Hi
I've noticed following after upgrading to latest stable version (0.3.4.8):
Memory usage
[image: image.png]
Connection count
[image: image.png]
Cpu usage
[image: image.png]
You'll notice the upgrade happened around Saturday midnight.
Known issue? Any work-around?
Thanks
Sebastian
Hello to you all,
Question: Is there a point to adding IPv6 addresses to the ORPorts of
my bridges? Will they then operate somewhat in the fashion of guards
without published metrics?
Any info would be helpful.
Arisbe
So, for me, it appears that the jerk spammers have advanced, Instead of
sending spam to the tor-relays(a)lists.torproject.org email address, they are
now directly sending spam to specific addresses subscribed to the list. I
got one today from colemanrosettad(a)gmail.com, and have been receiving some
over the last few days that were sent directly to this email address. I did
not think they were related, but the other email addresses the one I
received today was also sent to the addresses below, which I believe are
addresses that are subscribed to the list. I have reported it to Google via
their abuse report email address which is registrar-abuse(a)google.com, so I
will see what they say (and forward it to the list if requested).
The other addresses were: johndalton289(a)gmail.com, and teor2345(a)gmail.com.
I tried attaching a photo of the "to" field but it was rejected due to size
limitations.
Just thought I'd give a heads up.
On Thu, Sep 20, 2018 at 9:10 PM Keifer Bly <keifer.bly(a)gmail.com> wrote:
> So, for me, it appears that the jerk spammers have advanced, Instead of
> sending spam to the tor-relays(a)lists.torproject.org email address, they
> are now directly sending spam to specific addresses subscribed to the list.
> I got one today from colemanrosettad(a)gmail.com, and have been
> receiving some over the last few days that were sent directly to this email
> address. I did not think they were related, but the other email addresses
> the one I received today was also sent to the addresses in the attached
> photo, which I believe are addresses that are subscribed to the list. I
> have reported it to Google via their abuse report email address which is
> registrar-abuse(a)google.com, so I will see what they say (and forward it
> to the list if requested).
>
> Just thought I'd give a heads up.
>
>
>
> On Fri, Jul 13, 2018 at 7:47 PM Keifer Bly <keifer.bly(a)gmail.com> wrote:
>
>> I looked it up. You can forward the spams that the Gmail address are
>> sending to registrar-abuse(a)google.com, which reports spam emails and
>> inappropriate content being sent by Gmail users to Google. Try that.
>>
>>
>>
>> *From: *Mirimir <mirimir(a)riseup.net>
>> *Sent: *Friday, July 13, 2018 7:41 PM
>> *To: *tor-relays(a)lists.torproject.org
>> *Subject: *Re: [tor-relays] Jerk spammers on tor-relays (was Re: Fwd:
>> Tor GuardRelay)
>>
>>
>>
>> On 07/13/2018 03:07 PM, Keifer Bly wrote:
>>
>> > Dang. I stopped getting them for a while due to the SPAM filter I
>>
>> > configured in Gmail, however they are now coming through again. These
>>
>> > spammers are trying to be smart by sending these spam messages from
>>
>> > different domains; they are now coming from
>>
>> > scarlettsofia710182(a)it.argmx.com
>>
>> >
>>
>> > Anyone else getting these?
>>
>> >
>>
>> > Thanks.
>>
>>
>>
>> I haven't received those after posts since June 27. And nothing from
>>
>> *.argmx.com. But I am getting sex spam from a few Gmail addresses, with
>>
>> blank subject lines. New, and perhaps related.
>>
>>
>>
>> > On Sat, Jun 9, 2018 at 10:38 PM Roger Dingledine <arma(a)mit.edu> wrote:
>>
>>
>>
>> <SNIP>
>>
>>
>>
>> >> Maybe there is a mailman module that lets you send a different
>> watermarked
>>
>> >> mail to each subscriber, or to send mails out with different timing
>>
>> >> patterns to do a binary search over the list, in order to discover
>> which
>>
>> >> addresses are triggering the spam? But I don't know of an easy way to
>>
>> >> do it.
>>
>>
>>
>> That would be a bad precedent, I think ;)
>>
>>
>>
>> >> Also, I hear from at least one person that some tor-dev subscribers are
>>
>> >> getting spams too. :(
>>
>>
>>
>> Searching for the spam addresses, I found reports from other mail lists.
>>
>> So it's not just Tor lists.
>>
>>
>>
>> <SNIP>
>>
>> _______________________________________________
>>
>> tor-relays mailing list
>>
>> tor-relays(a)lists.torproject.org
>>
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
>>
>>
>
Good morning fellow exit node operators,
I have set up an exit node in my home on a separate IP address away from all other traffic. I'm well aware of the risks from dated articles posted many years ago, so if you're going to send warnings and scary stories, please do so off list.
I won't be running it with all ports open; rather I'm interested in ports that still provide benefit to the Tor network but don't attract the attention of law enforcement. Currently I am exiting port 8333 (Bitcoin) and nothing else, but am open to other non - risky ports.
Make your day great,
Isaac Grover, Senior I.T. Consultant
Aileron I.T. - "Practical & Proactive I.T. Solutions"
Office: 715-377-0440, Fax:715-690-1029, Web: www.aileronit.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hey *,
I run C65EF5E06B8338CF976D376048BE2C8FBD499C9C for about a month. On Monday I received the first abuse ticket from my ISP (Contabo GmbH). The ticket contained lots and lots of log information from a fail2ban system so GMail sent it right into the spam folder.
24 hours later I received a monitoring e-mail that my server was down. After a little search through my mails I found out that Contabo shuts down all services within 24h if there is no reply. That kinda sucked because I run some private services on this machine (different ip).
Contabo's mail claimed that a 30€ fee would be due in order to cover their work for disabling and enabling the server. A very very unfriendly e-mail and about an hour of time later my server was back online :)
(Note: the e-mail was sent around 10 PM and I received the answer at about 11 PM, so the abuse department is there 24/7. Their hotline however, can't deal with abuse complaints, they can only be handled via e-mail.)
Contabo sent me a (probably) automated e-mail that the issue was resolved and no further action is needed. Overall I think its a little unprofessional to shutdown servers within 24 hours without trying to call a customer, or at least several e-mail reminders over a day or two.
Markus
This is my new abuse e-mail template for German speaking hosting providers:
Sehr geehrte Damen und Herren,
Auf dem Server wird eine Tor-Exit Node betrieben.
NachTMG §8ist der Betreiber von jeder Haftung für die durchgeleiteten Daten befreit, dies gilt für mich als Ihren Kunden sowohl als auch für Sie als mein ISP.
Die IP X.X.X.X leitet ausschließlich Tor-Exit Traffic durch. Diese Übermittlungen sind weder von mir veranlasst noch wird der Adressant oder die zu übermittelnden Informationen ausgesucht und oder verändert.
Unter der IP Adresse X.X.X.X werden keinerlei Daten bereitgestellt.
Diese Ports werden durchgeleitet: 20-21, 43, 53, 80-81, 88, 110, 143, 194, 220, 389, 443, 464-465, 531, 543-544, 554, 563, 587, 636, 706, 749, 853, 873, 902-904, 981, 989-995, 1194, 1220, 1293, 1500, 1533, 1677, 1723, 1755, 1863, 2082-2083, 2086-2087, 2095-2096, 2102-2104, 3128, 3389, 3690, 4321, 4643, 5050, 5190, 5222-5223, 5228, 5900, 6660-6669, 6679, 6697, 8000, 8008, 8074, 8080, 8082, 8087-8088, 8232-8233, 8332-8333, 8443, 8888, 9418, 9999-10000, 11371, 19294, 19638, 50002, 64738.
Im Falle von Spam / Brute Force empfehlen ich dem Absender der abuse E-Mail seine Systeme mit Tools wieFail2Ban,reCAPTCHA zu schützen.
Im Falle von gehäuften (D)DoS Attacken gibt es die Möglichkeit das gesamte Tor Netzwerk zu blockieren. Hierfür steht ein eine jederzeit aktuelle Blacklist aller Tor-ExitNodes bereit: https://www.torproject.org/projects/tordnsel.html
Falls ausschließlich über die IP X.X.X.X bösartiger Traffic ausgeht kann der Absender der abuse E-Mail diesen mithilfe von iptables blockieren:
iptables -A INPUT -s X.X.X.X -j DROP
Falls der Absender diese Möglichkeit nicht hinnehmen möchte, kann von meiner Seite aus jeder Traffic zu seiner IP bzw. zu einzelnen Ports unterbunden werden.
Dem Absender der Abuse E-Mail können sie in meinem Namen folgende Nachricht zukommen lassen:
> Dear Sir or Madame,
>
> we would like to forward this message on behalf of our customer who is responsible for this particular server with the IP X.X.X.X.
>
> The IP address in question is a Tor exit node.https://www.torproject.org/overview.html
>
> There is little we can do to trace this matter further. As can be seen from theoverview page, the Tor network is designed to make tracing of users impossible. The Tor network is run by some 5000 volunteers who use the free software provided by the Tor Project to run Tor routers. Client connections are routed through multiple relays, and are multiplexed together on the connections between relays. The system does not record logs of client connections or previous hops. This is because the Tor network is a censorship resistance, privacy, and anonymity system used by whistle blowers, journalists, Chinese dissidents skirting the Great Firewall, abuse victims, stalker targets, the US military, and law enforcement, just to name a few. Seehttps://www.torproject.org/about/torusers.html.enfor more info. Unfortunately, some people misuse the network. However, compared to the rate of legitimate use, abuse complaints are rare.https://www.torproject.org/docs/faq-abuse.html.en
> This does not mean that nothing can be done, however. The Tor project provides an automated DNSRBL for you to query to flag traffic coming from Tor nodes.https://www.torproject.org/projects/tordnsel.html.en. In general, we believe that problems like this are best solved by improving your service to defend against the attack from the Internet at large.
>
> As a German individual I fully comply with the Germantelemedia law §15. This prohibits logging any personally identifiable data or usage data except for billing purposes. As we do not charge any users any fees we will not be able to keep any connection data now and in the future. Furthermore I am protected by German telemedia law §8, which protects me from any liability for traffic that passes through my infrastructure on behalf of users. This also protects my ISP (XXX) from any liability.
>
> Thanks for your understanding,
> XXX
Für dringliche Angelegenheiten bitte ich Sie mich direkt unter +XXXX zu kontaktieren.
Mit dieser automatisierten Antwort erkenne ich eine Fristsetzung für ein Abuse-Ticket nicht an. Desweiteren fordere ich Sie dazu auf den Server nicht zu deaktivieren, da keine Rechtsverletzungen in irgendeiner Form durch den Server und seine angebotenen Dienste entstehen können. Das TMG im Paragraphen 8 schützt sowohl Sie als auch mich vor jedweder Haftung für den Traffic der durch die Nutzer der Tor-Exit Node entsteht.
Einer etwaigen Bearbeitungsgebühr widerspreche ich, da dies weder im Vertrag noch in den AGBs zum Zeitpunkt des Vertragsschluss kommuniziert wurde. Im Falle einer ungerechtfertigten Deaktivierung behalte ich mir vor Zahlungen für den Zeitraum den Zeitraum der Deaktivierung einzubehalten.
Mit freundlichen Grüßen,
XXX
Sent with ProtonMail Secure Email.
-----BEGIN PGP SIGNATURE-----
Version: ProtonMail
Comment: https://protonmail.com
wsBcBAEBCAAQBQJboklXCRB9CI1YHT0L1QAAZIEIAKRgL+rUVz255CLBxGIj
9Iq34ifPlGJr0xtJUWZoB0/+dWtqc253dU1JqLiEzUlzwiVUhBclFzM6WsIr
KoEjOvUqMc3Bfq3g3cj4FhPASXPCAw8ZxSUIV8KI85uLCbzwAI/nU/LUnh99
7v351MPxIZJsdCTuWjT5MjxAndys/g5gC3XtrwC7pCQ1D2gpEAAIRWA7NvUW
xJBaMb4KADnVBAMETj8oV9q8KxX3fXJwPLSC5cldC3jiA7wV3njHIiV70V08
1ZT3rEVKryAt82tvNY86MKRLxvi/OJMiSM0kFbAlsGs5s9czPnzw3Jau9bk8
2ccQ3G8IMyLdrHjKhcaMvBU=
=tyGN
-----END PGP SIGNATURE-----