This *will* happen again. You need to have a conversation with your provider and convince them to ignore reports of this form for your exit node, or else you need to get a new provider. I would open the conversation with something like this:
| This machine is a Tor exit node, which, as part of its normal operation, | proxies traffic for other hosts on the Internet. By design, it is impossible | for me to identify those other hosts or communicate with their operators. | It is one of those other hosts that was infected with s_downloaderbot-mxb. | | Because Tor users are very diverse, I can't guarantee that this will never | happen again. You should expect ongoing false positives for this machine | on all checks for malware infection, outdated operating system, etc. | | I have the ability to disable proxying to specific IP address ranges and | specific TCP ports, but this should be considered a last resort tactic. It | does not actually prevent anyone from using Tor to send spam or whatever; | the traffic will just move to some other exit node. I also have the ability to | limit the total bandwidth consumed by Tor. | | I'm happy to work with you to minimize the impact of this service on your | network. I hope you will consider allowing it to remain in operation, as it | is extremely valuable for people who need to conceal their official | identities online, especially in countries where access to the Internet | is restricted. For more information please see | https://www.torproject.org/about/overview.html#overview zw On Mon, Mar 30, 2015 at 9:04 AM, Cmar433 <cmar...@yandex.com> wrote: > > > https://globe.torproject.org/#/relay/9DCF76179FCF47224D235ECD4A6165FED22ECE7B > > So, i am running exit node. My provider send me an email .. "This IP is > infected with, or is NATting for a machine infected with s_downloaderbot-mxb" > Any idea what can i do with this problem ? > > > > Now i can see my IP in my server exit policy ... > > After my "delist action" is clean .. > > http://www.senderbase.org/lookup/ip/?search_string=37.157.192.208 > > I need just wait ? And all outgoing packet from my server still droped ? > > Thanks .. > _______________________________________________ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays