|
Ich checked both of my Exit nodes: IP Address 91.219.238.107 is listed in the CBL. It appears to be infected with a spam sending trojan, proxy or some other form of botnet. <- uptime ~16 days IP Address 84.201.38.234 is not listed in the CBL. <-- New node, uptime < 24hrs
>
This was detected by observing this IP attempting to make contact to a s_patcher Command and Control server, with contents unique to s_patcher C&C command protocols.
Not cool at all, let's see how the new node works out. > I have been running a Tor exit node for only 2 days on a fresh IP address. However, that IP address is now blocked by spamhaus because it apparently tried to contact the Command and Control server of the "pony" malware: > > http://cbl.abuseat.org/lookup.cgi?ip=5.79.81.200 > > Other node operators, could you please try your IP address? Perhaps this could explain the recent increase in connections? > |
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays