[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] [Need quick help] 30+ mbps node taken down by host
Thank you for the response. Unfortunately, it looks like this might be
an impossible problem to solve, since they followed it up and said it's
forum spam and hack attempts, not just email spam. Basically, my node
is pushing more traffic than most, so it's getting more abuse, faster
(even though this is a tiny percentage of the overall traffic).
Here's what they sent me from their upstream provider:
----------------------------------------------------------------------
The first email came in for a hack attempt from your IP:
Dear Sir/Madam,
We noticed something that resembles a RIP attempt from one of your IP
addresses. Our system temporarily blocked the IP address. Please,
contact the respective user.
In case that there is a need for UPSTREAM content download, they can
register and make use of our legal (xml) download interface ]UPSTREAM URL].
In case that the IP is used for search engine crawling, the user can
inform us to whitelist the respective IP addresss.
52 requests during period Fri Jun 22 02:14:01 2012 - Fri Jun 22 02:15:01
2012 (GMT +1)
was denied at Fri Jun 22 02:15:01 2012 (GMT +1)
user-agent: Mozilla/5.0 (X11; U; Linux x86_64; fr-FR) AppleWebKit/534.7
(KHTML, like Gecko) Chrome/7.0.514.0 Safari/534.7
Kind regards,
Open UPSTREAM Team
----------------------------------------------------------------------
----------------------------------------------------------------------
The second and all following emails (4 emails in total) came in for spam,
StopForumSpam report for ASN16265 (as of
25 Jan 2011)
IP Number XX.XX.XXX.XXX Link
Last seen at 22-Jun-12 04:06:45 Fri
IP reported 31 times (by 2 different sites) in the
last 24 hours
IP seen 34 times in the last month
Usernames seen from this IP
24H 1month Username
1 1 Eirena
1 1 Sheehan
1 2 Rafu
1 1 Barnabas
1 1 Rowland
1 1 Parvati
2 2 Chelsia
1 5 Gwen
1 1 Rudi
1 1 Etienette
1 1 Erianthe
1 1 Alzena
1 1 Starveling
1 3 Althea
1 4 Brayden
1 1 Carlen
1 2 Armorel
1 3 Brennan
3 3 Kinga
1 1 Rarna
3 9 Richard
1 1 Rendor
1 3 Stanton
1 1 Enola
1 1 Pankhudi
1 1 Bhrigu
1 1 Astrea
1 3 Pebbles
2 3 Sage
1 10 Ella
1 1 Brodny
Emails seen from this IP
24H 1month Username
4 27 e22@xxxxxxxxxxxxxxx
3 19 e32@xxxxxxxxxxxxxxx
4 22 e34@xxxxxxxxxxxxxxx
2 21 e27@xxxxxxxxxxxxxxx
2 22 e18@xxxxxxxxxxxxxxx
4 25 e26@xxxxxxxxxxxxxxx
3 18 e16@xxxxxxxxxxxxxxx
5 22 e20@xxxxxxxxxxxxxxx
3 23 e19@xxxxxxxxxxxxxxx
3 21 e35@xxxxxxxxxxxxxxx
2 22 e33@xxxxxxxxxxxxxxx
2 22 e25@xxxxxxxxxxxxxxx
2 20 e31@xxxxxxxxxxxxxxx
4 28 e21@xxxxxxxxxxxxxxx
2 21 e29@xxxxxxxxxxxxxxx
4 23 e28@xxxxxxxxxxxxxxx
4 21 e24@xxxxxxxxxxxxxxx
3 19 e30@xxxxxxxxxxxxxxx
4 26 e17@xxxxxxxxxxxxxxx
Since the forum spam is all over http, I'm not sure there's anything I
can do without crippling it for other users. Any ideas?
Thank you again.
On 7/3/2012 9:29 PM, morphium wrote:
Hi,
you are right, SMTP is blocked by default. But people can i.e. access
hotmail.com via webinterface (where your IP is then put into the mail
as originating IP aswell) or use SMTP on secure ports (but that mostly
comes with authentication, I guess).
You should ask your provider to get the mail headers of the spam, to
see how exactly it was done, and then maybe block i.e. exit to the
hotmail IPs, if it was sent via hotmail webinterface (to show them you
are doing something).
Best regards!
morphium
2012/7/4 Name Withheld <survivd@xxxxxxxxx>:
Hello,
My VPS fast tor exit got taken down by the host today for sending spam
emails. Apparently the upstream provider complained to them about it. I
thought SMTP was supposed to be disabled by default in the tor config, but
apparently my node was sending stuff through (even though I didn't do
anything to change the default setting for that).
The host is going to give me a chance to see if I can block it, but if I
can't get the spam to stop, they're going to make me kill the node. I prefer
not to do this kind of thing, but since it's their house, it's their rules.
Can someone please tell me precisely (what file, what entry) how to
configure:
1) Tor to block smtp
2) Local machine to block smtp egress
3) Any other possible way to detect/filter outgoing mail Thank you very much
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk