Sure, please post it on the mailing list, and convey our apologies to Tor users who were inconvenienced. If it happens again, we will try to just block on the abuser's search terms. We no longer suspect that anyone is stupid enough to use Scroogle to scan for exit nodes, because they should realize that if we let these get through to Google, then our six servers might get blocked by Google. We know for a fact that Google has the ability to block all of our servers from all of their various data centers in about 30 minutes flat; all it takes is for someone in a position of authority at Google to decide that it's time to stop being tolerant toward Scroogle. (We have never had any arrangements with Google whatsoever, and they already know the IPs of our six servers as they appear at the 270+ Google IP addresses we use.) But if some Tor abuser wanted to vary the search terms by using a dictionary lookup, this would be impossible to intercept. In such a situation, we'd have to block all the exit nodes again. At least we're now set up to do this effortlessly, because we've had eight days of training. During that time we wrote and debugged programs for automatic Tor exit-node blocking across all six servers. If the consensus among Tor experts is that this was a misconfigured Tor server (we don't use Tor so we haven't a clue), we hope someone can figure out how it happened, and also figure out how to prevent this sort of accidental misconfiguration. Otherwise, Tor will eventually get a bad name once script kiddies discover how much fun this is, and it will no longer happen accidentally. Something very similar happened to Scroogle in July, but it was at a much lower level of activity, and seemed to happen during U.S. business hours only, instead of around the clock. That's why we think it may worth investigating by Tor experts, especially from an "ease of misconfiguration" standpoint, and possibly even from an "early detection" standpoint. -- Daniel -- Ciao Kai http://kairaven.de/ Mail per I2P: http://www.i2p2.de/ ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE