On Sat, Jul 19, 2014 at 12:32 PM, Thomas White thomaswhite@riseup.net wrote:
Speaking from experience of operating 25 servers doing 4Gbps, I can quite safely say that if your host has been supportive of Tor, I would simply respond with the normal boilerplate regardless of what the complaint is or who made it.
I have found that if the complaint is of this type - that is, "this machine appears to be [infected with $MALWARE | running an unsafely obsolete version of $OPERATING_SYSTEM | part of $BOTNET]" - it is useful to augment the normal boilerplate along the lines of
| Scanners that aim to detect misconfigured, vulnerable, or infected | computers will, from time to time, pick up Tor exits as false | positives, whenever they happen to be emitting traffic that | originates from such computers. By design, we have no way to pass | your report along to the true source of the traffic. We can assure | you that the actual computer at [EXIT'S IP ADDRESS] is not infected | with any malware and is kept up to date with security fixes. | However, you should expect it to continue to appear in your scans as | a false positive.
zw