/var/log/vadept.log

My TOR exit node is no more.

The ISP shut it down.  All that is left is the relay that I’ve been running forever.  This ISP was on the “Tor Friendly” list (which I altered the wiki and noted it accordingly) and allowed IRC servers.  The reason for shutting it down? One php script probe (see previous post).  One.  The boilerplate emails stating what tor was, and how nothing is logged, blah blah blah, weren’t an acceptable reason for the probe (WTF?).  I guess I am responsible for /all/ traffic that goes in and out of my box per their AUP.. Which is IRC friendly….. Yeah…  So I cancelled my service, and are looking elsewhere.

Now riddle me this.  Why would an ISP enjoy common-carrier liability protection from say, usenet or IRC, but not a tor exit node?  It doesn’t make sense to me.  I set this exit node up 100% with the guidelines setup by the tor-project (short of forming an LLC for liability protection) with regard to dns entries with webpages, a dedicated email for abuse complaints, the whole 9 yards.  Still, it was shut down.

Yeah, you may say to just run another relay, but heres the problem with tor.  Unless you’re going to a hidden node within TOR, the entire project is only as fast as the combined speed as its exit nodes.  Sure, you can hop onto tor at 400MB/sec, but the net worth of the entire network is how fast you can get OUT.  I can bounce around servers until I’m blue in the face, does me no good if I cant get to where I need to go because the exit nodes are all swamped.

The whole situation is shitty.  Its been down for a week to let my self cool off rather than right an angry post naming the ISP in question.  Oh, the tor exit node’s DNS WAS tor-exit-readme.virtual-adept.net, just in case you were curious..

All this happening when the tor project could really use a 10 mb/sec exit node for Egypt.

You may or may not know, but I’ve been a fan of tor (http://www.torproject.org) for quite a while.  In fact, i’ve turned on a bunch of people into using tor such as this:

Friend of mine and I were in starbucks enjoying overpriced coffee and using their way too slow free (unencrypted) wireless network.  I was checking my email (via SSL-IMAP) and surfing the internet through tor.  It was a little slow, but thats life.  My friend asked me why I was using tor since all I was doing was checking my email and surfing slashdot and other mindless webpages.

I put my laptop’s wifi into promisc mode and ran tcpdump.  Some idiot was using some filesharing program that I was too lazy to look up the port, another idiot was checking his gmail, another idiot was surfing youtube.  Few people were on facebook, etc.  I told him that I didn’t care to have people here know that I run a mail server, where my mail server is, or what I do on it.  I dont want people to know what im surfing.  Its none of their business.  ALL of my traffic does is hit a tor entrance and disappear (to them).  He understood, i wish more people understood.

So I decided to man-up and run a tor exit node.  Figure I use tor everywhere where there is a public wireless network, its the least I can do to give back.  I’ve ran a relay for years without any problems, so I figure that as long as I follow the documentation on properly running an exit node, use a stripped down ExitPolicy, and bookmark the boilerplate abuse templates I should be fine.  Day 2 of running an exit-node I get my first abuse complaint.

Massive hack?  Stolen credit card?  Letter from the FBI? Something tasty and awesome?

No, some “admin” saying his “IDS system caught” one request to /foo/fjl93rjs9fj/xploitable.php and decides to write this massive abuse email on how this server is trying to “hack” his website.  Really? Fucking really?  In this day of age of nothing but bots and zombies you are going to waste both my and my ISP’s time with something as stupid as this? My webserver gets hundreds of these a day, and I have NEVER EVER sent off an email to an ISP about it.  Its called running a public webserver on the internet.  Don’t like it? Unplug your server and save us all your leet admin IDS skillz.

What makes things even better, is that the IP address that he’s bitching about is mapped to tor-exit-readme.virtual-adept.net.  If you go to that URL, is a webpage saying that this is a tor exit node, what tor is, and how its just a traffic relay.

Now if you’ll excuse me, I’m going to write 1000 abuse emails for every invalid URL request that came into my server this week.