[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Idiotical abuses against Tor-servers

On 2011-09-22 07:20 , Orionjur Tor-admin wrote:
> Periodically, about one time in a half of year, some people posts an
> abuses against my Tor-server which seems as idiotical.

I guess you mean your Tor exit node.

> To days ago my vds-provider received the next abuse report:
> Frankly speeking, I don't understand what is the claim. Somebody -
> through my node - visit their web-site using client's web-browser...

Somebody exiting through your exit node effectively attempted to mirror
at the highest speed possible the remote website, those where 85
requests for a variety of pages in under 60 seconds. For the operator of
the website that is apparently a very high rate and abuse-reporting worthy.

Likely an automated client of sorts caused this to happen through your
exit node.

> For resolving that abuse report I include their ip-address in my exit
> reject policy... And send them a message in which I note  that posting
> abusing against Tor servers can create troubles to their clients which
> may have an interest in their anonymity to accesse to them Internet
> resourses.

That could work for you, it does not solve the fact that someone is
using Tor for mirroring websites at high speed (good that your exit
allows them to though).

> But it is so strange - if they don't want that anybody connect them
> through the Tor, what is the problem to blacklist the list of Tor-exits?

They don't care about Tor they likely don't even know that Tor is being
used for this.

They do care about the fact that somebody is mirroring their content
which in turn might overload their system, but they are calling it a
"RIP", I guess they mean the English 'to rip' not a DoS or something.

> Why they mean that it needs to post abuses?

They think that rate-limitting should be applied at the user (eg you as
that is the IP they see), while IMHO if they have a rate-limit, they
should enforce it.

A proper reply to them could be:
  If you don't want to have your site mirrored in this fashion, then
rate-limit on source-IP on your side and more importantly implement a
proper robots.txt on your site.

Note that at the moment http://www.drweb.com/robots.txt contains:

Sitemap: http://www.drcreation.fr/sitemap.sitemap.xml

Which is actually an indicator that they want to be mirrored ;)

Of course, as the robot performing these actions is not disclosing it's
real-IP or real user-agent and as that robot is obviously is likely
ignoring any robots.txt, I would not be surprised if that won't help
much, but the rarelimit on the server side definitely will help quite a
bit for their problem, as they seem to have a problem with it.

> Maybe it is a latent action against Tor-net in whole? Or it is simply an
> idiocy of their system administrators?

The latter.

tor-talk mailing list