Hello fellow relay runners,
This morning OVH decided to kill 7 of my relays due to spamming, and
block all access to all services. I ran the Reduced Exit policy for all
of my relays.
Due to heightened concerns about this affecting other unrelated services
I have with OVH, I had to shut down the other 3 relays. They may
eventually re-appear as middle-relays.
This has cost me hundreds of dollars, as I foolishly decided to prepay
on an annual basis. None of the servers were older than 2 months. Some
were only a few weeks old.
The Abuse department's rationale is as follows:
"Your account was suspended because 100% of your IPs are blacklisted on
multiples lists for Spam and other malicious activities.
This case is closed and this decision is final."
----------------------------------------------------------------------
When I first contacted OVH regarding running Tor relays, this was the
response that I received from them, which does not mesh with what just
happened.
"Good morning Matt,
I'm very glad to here from you. It is very flattering to hear that you
are very satisfied by our service at OVH!
We do take our network speed and hardware performance very seriously
here. We are proud of our infrastructure that we have built over the years.
I do understand your concerns about setting up a Tor relay on one of our
VPS. In a simple form, yes you can.
We do let our customers use our VPS as Tor relays. We have no problem in
letting you this.
However, your are allowed to use Tor but it will be at your own risk.
Rest assure that, in case of an abuse, we will not terminate your
account without notice. In fact we may not even terminate your VPS. You
will receive a warning from our Abuse department giving you a choice to
resolve the abuse case.
Like you said, we are in a world where free speech is constantly under
attack and we are committed to help as much as possible to protect this
fundamental right that we all have. We will absolutely not in any case
share our customers information or data to authorities without a warrant.
For any other questions or concerns, feel free to contact us at any
time. We are available 24/7.
Good luck with that privacy project of yours and keep on supporting the
cause of free speech!
Thank you for contacting OVH and have a wonderful day!
Colin K.
Customer Advocate"
----------------------------------------------------------------------
Not that it matters anymore, but each relay was dedicated to one of the
victims of the Charlie Hebdo attack.
https://atlas.torproject.org/#search/4charlie
----------------------------------------------------------------------
Eventually I will get back at this... But for now, my money is gone, and
all my hard work is lost.
----------------------------------------------------------------------
So... I know I'm new. And it's possible this has happened (many times)
before, but... You've been warned.
Speak Freely
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi,
computers are better at doing repeatable things over and over again so
let them take care of boring tasks.
Based on David's ansible-tor [1] I created an ansible role to make
relay operations more convenient (see the initial commit message for a
longer list of changes).
https://github.com/nusenu/relayor
Core features:
- - configure multipe tor instances on a server automatically
generates two instances per available IP address
(Memory auto detection is not implemented yet)
- - take care of MyFamily automatically
- - user configurable Nickname prefix
- - easy Exit/Non-Exit setting (boolean)
- - alpha vs. stable releases (boolean)
Supported platforms:
- Debian
- CentOS
- OpenBSD
Everything is still fresh, so I would NOT recommend to use this on
production relays. Testing and review is appreciated.
There is still a crucial piece missing (init scripts), but I hope tor
packagers are willing to incorporate multi-init support patches (see
issues).
I also have parts that adds monitoring (munin+vnstat+webserver) but
that will go into a separate role.
If you have never heard of ansible, it speaks to your servers using
SSH and does not require an agent or a central management server -
just run it from you client machine.
http://www.ansible.com/resources (not entirely torbrowser friendly)
http://docs.ansible.com
If you are planing to run this role over tor when connecting to your
servers, make sure you have the following set in your ~/.ansible.cfg:
ssh_args = -o ControlMaster=auto -o ControlPersist=60s
This ansible role is not about bridges or hidden services, but I'd
like to add "management HSes" (SSH and monitoring) in the future.
Nusenu
[1] https://github.com/david415/ansible-tor
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJU8OdxAAoJEFv7XvVCELh0Aw0P/AiiprSbE5apWUtrCoyrO5GN
MKRfwpvy/BGrKjOjBZAtIs+8+AMaRQXV54CUIG0QlewnVgWRUyXA635OIAY43hFR
BY/In1IiSXcqKyjaTsM4No/Nh+tvdj2rt+MoYvrMTVQVl8i+CYQKt4ypHjRN1cGS
OIdP/AWi9tt/eAl+IgUNf4/pud94UbruDfGHtDQ4xGeReNdo64Q92c2QicFOdwNc
fIqrhb/aWydfgQehmjSAXM9i9WfBi5vMSh7D5lUxheqhEmjSiV1bw8mvQML+kXse
nwv7AZj0MkoBYqTd0t3h1JJwPXt0Vjfi3ZZNPlOTx6gZmPfbgrezya+TrWHQy65M
rw6B3E3L5UDjkJ1k3cyJWvtpUSyYCqzcUDIq6+gQxZhGH0pWQhutxqdt5C5S+qn7
9hWJcDUyjeSFwxRfhLphiSrPQEue6Eox+EWzcSh4YQh8hol/P8Ev5C4P/yavWF0m
w0jGbQoVIwz0jMhZwW9w6KxmaZO68/3aEfWUXjLFg/DCp/nLXqR1kHxuiLgO/sd6
QumoOjxqu9KwV9crQX86dl9oMFFvUb7l1WqidMVZIR81WQkDIVWoypvxCnG2QhDo
Z4Nily3qg3I3nW+QLTIY8XjUkVMLV/1kky9ETDb2Vvz0uR2H5tyZR6I9hQ4FaGHt
Xjm7kZ9JgRZjixqyAhTz
=/jyQ
-----END PGP SIGNATURE-----
