[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Preventing wp-admin related abuse report



On 16/09/15 07:42, spiros_spiros@xxxxxxxxxxx wrote:

Greetings community,


Over last eight weeks a Tor exit that I operate has attracted more
and
more abuse reports and the VPS data centre is starting to lose their
patience with the amount of tickets they open for each incident.

Almost all of the abuse reports are relate to attempts to access
wordpress blogs by exploiting wp-admin or other scripts, and the servers
are protected by bitninja, abusix, spamcop etc to automatically send
abuse complaint. I am now receiving average of 2-3 per week.

I have two questions. First question - is everyone getting this high
amount of wordpress related attacks from exits? Second - are there
recommended steps to take to reduce or prevent this kind of activity?


Hi,

I had 2 similar abuse reports this month so far - and countless ssh scan complains until I decided to block port 22. :(

Chris

Things I try so far: - run exit on reduced policy (obviously not
going to have an impact on
abuse traffic but did make the data centre people happy for a while)
- full security check on VPS including tripwire, clamav, lastcomm
etc
to assure provider that the VPS is not compromised
- Tor port on server has website running explaining that this is a
Tor
exit and linking to more information
- I have offered to work with ISP to change WHOIS to my email
address,
but they do not seem keen on it (some blacklists that the server is
added to will also block the /16 of the IP range)
- Block offended host on the firewall (as a last resort)

Thanks for any suggestions

Spiros

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays