Re: [tor-relays] Handling abuse request about stopforumspam.com

Subject: Re: [tor-relays] Handling abuse request about stopforumspam.com

From: Tim Wilson-Brown - teor <teor2345@xxxxxxxxx>

Date: Wed, 16 Dec 2015 01:59:45 +1100

Delivery-date: Tue, 15 Dec 2015 10:00:05 -0500

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:message-id :references:to; bh=fL3OAZCoHTDGVLcDQtKN9sdbhpkmMj/6+BlrTl1NXR8=; b=KSYGbxq4dRvbdqapTKnPiFx+4Ri2G87nAqsBSIMubxucLzxKdh4d8qMaf1K+psw0Hb Vvb6wWex/bBRFh+sKWlcljsdD8gv5EjpIew38PrFltyrL5OD2MvHRaRUU4EfWcyew3/t RvUyC6pK850Ihf0Km79NN7VT0rwAUbAUSyDJwdYU98xzwVyl+zsO1iprmQnK7Sv4GHK3 b0YxAtROXx5m6pT150Z4Irga5zYduX1H1T6CZUf/mFVis9i9p9gUL4HkioMeM0E3DZR7 PwFt93L4/XrSaytjSXORkZAQ5C0R7mvY/XztunHM+GWz8m7bs4aFNpjESII7wtYwbxAY hUyw==

In-reply-to: <CALR3k-FCNG7pCHq+ThiUMtJrtTeoMDEmi4w+ragO-01Zw0qrTA@xxxxxxxxxxxxxx>

List-archive: <http://lists.torproject.org/pipermail/tor-relays/>

List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>

List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>

List-post: <mailto:tor-relays@lists.torproject.org>

List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>

List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>

References: <CALR3k-FCNG7pCHq+ThiUMtJrtTeoMDEmi4w+ragO-01Zw0qrTA@xxxxxxxxxxxxxx>

Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx

Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

On 15 Dec 2015, at 18:24, Eran Sandler <eran@xxxxxxxxxxxxx> wrote:

Hi guys,

One of my tor server seems to be getting a lot of abuse reports from the ISP from stopforumspam.com.

http://www.stopforumspam.com/ipcheck/212.47.246.21

Any idea how to reduce those to a minimum in a reasonable way?

Ideally, the forums would work out some way to block connections based on behaviour, rather than source IP.

But in the absence of such sensible measures, there are some things you can do.

Can you block particular IP ranges / ports in your exit policy to avoid the complaints?

For example, if the complaint is from a destination 1.2.3.4:80, add a rule at the *top* of your exit policy saying:

ExitPolicy reject 1.2.3.4:80

You can add IPv6 addresses, port ranges and address masks too:

ExitPolicy reject 1.2.3.4/24:443-445

ExitPolicy reject [2002::abcd]:8080

Tim

Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP 968F094B

teor at blah dot im
OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays