[tor-relays] guard-failing message
My bridge's log showed: Feb 24 02:25:45.940 [Warning] Your Guard < guard name and fp > is failing a very large amount of circuits. Most likely this means the Tor network is overloaded, but it could also mean an attack against you or potentially the guard itself. Success counts are 129/259. Use counts are 38/38. 242 circuits completed, 0 were unusable, 113 collapsed, and 5 timed out. For reference, your timeout cutoff is 60 seconds. Globe showed no 3-day chart for the guard. For my bridge, the chart showed a lot of traffic, the peaks or less than a KB. This pattern has been going on for a few days. The bridge usage display shows the usual traffic, but more anemic the past several days. To be on the safe side I did the following: * shut down the bridge, * reset my gateway address, * restarted the bridge after about 1/2 hour. Have I overreacted? - eliaz ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] 7 relays gone because of spammers
Hi Thomas, Please feel free to look into this. From everything I've been able to find, trivial events for each server triggered the entire account to be shut down. It would be a real shame if you fot gucked like me. My original goal, before all of this, was to get a partner agreement with them as well. I was hoping to setup a small niche company with custom images prepackaged for immediate use. Their website stated I needed to have 12 services with them before, and I was up to 11. All I had to do was buy one more and wait another month or so before I was going to initiate contact with ovh.biz https://www.ovh.biz/ca/en/ "Conditions of access: You must have been an OVH customer for at least three months and have a portfolio of more than a dozen relevant products." But, well, I can't continue with them. Speak Freely ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] 7 relays gone because of spammers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 As a due note, anything above say 16 characters offers only theoretical protection really and making it too difficult to remember (ie making you write it down or store it elsewhere) can decrease the security. Also, too much "hardening" can be a bad thing. Me and my partner in running our services (s7r) take care not to go overboard on security and matters. Get the ssh to disable root, allow for a specific non-generic user only, use pub-key authentication, non-standard ports and basic hardening on things like webservers and you're golden. We have never had real problems with this simple approach and if we have ever suspected a breach we would simply reinstall the whole system. Regarding OVH: I have a very good relationship with OVH and have a partner agreement in place with them at the moment (my company launches in the coming weeks). Generally the agreement I have is that they will host whatever is legal - nothing more nothing less, so I am quite surprised at this hair trigger sensitivity. I'll bring the matter up with them if that's ok with you, and see if I can get the senior support people to look into it since they generally have much more power than retail support staff. Of course still proceed with the chargeback even if you are happy for me to do this, but for what it's worth extracting a definitive statement from them regarding Tor can't hurt. T On 26/02/2015 15:41, Speak Freely wrote: > justaguy, > > Seriously, who cares? > > The relays are gone. I just checked the passwords now. If you'd > like, I will email you all the passwords - as it doesn't matter. > They have no value as they are protecting nothing. > > > Oh no, I checked the password strength of a dead relay... the > heavens will fall as the ether's protective shield collapses > against the weight of my egregious stupidity... > > > > Speak Freely ___ > tor-relays mailing list tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > - -- Activist, anarchist and a bit of a dreamer. Keybase: https://keybase.io/thomaswhite PGP Keys: https://www.thecthulhu.com/pgp-keys/ Current Fingerprint: E771 BE69 4696 F742 DB94 AA8C 5C2A 8C5A 0CCA 4983 Key-ID: 0CCA4983 Master Fingerprint: DDEF AB9B 1962 5D09 4264 2558 1F23 39B7 EF10 09F0 Key-ID: EF1009F0 Twitter: @CthulhuSec XMPP: thecthulhu at jabber.ccc.de XMPP-OTR: 4321B19F A9A3462C FE64BAC7 294C8A7E A53CC966 -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBAgAGBQJU70NYAAoJEFwqjFoMykmDqDcP/2C81QXHukdAt1qFnC/QFvlP hMaCS2I+T5WVBGEIEkAyY6U0e4pOmAa97OGW5U5VrysojLPKlZR4HL3vcxI2Gl9e RvKbzo/PtYww4k1U4fkhD3rLmpoiDYRO68y3nAwib/ZmPEyDZlppzt7134GKQ2Xz d3o9alV+JuCLE8p22V4g4Y7uR9+aTs4YqWk17uCmx7L/IIqWi2hp/EeGxwyi1G8m 53cMKfU0OwXim+HtcDDVu1CUv/NPRK3rmf+VouzgcXaRdu3iDbeHjeLddbJRtmek ncylP3o44MnPODuqLdmXZnC6h5KZN4ww5qJ7AHULITFQvXyBfxy3cigMU9Ytiz1i tPP2VlAj7r1YvuUgighj4s6mNWGhRI1VltBqFrmlJX/r+XBmjrDRpr0hY3WI4/h/ HKZsZdHsoyP//632kcoXJKLAu4EHD9850N6qKCCv18mL9frzgjt+bZfTVHsgZCK0 lo8oG3NyglgKBXRYw3bqC4Bd9OpONLAMKkA1N3zpUwQIUTvlLioic6nq4KZ5u9+I 1ghPpchIpboPTl4mcshWXkHDrowxrHRJP6KP5RVWD1y2WyV5TuQgOj4dp/AeU+H6 Ng3Cd9JBV4uw0qf9Cx/6i+EZOQoj3CqhyhmdsR19TXJaQogXMtB3PyQGIDBCaJGE umqkwU9EzMxDndV6QLSX =J2fe -END PGP SIGNATURE- ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] 7 relays gone because of spammers
justaguy, Seriously, who cares? The relays are gone. I just checked the passwords now. If you'd like, I will email you all the passwords - as it doesn't matter. They have no value as they are protecting nothing. Oh no, I checked the password strength of a dead relay... the heavens will fall as the ether's protective shield collapses against the weight of my egregious stupidity... Speak Freely ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] 7 relays gone because of spammers
mostly good stuff here, I'd merely suggest you use denyhosts with ssh and keep it on standard 22 with only pubkey access enabled. Serves perfectly well and ssh brute force attempts will get blocked fairly swiftly. fail2ban can also do ssh. -Jason On 02/26/2015 03:24 PM, Speak Freely wrote: > Hi ZEROF, > > I had fail2ban, harden (which includes tiger, tripwire, logcheck, plus > MANY others), all the fancy log checkers, rkhunter and clamav, > unattended-upgrades, and had all logs emailed to me on a daily basis. It > was tedious to go through, but I was trying to do my due diligence. > > I disabled root login, changed ssh port (security through obscurity - > damn right, but I kept it in the privileged range.) > --- > Each password was a minimum of 32 characters, alphanumeric plus symbols. > No two passwords were alike, or remotely similar. > (No, I didn't use keys :@) > > I checked "how secure is my password", and this is the result: > It would take a desktop PC about > 21 quattuordecillion years > to crack your password > > I had to look quattuordecillion up, as my spell checker doesn't know > what it means. In the US, it means 1, followed up 45 zeros. > (In the UK it is 10^84, but I believe the website is American so I'm > sticking with ^45) > --- > I disabled as many services as I could reasonably tolerate. I removed > world rights to as much as I could think. I did everything I could think > of to make each VPS effectively useless except for running a Tor relay. > > My firewall matched my Reduced Exit Policy, plus my "secret" ssh port. > > > I never thought about the honey-pot... That's a good one. > > > Speak Freely > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] 7 relays gone because of spammers
So, you made a POST request to an online "passwordchecker" and they now probably have your password. On 02/26/2015 04:24 PM, Speak Freely wrote: > Hi ZEROF, > > I had fail2ban, harden (which includes tiger, tripwire, logcheck, plus > MANY others), all the fancy log checkers, rkhunter and clamav, > unattended-upgrades, and had all logs emailed to me on a daily basis. It > was tedious to go through, but I was trying to do my due diligence. > > I disabled root login, changed ssh port (security through obscurity - > damn right, but I kept it in the privileged range.) > --- > Each password was a minimum of 32 characters, alphanumeric plus symbols. > No two passwords were alike, or remotely similar. > (No, I didn't use keys :@) > > I checked "how secure is my password", and this is the result: > It would take a desktop PC about > 21 quattuordecillion years > to crack your password > > I had to look quattuordecillion up, as my spell checker doesn't know > what it means. In the US, it means 1, followed up 45 zeros. > (In the UK it is 10^84, but I believe the website is American so I'm > sticking with ^45) > --- > I disabled as many services as I could reasonably tolerate. I removed > world rights to as much as I could think. I did everything I could think > of to make each VPS effectively useless except for running a Tor relay. > > My firewall matched my Reduced Exit Policy, plus my "secret" ssh port. > > > I never thought about the honey-pot... That's a good one. > > > Speak Freely > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- https://justaguy.pw PGP fingerprint: 8516 5FFC 011A 6465 D042 6AC1 D719 1F41 B7CE EDFF The Net treats censorship as a defect and routes around it. ~John Gilmore, 1993 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] 7 relays gone because of spammers
Hi ZEROF, I had fail2ban, harden (which includes tiger, tripwire, logcheck, plus MANY others), all the fancy log checkers, rkhunter and clamav, unattended-upgrades, and had all logs emailed to me on a daily basis. It was tedious to go through, but I was trying to do my due diligence. I disabled root login, changed ssh port (security through obscurity - damn right, but I kept it in the privileged range.) --- Each password was a minimum of 32 characters, alphanumeric plus symbols. No two passwords were alike, or remotely similar. (No, I didn't use keys :@) I checked "how secure is my password", and this is the result: It would take a desktop PC about 21 quattuordecillion years to crack your password I had to look quattuordecillion up, as my spell checker doesn't know what it means. In the US, it means 1, followed up 45 zeros. (In the UK it is 10^84, but I believe the website is American so I'm sticking with ^45) --- I disabled as many services as I could reasonably tolerate. I removed world rights to as much as I could think. I did everything I could think of to make each VPS effectively useless except for running a Tor relay. My firewall matched my Reduced Exit Policy, plus my "secret" ssh port. I never thought about the honey-pot... That's a good one. Speak Freely ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] 7 relays gone because of spammers
After much research, I've found some interesting tidbits. Out of the 88 blacklists mxtoolbox reports against, 6/7 relays reported 3 problems - 1) Efnet blocks Tor exits and reported. No exceptions. - 2) CBL detected a single trojan/malware/spam, etc, and reported - 3) Spamhaus ZEN detected CBL's detection, and reported 1 of the 7 relays also had two hits from Mailspike - 1) Mailspike Z found a distributed spam wave, and reported - 2) Mailspike BL aggregates other Mailspike lists, and reported Essentially, all 7 of my relays were taken down because of trivial issues, all but 1 being single instances of reported problems from a single source. Both CBL and Mailspike offer de-listing services that are easy to use, and straight forward. I spoke with MasterCard yesterday, and they've mailed off the paperwork I need to fill out to do the charge-back. I won't get into the specifics, but they were encouraging. I will also be moving my unrelated business dealings away from OVH as soon as possible. Speak Freely ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Same relay (identity key) on two IPs
There's a long-standing bug for this scenario [1]. Apparently, this "confuses clients". But as you've fixed this now, there shouldn't be any problems. [1] https://trac.torproject.org/projects/tor/ticket/608 On 26/02/2015 14:31, catchthemall wrote: Hi all, tl;dr: Due to a config error my relay [1] was running on two different IPs at the same time for about half a day. Now the traffic has dropped. I just wanted to make sure that it is not flagged as malicious or something ... Additionally I am curious about the policy in such a case. What happens if a relay shows up in the network with the same identity key but on different IP addresses? long-version (kinda funny): I am using webtropia [2] as a service provide which is, as far I can tell, is a good choice for running a relay. Some time ago I decided to change the hosting plan and switch to another offer at the same provider. For that reason I let my old contract run out until they notified me that my server will be shut down and deleted. After receiving this notification I checked that indeed my relay server was no longer reachable. Some time passed by until I had time to setup my old relay (same identiy key) on the new server. Done so I launched it and was happy to enjoy the increased bandwidth. What I missed was that in the meantime the old server was reactivated by the hosting provider without notifying me and as a result was running at the same time as the new one for about half a day. After I recognised this, I tried to ssh to the old server - which still worked perfectly and indeed confirmed that everything was as I left it. I shut down the relay running on the old server and wrote an e-mail to the hosting provider checking if they are going to charge me the reactivation and why the hell reactivated it. Up until now I only got an response that my old server was "shut down" and that the "hard disk was deleted on the 29.01.2015" ... .. I thought well ... since I can still ssh to that server I kinda doubt that this is the case. So since I still had ssh access to the "shut down server" I decided to setup another relay on the "deleted hard disk" of this machine until they believe me that there exists a small possibility that this thing is still running ... The "ghost" relay [2] is running fine up until now. [1] https://atlas.torproject.org/#details/5A9B5923F4937C3ED76B0AD4CF1030C11FCAF1FA [2] http://www.webtropia.com/index.php [3] https://atlas.torproject.org/#details/23C31DBBEB898145D6E090D6DD8C06D72E55F972 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Same relay (identity key) on two IPs
I thought the link to atlas page: https://atlas.torproject.org/#details/5A9B5923F4937C3ED76B0AD4CF1030C11FCAF1FA might be enough since it includes the fingerprint: AllquanTor 5A9B5923F4937C3ED76B0AD4CF1030C11FCAF1FA And as a prove that I am in control of the respective IP I included your response at the URL where the relay is currently running: http://89.163.224.212/verifystory/mail.txt Is there any more information/verification you need? On 26.02.2015 14:35, justaguy wrote: > You didn't include your fingerprint or IP's, so there isn't any way for > someone to check. > On 02/26/2015 02:31 PM, catchthemall wrote: >> Hi all, >> >> tl;dr: >> >> Due to a config error my relay [1] was running on two different IPs at >> the same time for about half a day. Now the traffic has dropped. >> I just wanted to make sure that it is not flagged as malicious or >> something ... >> Additionally I am curious about the policy in such a case. What happens >> if a relay shows up in the network with the same identity key but on >> different IP addresses? >> >> >> long-version (kinda funny): >> >> I am using webtropia [2] as a service provide which is, as far I can >> tell, is a good choice for running a relay. Some time ago I decided to >> change the hosting plan and switch to another offer at the same >> provider. For that reason I let my old contract run out until they >> notified me that my server will be shut down and deleted. >> After receiving this notification I checked that indeed my relay server >> was no longer reachable. >> Some time passed by until I had time to setup my old relay (same identiy >> key) on the new server. Done so I launched it and was happy to enjoy the >> increased bandwidth. >> What I missed was that in the meantime the old server was reactivated by >> the hosting provider without notifying me and as a result was running at >> the same time as the new one for about half a day. >> >> After I recognised this, I tried to ssh to the old server - which still >> worked perfectly and indeed confirmed that everything was as I left it. >> I shut down the relay running on the old server and wrote an e-mail to >> the hosting provider checking if they are going to charge me the >> reactivation and why the hell reactivated it. >> Up until now I only got an response that my old server was "shut down" >> and that the "hard disk was deleted on the 29.01.2015" ... >> >> .. I thought well ... since I can still ssh to that server I kinda doubt >> that this is the case. >> So since I still had ssh access to the "shut down server" I decided to >> setup another relay on the "deleted hard disk" of this machine until >> they believe me that there exists a small possibility that this thing is >> still running ... >> The "ghost" relay [2] is running fine up until now. >> >> [1] >> https://atlas.torproject.org/#details/5A9B5923F4937C3ED76B0AD4CF1030C11FCAF1FA >> [2] http://www.webtropia.com/index.php >> [3] >> https://atlas.torproject.org/#details/23C31DBBEB898145D6E090D6DD8C06D72E55F972 >> ___ >> tor-relays mailing list >> tor-relays@lists.torproject.org >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > > > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Same relay (identity key) on two IPs
You didn't include your fingerprint or IP's, so there isn't any way for someone to check. On 02/26/2015 02:31 PM, catchthemall wrote: > Hi all, > > tl;dr: > > Due to a config error my relay [1] was running on two different IPs at > the same time for about half a day. Now the traffic has dropped. > I just wanted to make sure that it is not flagged as malicious or > something ... > Additionally I am curious about the policy in such a case. What happens > if a relay shows up in the network with the same identity key but on > different IP addresses? > > > long-version (kinda funny): > > I am using webtropia [2] as a service provide which is, as far I can > tell, is a good choice for running a relay. Some time ago I decided to > change the hosting plan and switch to another offer at the same > provider. For that reason I let my old contract run out until they > notified me that my server will be shut down and deleted. > After receiving this notification I checked that indeed my relay server > was no longer reachable. > Some time passed by until I had time to setup my old relay (same identiy > key) on the new server. Done so I launched it and was happy to enjoy the > increased bandwidth. > What I missed was that in the meantime the old server was reactivated by > the hosting provider without notifying me and as a result was running at > the same time as the new one for about half a day. > > After I recognised this, I tried to ssh to the old server - which still > worked perfectly and indeed confirmed that everything was as I left it. > I shut down the relay running on the old server and wrote an e-mail to > the hosting provider checking if they are going to charge me the > reactivation and why the hell reactivated it. > Up until now I only got an response that my old server was "shut down" > and that the "hard disk was deleted on the 29.01.2015" ... > > .. I thought well ... since I can still ssh to that server I kinda doubt > that this is the case. > So since I still had ssh access to the "shut down server" I decided to > setup another relay on the "deleted hard disk" of this machine until > they believe me that there exists a small possibility that this thing is > still running ... > The "ghost" relay [2] is running fine up until now. > > [1] > https://atlas.torproject.org/#details/5A9B5923F4937C3ED76B0AD4CF1030C11FCAF1FA > [2] http://www.webtropia.com/index.php > [3] > https://atlas.torproject.org/#details/23C31DBBEB898145D6E090D6DD8C06D72E55F972 > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- https://justaguy.pw PGP fingerprint: 8516 5FFC 011A 6465 D042 6AC1 D719 1F41 B7CE EDFF The Net treats censorship as a defect and routes around it. ~John Gilmore, 1993 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Same relay (identity key) on two IPs
You didn't include your fingerprint or IP's, so there isn't any way for someone to check. On 02/26/2015 02:31 PM, catchthemall wrote: > Hi all, > > tl;dr: > > Due to a config error my relay [1] was running on two different IPs at > the same time for about half a day. Now the traffic has dropped. > I just wanted to make sure that it is not flagged as malicious or > something ... > Additionally I am curious about the policy in such a case. What happens > if a relay shows up in the network with the same identity key but on > different IP addresses? > > > long-version (kinda funny): > > I am using webtropia [2] as a service provide which is, as far I can > tell, is a good choice for running a relay. Some time ago I decided to > change the hosting plan and switch to another offer at the same > provider. For that reason I let my old contract run out until they > notified me that my server will be shut down and deleted. > After receiving this notification I checked that indeed my relay server > was no longer reachable. > Some time passed by until I had time to setup my old relay (same identiy > key) on the new server. Done so I launched it and was happy to enjoy the > increased bandwidth. > What I missed was that in the meantime the old server was reactivated by > the hosting provider without notifying me and as a result was running at > the same time as the new one for about half a day. > > After I recognised this, I tried to ssh to the old server - which still > worked perfectly and indeed confirmed that everything was as I left it. > I shut down the relay running on the old server and wrote an e-mail to > the hosting provider checking if they are going to charge me the > reactivation and why the hell reactivated it. > Up until now I only got an response that my old server was "shut down" > and that the "hard disk was deleted on the 29.01.2015" ... > > .. I thought well ... since I can still ssh to that server I kinda doubt > that this is the case. > So since I still had ssh access to the "shut down server" I decided to > setup another relay on the "deleted hard disk" of this machine until > they believe me that there exists a small possibility that this thing is > still running ... > The "ghost" relay [2] is running fine up until now. > > [1] > https://atlas.torproject.org/#details/5A9B5923F4937C3ED76B0AD4CF1030C11FCAF1FA > [2] http://www.webtropia.com/index.php > [3] > https://atlas.torproject.org/#details/23C31DBBEB898145D6E090D6DD8C06D72E55F972 > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- https://justaguy.pw PGP fingerprint: 8516 5FFC 011A 6465 D042 6AC1 D719 1F41 B7CE EDFF The Net treats censorship as a defect and routes around it. ~John Gilmore, 1993 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Same relay (identity key) on two IPs
You didn't include your fingerprint or IP's, so there isn't any way for someone to check. On 02/26/2015 02:31 PM, catchthemall wrote: > Hi all, > > tl;dr: > > Due to a config error my relay [1] was running on two different IPs at > the same time for about half a day. Now the traffic has dropped. > I just wanted to make sure that it is not flagged as malicious or > something ... > Additionally I am curious about the policy in such a case. What happens > if a relay shows up in the network with the same identity key but on > different IP addresses? > > > long-version (kinda funny): > > I am using webtropia [2] as a service provide which is, as far I can > tell, is a good choice for running a relay. Some time ago I decided to > change the hosting plan and switch to another offer at the same > provider. For that reason I let my old contract run out until they > notified me that my server will be shut down and deleted. > After receiving this notification I checked that indeed my relay server > was no longer reachable. > Some time passed by until I had time to setup my old relay (same identiy > key) on the new server. Done so I launched it and was happy to enjoy the > increased bandwidth. > What I missed was that in the meantime the old server was reactivated by > the hosting provider without notifying me and as a result was running at > the same time as the new one for about half a day. > > After I recognised this, I tried to ssh to the old server - which still > worked perfectly and indeed confirmed that everything was as I left it. > I shut down the relay running on the old server and wrote an e-mail to > the hosting provider checking if they are going to charge me the > reactivation and why the hell reactivated it. > Up until now I only got an response that my old server was "shut down" > and that the "hard disk was deleted on the 29.01.2015" ... > > .. I thought well ... since I can still ssh to that server I kinda doubt > that this is the case. > So since I still had ssh access to the "shut down server" I decided to > setup another relay on the "deleted hard disk" of this machine until > they believe me that there exists a small possibility that this thing is > still running ... > The "ghost" relay [2] is running fine up until now. > > [1] > https://atlas.torproject.org/#details/5A9B5923F4937C3ED76B0AD4CF1030C11FCAF1FA > [2] http://www.webtropia.com/index.php > [3] > https://atlas.torproject.org/#details/23C31DBBEB898145D6E090D6DD8C06D72E55F972 > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- https://justaguy.pw PGP fingerprint: 8516 5FFC 011A 6465 D042 6AC1 D719 1F41 B7CE EDFF The Net treats censorship as a defect and routes around it. ~John Gilmore, 1993 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Same relay (identity key) on two IPs
Hi all, tl;dr: Due to a config error my relay [1] was running on two different IPs at the same time for about half a day. Now the traffic has dropped. I just wanted to make sure that it is not flagged as malicious or something ... Additionally I am curious about the policy in such a case. What happens if a relay shows up in the network with the same identity key but on different IP addresses? long-version (kinda funny): I am using webtropia [2] as a service provide which is, as far I can tell, is a good choice for running a relay. Some time ago I decided to change the hosting plan and switch to another offer at the same provider. For that reason I let my old contract run out until they notified me that my server will be shut down and deleted. After receiving this notification I checked that indeed my relay server was no longer reachable. Some time passed by until I had time to setup my old relay (same identiy key) on the new server. Done so I launched it and was happy to enjoy the increased bandwidth. What I missed was that in the meantime the old server was reactivated by the hosting provider without notifying me and as a result was running at the same time as the new one for about half a day. After I recognised this, I tried to ssh to the old server - which still worked perfectly and indeed confirmed that everything was as I left it. I shut down the relay running on the old server and wrote an e-mail to the hosting provider checking if they are going to charge me the reactivation and why the hell reactivated it. Up until now I only got an response that my old server was "shut down" and that the "hard disk was deleted on the 29.01.2015" ... .. I thought well ... since I can still ssh to that server I kinda doubt that this is the case. So since I still had ssh access to the "shut down server" I decided to setup another relay on the "deleted hard disk" of this machine until they believe me that there exists a small possibility that this thing is still running ... The "ghost" relay [2] is running fine up until now. [1] https://atlas.torproject.org/#details/5A9B5923F4937C3ED76B0AD4CF1030C11FCAF1FA [2] http://www.webtropia.com/index.php [3] https://atlas.torproject.org/#details/23C31DBBEB898145D6E090D6DD8C06D72E55F972 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] 7 relays gone because of spammers
Am 26.02.2015 um 03:42 schrieb ZEROF: > 4. Setup honey-pot on your server and play their game (10-15 job): > http://linuxdrops.com/how-to-set-up-a-honeypot-using-smart-and-simple-artillery-debian-6-0/ Sounds like a good strategy. What I don't like is the _permanent_ ban of IP addresses. Being a co-maintainer of a wiki, a mailing list and a forum, all reasonably popular, I've learned that IP addresses are no longer a reliable way to identify users. Also that malicious people have no shortage of addresses. They have plenty of them, enough to choose another one for each attack even if you don't ban the former one. Running a strategy of banning permanently all IPs with malicious tries inevitably leads to also locking out many legitimate users. Before too long you've banned half the Internet and your server fortress is of no use anymore. As such I started to ban only for short periods of time. A week, or a month. Works just as fine as permanent bans against attacks and legitimate users have to just wait a few days worst case to pick up services again. Markus -- - - - - - - - - - - - - - - - - - - - Dipl. Ing. (FH) Markus Hitter http://www.jump-ing.de/ ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
