[tor] FDC cancelled our server - FDC history
- From: Moritz Bartl <moritz@xxxxxxxxxxxxxx>
- To: torservers@xxxxxxxxxxxxx
- Date: Fri, 01 Apr 2011 20:48:42 +0200
Hi,
This was to be expected, but I hoped for some more months. No money was
lost. It is getting hard to find cheap 100TB offers. If you have
suggestions, let me know.
Bandwidth history:
https://www.torservers.net/status/fdc1_vnstat_d.png
https://www.torservers.net/status/fdc1_vnstat_m.png
>31.03.2011 19:20:
Four tickets about spam received from synacor.com
>31.03.2011 19:30:
Sent default reply for webmail spam
>31.03.2011 19:52:
"Based on the feedback, I've lifted the rbl restriction on 50.7.240.28.
I haven’t seen a lot of abusive traffic from this IP, so I think we're good.
As an extra hand of support, you may want to check the IP's reputation
at
http://www.mxtoolbox.com/SuperTool.aspx?action=blacklist%3a50.7.240.28 -
it doesn’t look too good to me, and your traffic may be slown down
somewhere else as well.
Regards,
Synacor Postmaster"
>01.04.2011 02:36:
Network Security Administrator FDC:
"Your explanation is not acceptable. According to the report's sender
log, your IP has been involved to spam e-mails so requesting each ISP to
provide you IPs to block them is not the appropriate action.
Additionally, multiple IPs have been blacklisted to at least 1 spam list
(CBL), violating our AUP, and your IPs have poor reputation at
senderbase.org.
Related URLs:
http://cbl.abuseat.org/lookup.cgi?ip=50.7.240.27
http://cbl.abuseat.org/lookup.cgi?ip=50.7.240.28 (blacklisted twice)
http://cbl.abuseat.org/lookup.cgi?ip=50.7.240.29
http://www.senderbase.org/senderbase_queries/detailip?search_string=50.7.240.28
We are looking forward of your response and actions in the next 24 hours
to avoid service suspension. If spam listings persist, service will be
terminated.
>01.04.2011 02:45:
As you know we already block SMTP and other spam related ports. Very few
spammers use Tor, and find misconfigured webmail servers. As you can see
from the report, we are not the originator of mail spam as we don't
allow SMTP connections nor such mails are generated on our servers, the
spam merely passes our server as part of an ordinary HTTP request.
What I can do is block webmailer addresses, but of course only after the
incident has been reported.
What actions do you suggest we should take?
>01.04.2011 03:17:
You're free to take any measures you judge, in order to avoid your
server being abused. You should make sure that your IPs won't get
blacklisted to any spam lists and abuse reports will be dealt in a
timely manner. The current blacklists in CBL and senderbase, which both
are used a lot world-wide, are violating our AUP and they should be
resolved ASAP.
>01.04.2011 12:28:
Like I said, I have no idea what action to take to stop this from
happening. Don't you see the problem here? Our servers are rented
exclusively for Tor exit traffic, and even if I blocked ANY outgoing
port except port 80, which is crucial for our services, you will see
those few, small incidents.
Can you please issue a refund of the bill I have just paid for next
month and cancel the server?
>01.04.2011 16:45:
I can see the problem but it's your responsibility to secure your
services to avoid spam listings and reports. Would you like me to
forward your ticket to billing department for cancellation and refund?
We usually do not provide refunds due to abuse issues but since your
expiration date is today, I believe it can be done.
>01.04.2011 20:23:
50.7.240.26 is now canceled - $299 was refunded back to your card.
Please allow 5 business days for the refund to show on your CC.
--
Moritz Bartl
https://www.torservers.net/
Other related posts:
