Re: [tor-relays] Webiron

Let me rephrase: Do I follow the steps outlined by Webiron or just ignore them? I had always intended to respond to the ISP. On 29.1.16 2:11, Josef 'veloc1ty' Stautner wrote: Hi, you ISP opened that ticket so you answer the ISP. ~Josef Am 29.01.2016 um 03:31 schrieb 12xBTM: My ISP just

Re: [tor-relays] Webiron

Hi, I responded them the first few times. After I got angry about automated abuse I ignored them. Just answering your ISP is fine. ~Josef Am 29.01.2016 um 15:01 schrieb 12xBTM: > Let me rephrase: > > Do I follow the steps outlined by Webiron or just ignore them? > I had always intended to

Re: [tor-relays] Webiron

Hi Josef, actually I complained to Webiron once for their Spamming and they put me on a "list" of recipients to which they not send emails. It worked after their second attempt :-) Generally spoken we have an autoreply on our abuse-ripe address. When someone then replies again we really look

Re: [tor-relays] Webiron

On 01/29/2016 03:01 PM, 12xBTM wrote: > Do I follow the steps outlined by Webiron or just ignore them? We didn't ignore them at first but answered why we think that kind of measure is not useful nor appropriate. Since they ignored us, we started to ignore their purely informational reports, too.

Re: [tor-relays] Webiron

What does it change that webiron know or doesn't know if you have seen those f*cking abuse email? My exit node IP is listed as having an email sent to abuse@... and I never received any email at abuse@... I might be missing something but who cares about webiron? I care about what my ISP

Re: [tor-relays] Webiron

It was more of an idea to disrupt whatever they are trying to build. They actually banned our email server (which does not share its IP with Tor) so even if we reply to their shitty mails, we can't get off their list anymore... hah On 30.01.2016 02:26 AM, Operator AnonymizedDotio1 wrote:

Re: [tor-relays] Webiron

We quickly have created a poc to prevent their webbug of being useful: https://github.com/TheSchokomilchFoundation/IronFist IronFist will parse their latest JSON data (by downloading it via a Tor connection if a Tor-socks is available on 127.0.0.1:9050) It then generates a list of all current

Re: [tor-relays] Webiron

Hi, you ISP opened that ticket so you answer the ISP. ~Josef Am 29.01.2016 um 03:31 schrieb 12xBTM: > My ISP just sent a ticket to me about the Webiron abuse, should I just > respond to the ISP? Or do I dare actually load that webiron site? > > On 26.1.16 23:10, Nicholas Suan wrote: >> Looks

Re: [tor-relays] Webiron

My ISP just sent a ticket to me about the Webiron abuse, should I just respond to the ISP? Or do I dare actually load that webiron site? On 26.1.16 23:10, Nicholas Suan wrote: Looks like Webiron is spamming again, and this time they're including a web bug in the mail to see if you've opened

[tor-relays] Webiron

Looks like Webiron is spamming again, and this time they're including a web bug in the mail to see if you've opened it: https://www.webiron.com/images/misc/91.219.236.218/ab...@1d4.us/webiron-logo_abuse.png https://www.webiron.com/abuse_feed/ab...@1d4.us

Re: [tor-relays] Webiron at it again...

They are a pain in the ass. We did block them on our mail server and reported to our ISPs that they often send false-positives. Like UDP DDoS from our exit nodes. Stuff like that. This calmed our ISPs. We also tried to speak to them but they don't answer or when they did it was in a rude way.

[tor-relays] Webiron at it again...

Monday we received their usual spam about our exit-node sending spam, and of course instead of implementing the TorDNSEL on their sites, they rather want us to block a whole /24 range. Anyhow, one line caught our eyes: "Tor: Please note as the abuse from Tor has gotten out of hand, we do not

Re: [tor-relays] Webiron at it again...

> On 16 Dec 2015, at 01:43, Schokomilch NOC wrote: > > Monday we received their usual spam about our exit-node sending spam, and of > course instead of implementing the TorDNSEL on their sites, they rather want > us to block a whole /24 range. > > Anyhow, one line caught

[tor-relays] webiron requesting to block several /24 subnet

This will be my lengthy opinion on Webiron to get everything out of my mind without redactions. > Webiron's system sends notifications to both the abusix.org contact > for the IP and to abuse at base-domain.tld for the reverse-DNS name of > the relay IP. This doesn't seem to be the case for us.

Re: [tor-relays] webiron requesting to block several /24 subnet

FYI Webiron ceased sending these for my relay sometime between 11/24 and today (no reports for 11/25-27). Possibly this is because I never look at or resolve the reports and their system eliminates non-responding addresses to avoid listing by spam honeypots. If you wish to continue receiving

Re: [tor-relays] webiron requesting to block several /24 subnet

Maybe something to add because I ran into a mistake: ExitPolicy is a first match szenario. The reject rules for abuse reports and stuff has to be the first one, afterwards your accept rules and then a reject *:*. For exampe my current policy is: ExitPolicy reject 5.133.182.0/24 # WebIron report

Re: [tor-relays] webiron requesting to block several /24 subnet

My hosting provider also go these requests. Their terms of service requires that I will answer something to acknowledge I got that. I just answer "ok, I'll handle it" and that's it. The reverse lookup of my nodes points to a hostname that shows the Tor text. The host name is

Re: [tor-relays] webiron requesting to block several /24 subnet

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I'm currently in the middle of a somewhat heated e-mail debate with their vice-president. Pasting the e-mails below would be indelicate, but their position is that the Tor network is responsible for the abuse it generates and should take measures to

Re: [tor-relays] webiron requesting to block several /24 subnet

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I'm currently in the middle of a somewhat heated e-mail debate with their vice-president. Pasting the e-mails below would be indelicate, but their position is that the Tor network is responsible for the abuse it generates and should take measures to

Re: [tor-relays] webiron requesting to block several /24 subnet

>. . .I have to understand how my ISP reacts to this kind of things. >For the moment I will keep a low profile and I will block the >mentioned IP range for a month. Webiron's system sends notifications to both the abusix.org contact for the IP and to ab...@base-domain.tld for the reverse-DNS

Re: [tor-relays] webiron requesting to block several /24 subnet

Hi Christian, sorry, I marked that message as "Todo" but forgot :-) My replay to my provider is: - Hello Martin, I've blocked the whole /24 (originally the target IP range is inside a /16 but this would be too much) to prevent further

Re: [tor-relays] webiron requesting to block several /24 subnet

2015-11-16 12:46 GMT+01:00 Josef 'veloc1ty' Stautner : > sorry, I marked that message as "Todo" but forgot :-) Thank you. This is very helpful!. > - > Hello Martin, > > I've blocked the whole /24 (originally the target IP

Re: [tor-relays] webiron requesting to block several /24 subnet

> On 16 Nov 2015, at 22:58, Cristian Consonni wrote: > > Ok, so you did block a range for a limited period. I will need to > learn how to do that. Try: ExitPolicy reject4 1.2.3.4/24:* There's an extensive description of ExitPolicy in the tor man page. Tim Tim

Re: [tor-relays] webiron requesting to block several /24 subnet

2015-11-17 0:36 GMT+01:00 Dhalgren Tor : > Webiron's system sends notifications to both the abusix.org contact > for the IP and to ab...@base-domain.tld for the reverse-DNS name of > the relay IP. So if you can configure abuse@ for the relay domain to > forward to you, you

Re: [tor-relays] webiron requesting to block several /24 subnet

Hi, 2015-10-21 22:23 GMT+02:00 teor : > Would you mind putting the statement on the wiki or posting it to this list? > > It might help other exit operators to respond to these kind of abuse reports. +1. Can somebody point me to this? I have just received a notification from

Re: [tor-relays] webiron requesting to block several /24 subnet

++ 17/11/15 02:08 +0100 - Cristian Consonni: >2015-11-17 0:36 GMT+01:00 Dhalgren Tor : >> Webiron's system sends notifications to both the abusix.org contact >> for the IP and to ab...@base-domain.tld for the reverse-DNS name of >> the relay IP. So if you can configure

Re: [tor-relays] webiron requesting to block several /24 subnet

Il 17/Nov/2015 08:27, "Rejo Zenger" ha scritto: > > ++ 17/11/15 02:08 +0100 - Cristian Consonni: > >2015-11-17 0:36 GMT+01:00 Dhalgren Tor : > >> Webiron's system sends notifications to both the abusix.org contact > >> for the IP and to

Re: [tor-relays] webiron requesting to block several /24 subnet

>Some people out there apparently are of the opinion that it is a >reasonable choice to use the ugly crutch that is "fail2ban" instead of >deprecating password based authentication for ssh. You're technically correct (the best kind) but I wanted to point out that Fail2Ban is a really useful

Re: [tor-relays] webiron requesting to block several /24 subnet

> On 21 Oct 2015, at 07:41, Josef Stautner wrote: > > I also ask my hoster for the mail addresses of the abuse reporter and > write a little statement why he got attacked and what tor is and why I > running a relay. Mostly the abuse reports from WebIron reports about >

Re: [tor-relays] webiron requesting to block several /24 subnet

++ 20/10/15 13:57 -0700 - AMuse: >The TOR directory of exit nodes is readily available for ISP's and >website operators to apply in their filters. I don't see why them >putting the onus on tens of thousands of exit operators to exit-block >THEIR addresses is in any way reasonable. I do agree

Re: [tor-relays] webiron requesting to block several /24 subnet

Dear yl, just a few words from the abuse helpdesk of a larger tor-exit-node... TL;DR: we ignore those requests. they don't even reach a human. While we do handle most genuine/honest/helpful and especially all non-automated abuse reports very diligently. Pointless nagging services like webiron

[tor-relays] webiron requesting to block several /24 subnet

Hello, I received an abuse email today from my hoster (several emails from webiron in one email), typical automated abuse emails, not much information. However, they request, if the origin IP is a Tor exit, to block the full /24 subnet. As they also state, they will not provide the full IP of

Re: [tor-relays] webiron requesting to block several /24 subnet

Hello yl, I also got some reports from WebIron. I also made some thoughts about blocking Tor from reaching some parts of the internet and if it's agains the ethics of tor. I think that blocking the destination for two weeks by an reject rule satisfies the "victim" and your hoster thus helps

Re: [tor-relays] webiron requesting to block several /24 subnet

The TOR directory of exit nodes is readily available for ISP's and website operators to apply in their filters. I don't see why them putting the onus on tens of thousands of exit operators to exit-block THEIR addresses is in any way reasonable. On 2015-10-20 12:51, yl wrote: > Hello, > I

Re: [tor-relays] webiron requesting to block several /24 subnet

I agree. I just bin these, or send the standard "abuse" response template, which includes a snippet about using a DNSBL. On 10/20/2015 04:57 PM, AMuse wrote: > > > The TOR directory of exit nodes is readily available for ISP's and > website operators to apply in their filters. I don't see why

[tor-relays] webiron requesting to block several /24 subnet

>snake oil service like webiron A most excellent characterization! As a sales maneuver WebIron has been grandstanding for months saying that Tor operators are "unwilling to cleanup" when they know full-well that tor operators can not / should not filter traffic due to minor brute- force login