[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] 30+ mbps node taken down by host

Thanks to everyone for their responses.

1) >>>> Just in case, does any have any recommendations for an unmetered, bulletproof host? <<<<

2) I'll update the wiki host page soon (Seedmonster.net is the host. Very fast, but weak abuse protection).

3) I updated the exit policy per everyone's recommendations. Thank you for this!

4) I sent the EFF-style abuse explanations to the host (and I already had the Tor warning page set up for the www server), and told the host I'll work with the complainants to address the tickets, but the host doesn't seem swayed... I think the next time they get a complaint, they're just going to kill the node and I'll have to find a new host. I've pushed up to 70mbps of traffic through them during peak hours, so I think they might just be tired of the traffic (even though I offered to throttle it).

On 7/4/2012 8:32 AM, grarpamp wrote:
Thank you for the response. Unfortunately, it looks like this might be
an impossible problem to solve, since they followed it up and said it's
forum spam and hack attempts, not just email spam.  Basically, my node
So they're keep changing their story. It seems they want to get rid of you.
Seems more like they're just sending more details.
I'd tell them you'd like to resolve each ticket they have for them.
That you want the reports, including headers so you can reply
and work with the complainant.
That you want to block the original sites to prevent future issues.
You already know and can block buyandsmoke.
Learn them about Tor a bit... used by journalists, employers,
students at school, etc. Tell them you'll try to close every
report they send you. Explain port 80/443 is going to generate
reports, but you can kill it if you have to.
Reduce the exit policy... imaps, pop3s, submission, ssh, bitcoin, etc.
These places see tickets, they want to see someone stand up
and close and try to prevent them is all.
If none of that works, go non-exit mode, or start shopping.

I personally use the following Exit Policy:
Curiously missing is submission(587) which is RFC'd to be
the authenticated and usually encrypted means for submitting
outgoing mail to the provider of your @account for delivery
to your recipients @mx. That delivery by the server may then
happen over smtps(465), which is really just encryption over
the same old (open)relay or @mx endpoint smtp(25) config.
25/465 can have starttls and auth, but 587 does by default.
587 is more important for users sending, while 25/465 is
now usually for mail servers in the backend cloud.
A side benefit of 587 is that reports often stop at the MSA, as it
is their @account and they deal with it. Whereas with smtp relay,
they just see the source IP and report it to the ISP, who then shut
down your Tor node.


Who uses telnets(992)? MUD's? Really?
tor-talk mailing list

tor-talk mailing list