[tor-relays] Receiving abuse reports for Non-Exit Relay

Subject: [tor-relays] Receiving abuse reports for Non-Exit Relay

From: John Crow via tor-relays <tor-relays@xxxxxxxxxxxxxxxxxxxx>

Date: Sun, 23 Jul 2023 22:07:44 +0000

Arc-authentication-results: i=1; mail.protonmail.ch

Arc-message-signature: i=1; a=rsa-sha256; d=simplelogin.co; s=arc-20230626; t=1690150080; c=relaxed/simple; bh=RgkqjPy4Z197FzbdW96va2jStFt/mj5f36anZI2JJH0=; h=DKIM-Signature:Date:Subject:MIME-Version:Content-Type: Content-Transfer-Encoding:From:To:Message-ID:X-SimpleLogin-Type: X-SimpleLogin-EmailLog-ID:X-SimpleLogin-Want-Signing; b=qLGztPmt14j4ZjbCXq7e4IprDL0HRNG11mWueE8O4X2oRF4o4uH75emc9cNxMAIqfkYmXHcc+M1F+OtKWtEMx2mz1sC4Mwsbd57wLYrSYHIJqFJC12vxxrS7WGOkhiHlMUhCg6pXuwpM6F9Hk3RSWizILVAxpy6pM79Ay6naW8h0XJibLcWmvLOtVmrGc5dA9iW5pvTpbGfwZl22XwdvD+4X8npvGMwk9BoPfJVhfEO/kDnuixVxdMYBQhu+lYAqGyxHqokwmp38l4gQbj2pmEryPfOcA1nkBh39q6YeVPgiNJop8wzBtrF8x3B4ipDWryA4ZHpCC17uc8KwUgecog==

Arc-seal: i=1; a=rsa-sha256; d=simplelogin.co; s=arc-20230626; t=1690150080; cv=none; b=OQ/8Kf5dHJPIRilrLT5+ll40Rrllqyw7Q82YZtkNvaSoiMa7NGt0kEimHzbCu0y4ui5UGERLefCv5kkok5663WUSUVT3IHh/JrFrwpa88nx36SaKJ951kZf/2Ol8TC2mLUeEbJbKAk/i93MRMvYckRB5WG+8Ku08FoZfGuxrcM6grcW2oZ3EuhsjRK/iyBnphdMVG32ykYUi6Q1oBSCHIMRxSm2kQjaqN6YV7qIgNEoa547LD5Zl8lbS1aBwHjul5QdUt32tkCzvoGwLhc6BAdQx7G4xoE+NjupiMxGXpSQ9pd7b6fDAN/2IYF9kXfd9MuumLZuMnnd7I1nvjrA7sQ==

Cc: admin@xxxxxxx

Delivered-to: archiver@xxxxxxxx

Delivery-date: Wed, 26 Jul 2023 15:07:30 -0400

Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=lists.torproject.org; s=2022-eugeni; t=1690398365; bh=hZavhai3/4FqOITHulFB+4dk3VFJwtvTZ1Qe08OVvgc=; h=Date:To:Subject:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:Cc:From; b=ljEjhMkmzrNzGHGLO6qxFDYuSXuJdcgld12hT1LnNyf7/B4CR3WM5hc9VoU7JykMh Bf5E4RNFI697otr1WVOLlN5G+EfmX09o9pBHO72kUzsQ+3hwtw+lpZ8fz7hk6Gvg1q vq3VurCc9vNk3sjcniRXvnMv9ziLfmfN6NG8a+B6nrCl8XJJKLO9OoPbXi+aue8IGu +7Zo9JmNnglF5zOBovhm/ZdvdtWndGXBgj70C6eRZydsRw9cOHdM6Ae8SYUmU3pF8f 4hywzU646nopaLNg5JK6ZV88Hv1IYDzQN/07SdJeW3w3zkNagSQiyNkwFrMWhgShx8 abZS8Iw4pOHHA==

List-archive: <http://lists.torproject.org/pipermail/tor-relays/>

List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>

List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>

List-post: <mailto:tor-relays@lists.torproject.org>

List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>

List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>

Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx

Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

Hello all,

In the past 24 hrs, I have been receiving complaints from my hosting provider that they're receiving hundreds of abuse reports related to port scanning. I have no clue why I'm all of the sudden receiving abuse reports when this non-exit relay has been online for months without issues. In addition, I have other non-exit relays hosted by the same provider with no issues and more across other providers.

I proceeded to reinstall the OS and reconfigure Tor. I was then quickly notified by my hosting provider again of more abuse reports all showing port 22 as target port.

I have not changed my torrc at all and it's still setup as a non-exit relay. No other applications/services were installed alongside Tor. Tor Metrics does not show the relay as Exit either.

It feels like Tor Exit Traffic is leaking through my non-exit relay?

Has anyone else experienced any behavior similar to this? Any ideas on how to fix or prevent this?

prsv admin

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays