[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

blocking google groups [was Re: ExitPolicy abuse]

I also got a report recently from someone about UUNet abuse through Google. Apparently they had reported it to google, but never got an answer (not surprising, in my experience google is very slow to respond to mail, if they ever respond). I think the problem lies with google - they are acting as a proxy from HTTP -> UUNet and not filtering spam along the way.

So until google fixes the problem, I've rejected access to google's network. I don't know how many ways groups.google.com may be accessed, but my first stab is to block , which contains the 3 servers listed right now in DNS.

Perhaps over time we're going to have to build up a list of networks that are wide open for abuse, like google groups, which we may want to block in a default exit policy..


SK wrote:
Strangely I had exactly the same two reports against my Tor server

1- 2005-01-26 19:35:04 unknown, bots
2 - Google Groups posting via their HTTP interface (eg. on Sun, 6 Feb
2005 11:43:32 +0000 (UTC))

After the 1st incident was reported to me, I changed the exit policy
to block IRC because I reasoned that the bot could be an IRC based on.
Changing the exit policy to allow only 80, 443 and 22 I thought I will
be fine, until the second report came in.

SURFNet which owns the network that my Univ uses (Tor runs on my Univ
machine) is well know to react pretty hard to abuse reports. "Thanks"
to their forwarding of the report to Univ's CERT, I had to shutdown my
Tor server (rather abruptly) on Sunday.

As of now, I am deciding whether to restart the server with a reject
*:* or not to run any server at all, since I do not know how much of a
benefit anyone will have with a Tor server with such a strict exit
policy :(

Any suggestions?


On Tue, 8 Feb 2005 20:12:44 -0500, Christopher Heschong <chris@xxxxxxx> wrote:
Besides the fact that shutting down someone based on a single report
from the notoriously inaccurate SpamCop is silly, I did some
investigation.  The spam reported was actually posted through Google
Groups via their HTTP interface to the Usenet network.  This is a
possible spam propagation vector you server runners may want to take
note of.

Here's one of the messages from google groups:



Unfortunately, I'm not rich enough to own my own network infrastructure
these days.  Since the first "spam" allegation got me shut down for
over 12 hours (mostly due to poor customer service at my network
provider) I've had to make the painful (to me) decision to change my
ExitPolicy to reject *:* and thought some others here might be

I hope that others running tor servers who have the ability to combat
this sort of network muzzling will do so. Exit nodes are where the tor
rubber meets the road, imho, and network AUP bullying is totally
shameful (please conveniently ignore the fact that I caved at the first
sign of problems... :) Anonymous access to network resources is a
vital tool for liberty, so those who can push back on this sort of
abuse (and by abuse I mean being beaten up with an AUP stick), please
push a little harder for us little guys.