[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Fwd: [Abuse #KMLTFQPGVQ] Abusive use of your service vps-3e661acc.vps.ovh.net

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Fwd: [Abuse #KMLTFQPGVQ] Abusive use of your service vps-3e661acc.vps.ovh.net
From: René Ladan via tor-relays <tor-relays@xxxxxxxxxxxxxxxxxxxx>
Date: Mon, 4 Nov 2024 18:33:25 +0100
Arc-authentication-results: i=1; smtp.freedom.nl; auth=pass smtp.mailfrom=rene0@xxxxxxxxxx
Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freedom.nl; s=default; t=1730741605; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=C1cc9XRGkZntUVc4i4bC6r658VdOIhjinK61WJMSPmE=; b=FS8moVOc9cyJAYHBex5wCvGL8xBNp1idJHzL8kpejT9ecKbw+aB/bTZk5YD93C/Qlu/u+a sEzqSpVhg5b88vzV9+FosOApsg02PmAbXSHLDlUxVCT25GGxoKbDg85sQGyZUdEs3a8OIo Eep5/CdzZg7caIEms5u7ja3Irk93nc8=
Arc-seal: i=1; s=default; d=freedom.nl; t=1730741605; a=rsa-sha256; cv=none; b=kC3EN2NLSqmlxnKJ9+ey4gRQ1VdDqQwca0fFBeQHcoYHP58vsni1BE7ArVvT0DjW4qvv+u syBj58O3N+WiMsd9Gm6L3PA76g0Gp1O2gabEhStMdN17uYibshoFhr0jrmojO2E6Wov8ka /scn+dWfuR5so4BoUFha585t1fJwKBo=
Cc: René Ladan <rene0@xxxxxxxxxx>
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 07 Nov 2024 09:37:13 -0500
Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=lists.torproject.org; s=2022-eugeni; t=1730990223; bh=dIy9UyYdGrvjYYoLFipShDcPu1KjtNeJ+HmCfbb1N88=; h=Date:To:References:In-Reply-To:Subject:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc: From; b=qrlm+pAnWHlyOJ8HagRP8lX02g4BJVifp1YD+KtTvEyt0HhIIJKTcIMH6usE6G4rT 4Jj8vGX1m0iAzIiAlMXyysyA+u5cBGOqgrf5QUaUiuZwywzqHdKS84oCI5zywrhpiR RdyiAX7sMEdPJjF3nqGMwAPVyw2u3Z9jJ1fVHpRqKDb9ye56tKb3sTL2FObzTBV/dP QsbC/GNUgkpOcARL4zZ+BcPIVtlmFqT3tF4g0ioWRTcfv89RSAEoeBC9qH85RNcbyz 7lxRBkLeAT1CqJzMrGHYmGSQEOThUrvOzNshMpbccuOuHf0UPqGKHaSaVDzMezGq99 jP7fafjf7G5BA==
In-reply-to: <CADqUGAMf=Jhn17P2Ce8nRKzM+qc1dPfDsur+Ce9QV80inea5-Q@mail.gmail.com>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <6726f715.5d0a0220.396250.b02dSMTPIN_ADDED_MISSING@mx.google.com> <CADqUGAMf=Jhn17P2Ce8nRKzM+qc1dPfDsur+Ce9QV80inea5-Q@mail.gmail.com>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

On 11/3/24 05:10, Keifer Bly wrote:

Just got this note, I run a middle relay on ovh. Why would this suddenlyhappen? Thanks. Relay is usdeserveprivacy

Interestingly (for some definition), I got an abuse mail forwarded by myISP today with exactly the same destination addresses and from the samelast Friday as in the your report.


--Keifer


Regards,
René

---------- Forwarded message ---------
From: <ticket+KMLTFQPGVQ.ca83@xxxxxxxxxxxxx<mailto:ticket%2BKMLTFQPGVQ.ca83@xxxxxxxxxxxxx>>
Date: Sat, Nov 2, 2024, 9:07 PM
Subject: [Abuse #KMLTFQPGVQ] Abusive use of your servicevps-3e661acc.vps.ovh.net <http://vps-3e661acc.vps.ovh.net>
To: <keifer.bly@xxxxxxxxx <mailto:keifer.bly@xxxxxxxxx>>


Hello,
An abusive behaviour (Intrusion) originating from your VPSvps-3e661acc[.]vps[.]ovh[.]net has been reported to or noticed by ourAbuse Team.
Technical details showing the aforementioned problem follow :

-- start of the technical details --

&lt;html&gt;
&lt;head&gt;
<meta http-equiv="Content-Type" content="text/html;charset=us-ascii"></head>
&lt;body&gt;&lt;pre&gt;
Greetings Fellow Sys Ad/s
I hope this message finds you well. I'm reaching out to you todayregarding a matter of potential concern involving one or more IPaddresses associated with your systemOur network security logs have recently detected unusual activityoriginating from these IP addresses. While we understand that suchincidents can sometimes occur innocently, it's crucial toinvestigate and address them promptly to ensure the security of allnetworks involved
To assist you in understanding the situation, we have provided therelevant log data below, with timestamps adjusted to our GMT &#43;8timezone:
DateTime Action AttackClass SourceIP SrcportProtocol DestinationIP DestPort0 01-Nov-2024 05:07:55 DENIED 51[.]68[.]197[.]220 44959 TCP 202[.]91[.]161[.]97 221 01-Nov-2024 05:24:37 DENIED 51[.]68[.]197[.]220 58734 TCP 202[.]91[.]161[.]98 222 01-Nov-2024 08:48:23 BLOCKED 51[.]68[.]197[.]2208551 TCP 202[.]91[.]161[.]132 223 01-Nov-2024 08:53:27 BLOCKED 51[.]68[.]197[.]2202419 TCP 202[.]91[.]161[.]169 224 01-Nov-2024 08:58:05 BLOCKED 51[.]68[.]197[.]2205917 TCP 192[.]168[.]200[.]216 225 01-Nov-2024 08:59:24 BLOCKED 51[.]68[.]197[.]220 56858 TCP 202[.]91[.]161[.]132 226 01-Nov-2024 09:04:23 BLOCKED 51[.]68[.]197[.]220 32161 TCP 202[.]91[.]161[.]169 227 01-Nov-2024 09:17:30 BLOCKED 51[.]68[.]197[.]220 33472 TCP 202[.]91[.]161[.]132 228 01-Nov-2024 09:18:02 BLOCKED 51[.]68[.]197[.]220 11282 TCP 202[.]91[.]161[.]132 229 01-Nov-2024 09:19:00 BLOCKED 51[.]68[.]197[.]2203727 TCP 202[.]91[.]161[.]132 2210 01-Nov-2024 09:20:31 BLOCKED 51[.]68[.]197[.]2204388 TCP 202[.]91[.]161[.]169 2211 01-Nov-2024 09:25:57 BLOCKED 51[.]68[.]197[.]2206898 TCP 202[.]91[.]161[.]165 2212 01-Nov-2024 09:32:06 BLOCKED 51[.]68[.]197[.]220 18202 TCP 202[.]91[.]161[.]132 2213 01-Nov-2024 09:39:40 BLOCKED 51[.]68[.]197[.]220 51142 TCP 202[.]91[.]161[.]132 2214 01-Nov-2024 09:45:32 BLOCKED 51[.]68[.]197[.]220 46914 TCP 192[.]168[.]200[.]216 2215 01-Nov-2024 10:40:48 BLOCKED 51[.]68[.]197[.]220 60991 TCP 192[.]168[.]200[.]216 2216 01-Nov-2024 10:42:58 BLOCKED 51[.]68[.]197[.]220 42833 TCP 202[.]91[.]161[.]132 2217 01-Nov-2024 10:47:13 BLOCKED 51[.]68[.]197[.]220 38382 TCP 202[.]91[.]161[.]132 2218 01-Nov-2024 10:47:23 BLOCKED 51[.]68[.]197[.]220 30596 TCP 192[.]168[.]200[.]216 2219 01-Nov-2024 10:47:46 BLOCKED 51[.]68[.]197[.]220 56767 TCP 202[.]91[.]161[.]185 2220 01-Nov-2024 10:52:10 BLOCKED 51[.]68[.]197[.]2208983 TCP 202[.]91[.]161[.]132 2221 01-Nov-2024 10:55:04 BLOCKED 51[.]68[.]197[.]220 55684 TCP 192[.]168[.]200[.]216 2222 01-Nov-2024 10:57:43 BLOCKED 51[.]68[.]197[.]220 37003 TCP 202[.]91[.]161[.]185 2223 01-Nov-2024 10:58:43 BLOCKED 51[.]68[.]197[.]220 10524 TCP 192[.]168[.]200[.]216 2224 01-Nov-2024 11:01:06 BLOCKED 51[.]68[.]197[.]2206384 TCP 202[.]91[.]161[.]132 2225 01-Nov-2024 11:03:46 BLOCKED 51[.]68[.]197[.]2206779 TCP 202[.]91[.]161[.]185 2226 01-Nov-2024 11:06:05 BLOCKED 51[.]68[.]197[.]220 23062 TCP 192[.]168[.]200[.]216 2227 01-Nov-2024 11:58:01 BLOCKED 51[.]68[.]197[.]220 33174 TCP 202[.]91[.]161[.]132 2228 01-Nov-2024 11:58:05 BLOCKED 51[.]68[.]197[.]220 29422 TCP 202[.]91[.]161[.]132 2229 01-Nov-2024 11:58:26 BLOCKED 51[.]68[.]197[.]220 53504 TCP 202[.]91[.]161[.]185 2230 01-Nov-2024 12:00:03 BLOCKED 51[.]68[.]197[.]2205898 TCP 192[.]168[.]200[.]216 2231 01-Nov-2024 12:00:20 BLOCKED 51[.]68[.]197[.]220 38324 TCP 202[.]91[.]161[.]185 2232 01-Nov-2024 12:00:30 BLOCKED 51[.]68[.]197[.]2206362 TCP 202[.]91[.]161[.]132 2233 01-Nov-2024 12:03:11 BLOCKED 51[.]68[.]197[.]220 38581 TCP 202[.]91[.]161[.]132 2234 01-Nov-2024 12:05:37 BLOCKED 51[.]68[.]197[.]220 43932 TCP 202[.]91[.]161[.]132 2235 01-Nov-2024 12:07:27 BLOCKED 51[.]68[.]197[.]2205141 TCP 202[.]91[.]161[.]185 2236 01-Nov-2024 12:08:42 BLOCKED 51[.]68[.]197[.]220 56161 TCP 202[.]91[.]161[.]132 2237 01-Nov-2024 12:12:26 BLOCKED 51[.]68[.]197[.]2206269 TCP 202[.]91[.]161[.]132 2238 01-Nov-2024 12:14:33 BLOCKED 51[.]68[.]197[.]220 164 TCP 192[.]168[.]200[.]216 2239 01-Nov-2024 12:15:48 BLOCKED 51[.]68[.]197[.]220 25787 TCP 202[.]91[.]161[.]185 2240 01-Nov-2024 12:16:39 BLOCKED 51[.]68[.]197[.]2209188 TCP 202[.]91[.]161[.]185 2241 01-Nov-2024 12:16:58 BLOCKED 51[.]68[.]197[.]220 32317 TCP 202[.]91[.]161[.]132 2242 01-Nov-2024 12:22:28 BLOCKED 51[.]68[.]197[.]220 21955 TCP 202[.]91[.]161[.]185 2243 01-Nov-2024 12:29:50 BLOCKED 51[.]68[.]197[.]220 33563 TCP 202[.]91[.]161[.]185 2244 01-Nov-2024 12:32:18 BLOCKED 51[.]68[.]197[.]220 48519 TCP 202[.]91[.]161[.]132 2245 01-Nov-2024 12:33:24 BLOCKED 51[.]68[.]197[.]220 42914 TCP 202[.]91[.]161[.]132 2246 01-Nov-2024 12:34:07 BLOCKED 51[.]68[.]197[.]220 11296 TCP 202[.]91[.]161[.]185 2247 01-Nov-2024 12:36:43 BLOCKED 51[.]68[.]197[.]2206522 TCP 202[.]91[.]161[.]132 2248 01-Nov-2024 12:37:55 BLOCKED 51[.]68[.]197[.]220 57962 TCP 202[.]91[.]161[.]185 2249 01-Nov-2024 12:37:56 BLOCKED 51[.]68[.]197[.]220 53189 TCP 202[.]91[.]161[.]132 2250 01-Nov-2024 12:39:29 BLOCKED 51[.]68[.]197[.]2207411 TCP 192[.]168[.]200[.]216 2251 01-Nov-2024 12:41:51 BLOCKED 51[.]68[.]197[.]220 27413 TCP 192[.]168[.]200[.]216 2252 01-Nov-2024 12:44:00 BLOCKED 51[.]68[.]197[.]220 355 TCP 202[.]91[.]161[.]181 2253 01-Nov-2024 12:50:35 BLOCKED 51[.]68[.]197[.]220 28953 TCP 202[.]91[.]161[.]185 2254 01-Nov-2024 12:50:53 BLOCKED 51[.]68[.]197[.]220 46927 TCP 192[.]168[.]200[.]216 2255 01-Nov-2024 12:52:00 BLOCKED 51[.]68[.]197[.]220 45122 TCP 202[.]91[.]161[.]185 2256 01-Nov-2024 12:55:04 BLOCKED 51[.]68[.]197[.]2204184 TCP 202[.]91[.]161[.]181 2257 01-Nov-2024 12:55:15 BLOCKED 51[.]68[.]197[.]220 33245 TCP 202[.]91[.]161[.]185 2258 01-Nov-2024 12:57:38 BLOCKED 51[.]68[.]197[.]220 50897 TCP 192[.]168[.]200[.]216 2259 01-Nov-2024 12:58:58 BLOCKED 51[.]68[.]197[.]220 35903 TCP 202[.]91[.]161[.]132 2260 01-Nov-2024 12:59:35 BLOCKED 51[.]68[.]197[.]220 16158 TCP 192[.]168[.]200[.]216 2261 01-Nov-2024 13:01:40 BLOCKED 51[.]68[.]197[.]220 18404 TCP 202[.]91[.]161[.]181 2262 01-Nov-2024 13:04:12 BLOCKED 51[.]68[.]197[.]220 32885 TCP 202[.]91[.]161[.]181 2263 01-Nov-2024 13:05:50 BLOCKED 51[.]68[.]197[.]2206316 TCP 202[.]91[.]161[.]132 22
We believe that by working together to resolve this matter swiftly, wecan help safeguard the integrity of our networks and prevent any furtherissues. If you require any additional information or support from ourend to facilitate your investigation, please don't hesitate to reachout.Your prompt attention to this matter would be greatly appreciated. Wevalue your expertise and cooperation in resolving this situationeffectively. Thank you for your time and consideration.For any corrections/updates, kindly email email-removed@provider[.]com</pre></body></html>
-- end of the technical details --
Your should investigate and fix this problem, as it constitutes aviolation to our terms of service.
Please answer to this e-mail indicating which measures you've taken tostop the abusive behaviour.
Cordially,

The OVHcloud Trust & Safety team.

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- [tor-relays] Fwd: [Abuse #KMLTFQPGVQ] Abusive use of your service vps-3e661acc.vps.ovh.net
  - From: Keifer Bly

Prev by Author: Re: [tor-relays] Raspberry Pi 4
Next by Author: Re: [tor-relays] Raspberry Pi 4
Previous by thread: Re: [tor-relays] Fwd: [Abuse #KMLTFQPGVQ] Abusive use of your service vps-3e661acc.vps.ovh.net
Next by thread: Re: [tor-relays] Fwd: [Abuse #KMLTFQPGVQ] Abusive use of your service vps-3e661acc.vps.ovh.net
Index(es):
- Author
- Thread