This will be my lengthy opinion on Webiron to get everything out of my mind without redactions.
Webiron's system sends notifications to both the abusix.org contact for the IP and to abuse at base-domain.tld for the reverse-DNS name of the relay IP.
This doesn't seem to be the case for us. Our rDNS is set to tor-exit.se.partyvan.eu. Back when I received our first abuse complaint from Webiron, the WHOIS for the Tor exit IP-address had an abuse-mailbox contact for us but the abuse-c was still pointed at our data center. Webiron emailed three email addresses:
- abuse@portlane.com (abuse-c, mnt-by for all of our /29) - info@partyvan.eu (unlisted, unused RFC 2142 address) - abuse@partyvan.eu (abuse-mailbox)
By the time I had received a second or third abuse report from Webiron, I had made some voluntary changes to get the abuse-c assigned to us after registering to RIPE database. Despite this, Webiron's system still contacted two addressses:
- abuse@portlane.com (mnt-by for netnum) - abuse@partyvan.eu (abuse-c and abuse-mailbox)
More accurately, Webiron may employ caching of results or go for the netnum abuse-c/abuse-mailbox instead. Other abuse complaints we've received such as one from the Brazilian Army have contacted our abuse@ role only and never bothered our data center. For what it's worth, abuse.net also lists our abuse@ contact for the domain.
I'm currently in the middle of a somewhat heated e-mail debate with their vice-president. Pasting the e-mails below would be indelicate, but their position is that the Tor network is responsible for the abuse it generates and should take measures to prevent/block malicious traffic. They also state that according to their measurements, 99% of the traffic coming out of Tor is hostile, and they're going to release a report on the matter soon.
Webiron's policies are dodgy at best. They even claim that Tor exit operators are legally liable for the traffic they route [1], which is obviously false given our real legislative liability protection for service providers. I immediately lost sense of their credibility. They say:
Groups hosting exit nodes are responsible for the abuse that comes out of exit nodes. By refusing to take action to stop attacks originating from your proxies it can make you legally responsible to international law as well as laws in most regions (IE EU) as it shows a willingness to facilitate further attacks.
Our data center doesn't seem to mind Webiron's abuse reports regarding our Tor exit, and while they also get copies of the abuse complaints they've never bothered us about it. (For the curious, Portlane used to house Serious Tubes which housed The Pirate Bay until a raid on December 2014.[2])
After receiving six or so abuse complaints from Webiron [3] and acknowledging each to support@webiron.com explaining it's a Tor exit, I've not heard back from them again for a while.
Banning /32 or /24 seems out of question for us to keep the limited liability protection. It wouldn't solve the issue anyway due to 1000+ other exits available, so the best solution remains to block Tor temporarily from the other end or implement CAPTCHAs for Tor users to slow down or defeat bruteforce attacks.
As an example, CloudFlare implements CAPTCHA for visitors from Tor. Webiron could do something similar if they wished to act on these as a reverse proxy service. Their requests are too unreasonable for Tor exit operators.
By their ideology, I understood they're saying stores selling ski equipment for skiing should be held liable for crimes commited by their customers who bought their skiing masks:
You chose to allow this to run from the network you are responsible for. Proxing attacks is translatable to providing the mask before an assault or robbery. At this point we feel your company is complicit in these attacks by allowing them to continue.
For me this does not sound credible, and I didn't bother trying to give their argument more credibility with a reply.
They wished me "good luck" [4] after mentioning my Tor exit will be on their blacklist and referencing to IBM's research on "recommending a blanket ban on Tor".[5]
At least I still remain to have some sense of credibility in SpamCop and Spamhaus, despite few controversies involved with the latter.
This is why we can't have nice things and why I've given up with most hosting providers.
PS: Portlane is not yet listed on GoodBadISPs [6] wiki page.
-Wub
[1]: https://archive.is/Obhnk [2]: http://www.bbc.com/news/technology-30411782 [3]: https://partyvan.eu/transparency/emails/abuse/ [4]: https://partyvan.eu/transparency/emails/abuse/2015-11-13-webiron-tor-exit.mb... [5]: http://www.techweekeurope.co.uk/security/ibm-companies-tor-175468 [6]: https://trac.torproject.org/projects/tor/wiki/doc/GoodBadISPs