I've been an end user of tor for a few years and finally as of last week
purchased a virtualhost to run an exit relay.
After a few days running smoothly, I received a forwarded abuse
complaint from the hosting company from someone saying their are being
DDOS'd by my IP.
I'm prepared per the tor website regarding DMCA notifications, but
haven't found much on how to deal with this situation. I have:
* made it quite obvious that this is an exit node
* reverse dns is tor-exit-node.nenticom.net
* web server running on 8080/80 with the tor notification page
* provide full real name and abuse@xxxxxxxxxxxx contact
* notified the hosting company
* applied the recommended exit policy per the "minimum harassment" post
You can see most of this off Atlas (node: nenticom).
https://atlas.torproject.org/#details/50D04704A5017C02CC63AFE4A66F05DF79ED81F3
Can anyone provide a recommendation of how to respond to this notice
(provided below)? Given the headers the original complainer filed it
looks like someone is running benchmark software over tor.
Maybe after explaining that I'm a tor exit node to the provider I can
offer to block exiting to the IP block belonging to the original
complainer?
Notice from Hosting Provider
----------------------------
Please review the following abuse complaint and provide us with a
resolution:
******************************
Hello,
Over the last three days we have experienced a massive amounts of
incoming HTTP connections from an IP address under your control as part
of a DDOS attack.
Can you please investigate the server/computer associated with this IP
address as it is more than likely compromised and is now part of a BotNet.
For your reference, all requests to our server from the IP in question
are listed in the Apache logs as:
"GET / HTTP/1.0" 500 11680 "-" "ApacheBench/2.3"
The attackers IP address that appears to belong to you or your network
is '192.241.230.170'. Please resolve this as soon as possible.