxxxxxxxxx
> >>>>>> PGP KeyID: 1FC92F92
> >>>>>> http://www.leaseweb.com
> >>>>>>
> >>>>>> On Thu Feb 09 09:45:03 2012, beyondhosting.com wrote:
> >>>>>>> PLEASE STOP SENDING THESE COMPLAINTS EVERY DAY!!!!
> >>>>>>> REMOVE THIS IP FROM YOUR REPORTS
> >>>>>>>
> >>>>>>> This IP address is a Tor exit node (kind of an open proxy).
> >>>>>>> Only HTTP traffic is allowed and email port 25 is blocked.
> >>>>>>> Your abuse complain mistakenly report this as spam, it is not spam,
> it
> >>>>>>> is a HTTP request only.
> >>>>>>>
> >>>>>>> If you want a site blocked from being accessed through the proxy, I
> >>>>>>> need
> >>>>>>> to know the domain name or IP to block access to which you have not
> >>>>>>> provided.
> >>>>>>>
> >>>>>>> There is nothing illegal about this activity and the IP is not
> listed
> >>>>>>> in any spam blacklists.
> >>>>>>>
> >>>>>>> Web sites can choose to block the IP address of my server (or all
> TOR
> >>>>>>> nodes) if they do not want to receive this traffic.
> >>>>>>>
> >>>>>>> The IP address in question is a Tor exit node.
> >>>>>>> https://www.torproject.org/overview.html
> >>>>>>>
> >>>>>>> There is little we can do to trace this matter further. As can be
> seen
> >>>>>>> from the overview page, the Tor network is designed to make tracing
> of
> >>>>>>> users impossible. The Tor network is run by some 2500 volunteers who
> >>>>>>> use the free software provided by the Tor Project to run Tor
> routers.
> >>>>>>> Client connections are routed through multiple relays, and are
> >>>>>>> multiplexed together on the connections between relays. The system
> >>>>>>> does not record logs of client connections or previous hops.
> >>>>>>>
> >>>>>>> This is because the Tor network is a censorship resistance, privacy,
> >>>>>>> and anonymity system used by whistle blowers, journalists, Chinese
> >>>>>>> dissidents skirting the Great Firewall, abuse victims, stalker
> >>>>>>> targets, the US military, and law enforcement, just to name a few.
> >>>>>>> See https://www.torproject.org/about/torusers.html.en for more info.
> >>>>>>> Unfortunately, some people misuse the network. However, compared to
> >>>>>>> the rate of legitimate use (the IP range in question processes
> nearly
> >>>>>>> a gigabit of traffic per second), abuse complaints are rare.
> >>>>>>> https://www.torproject.org/docs/faq-abuse.html.en
> >>>>>>>
> >>>>>>> On 09/02/2012 08:02, LeaseWeb Security Response Team (LSRT) wrote:
> >>>>>>>> ABUSE TYPE: SPAM
> >>>>>>>> URGENCY: VERY HIGH (4hours notice)
> >>>>>>>> IP: 85.17.97.19
> >>>>>>>>
> >>>>>>>> Dear customer,
> >>>>>>>>
> >>>>>>>> We received a complaint regarding an IP assigned to you. Please
> see the complaint at the bottom of this e-mail. We urge you to take
> appropriate action to prevent future complaints.
> >>>>>>>> PLEASE NOTIFY US WITHIN 4 HOURS WITH TAKEN ACTiONS. FAILURE TO DO
> SO WILL RESULT IN AN IP BLOCK OF THE MENTIONED IP.
> >>>>>>>> LeaseWeb Security Response Team (LSRT)
> >>>>>>>>
> >>>>>>>> ***** ADDITIONAL INFORMATION BY LSRT *****
> >>>>>>>>
> >>>>>>>> ******************************************
> >>>>>>>>
> >>>>>>>> ******************************************
> >>>>>>>>     ORIGINAL COMPLAINT BELOW
> >>>>>>>> ******************************************
> >>>>>>>>
> >>>>>>>> StopForumSpam report for LEASEWEB ASN16265 (as of
> >>>>>>>> 25 Jan 2011)
> >>>>>>>>
> >>>>>>>> IP Number 85.17.97.19  rnds
> >>>>>>>> tor-exit-node.beyondhosting.com
> >>>>>>>> Link
> >>>>>>>> http://www.stopforumspam.com/ipcheck/85.17.97.19
> >>>>>>>> Last seen at 08-Feb-12 22:02:12 Wed
> >>>>>>>> IP reported 2 times (by 2 different sites) in the
> >>>>>>>> last 24 hours
> >>>>>>>> IP seen 13 times in the last month
> >>>>>>>>
> >>>>>>>> Usernames seen from this IP
> >>>>>>>> 24H    1month    Username
> >>>>>>>> 1    1    Ann Martin
> >>>>>>>> 1    1    maznikn
> >>>>>>>>
> >>>>>>>> Emails seen from this IP
> >>>>>>>> 24H    1month    Username
> >>>>>>>> 1    1    Ann_Martin.1981@xxxxxxxxx
> >>>>>>>> 1    1    aiandjsklsbf@xxxxxxxxxxxxxx
> >>>>>>>>
> >>>>>>>> Evidence seen from this IP (last 24 hours only)
> >>>>>>>> , StopForumSpam report for LEASEWEB ASN16265 (as of
> >>>>>>>> 25 Jan 2011)
> >>>>>>>>
> >>>>>>>> IP Number 85.17.97.19  rnds
> >>>>>>>> tor-exit-node.beyondhosting.com
> >>>>>>>> Link
> >>>>>>>> http://www.stopforumspam.com/ipcheck/85.17.97.19
> >>>>>>>> Last seen at 08-Feb-12 22:02:12 Wed
> >>>>>>>> IP reported 2 times (by 2 different sites) in the
> >>>>>>>> last 24 hours
> >>>>>>>> IP seen 13 times in the last month
> >>>>>>>>
> >>>>>>>> Usernames seen from this IP
> >>>>>>>> 24H    1month    Username
> >>>>>>>> 1    1    Ann Martin
> >>>>>>>> 1    1    maznikn
> >>>>>>>>
> >>>>>>>> Emails seen from this IP
> >>>>>>>> 24H    1month    Username
> >>>>>>>> 1    1    Ann_Martin.1981@xxxxxxxxx
> >>>>>>>> 1    1    aiandjsklsbf@xxxxxxxxxxxxxx
> >>>>>>>>
> >>>>>>>> Evidence seen from this IP (last 24 hours only)
> >>>>>>>> ,
> >>>>>>>>
> _______________________________________________
> tor-talk mailing list
> tor-talk@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk