[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-relays] So long and thanks for all the abuse complaints
Abuse complaints are how this thing goes. With your limited exit
policy, you would hardly see any complaints (relatively speaking), and
what you do see would be mostly like SQL hack complaints and such.
It's usually not going to be cases where someone got all the way into
someone's machine, it's going to be mainly complaints about attempts.
I feel like a short notification should be all you need and you're
done with responses to stuff like that, such as:
Hi <person>,
That is the Tor exit router we host. https://www.torproject.org .
Unfortunately, bad actors sometimes misuse Tor for things like this.
If your attacker proves to be a serious problem, you may wish to block
the entire Tor network from your device. A list of Tor exits can be
seen here (and there is also an RBL somewhere):
https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=1.1.1.1 .
Blocking one Tor exit such as mine won't really stop the person. Also,
if I configure my node not to exit to you, the attacker won't
necessarily even notice, as Tor will automatically route him through a
different exit node.
Regards,
- < your sig >
While it's true that the suggestion about blocking all of Tor isn't
ideal for the internet at large, in particular as a response to stupid
scans or web hack attempts that don't actually get in, there are cases
where it may make sense for a server operator to do that on a single
system, if only temporarily.
The main points in this response are the explanations of what Tor is
(via the provided link) and why it never makes sense from the attacked
server's perspective for a single exit to stop exiting to it
specifically. The affected server operator has the choice of ignoring
the attempts, or fixing whatever vulnerability is there if one is
being exploited, or blocking all of Tor. You as a single exit operator
are not a part of that.
There was only one time that I got a bullshit response back from
someone as a result of what I'd sent, and he could be safely ignored,
as he was just an idiot who thought that Tor was a bad thing. There
was another guy who was ignoring my responses and emailing our abuse
box repeatedly - he comes from a relatively rare mindspring.com
address. If that is the one complaining about your exit, he's
worthless. I configured our mail server to reject his abuse
complaints outright (we own our own IP space, so, this is simpler for
us than it would be for you). That mindspring.com guy also had the
bright idea of emailing the networks he saw along his traceroute,
thinking that we are a customer of those networks (we're not).
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays