[tor-talk] SIGAINT email service targeted by 70 bad exit nodes

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello tor-talk, So apparently we have drawn attention to our humble little email service that mostly lives inside of the Tor network. Today we reported 58 bad exit nodes to Philipp. He instantly found 12 more that we had missed, and there may be even more of them. (Thank you, Philipp!) FYI: They were added to the BadExit list just hours ago so traffic to them should dry up. The attacker had been trying various exploits against our infrastructure over the past few months. Our exploit mitigations have been sounding various alarms. We are confident that they didn't get in. It looks like they resorted to rewriting the .onion URL located on sigaint.org to one of theirs so they could MITM logins and spy in real-time. The attacker doesn't seem to be after passwords (they probably have some of them now). We get less than 1 user of 42K complaining about their account being hijacked every 3 months. I think we are being targeted by some agency here. That's a lot of exit nodes. I know we could SSL sigaint.org, but if it is a state-actor they could just use one of their CAs and mill a key. Interestingly, we ended up becoming a sort of canary. Those exit nodes may have been doing other shady stuff as well. SIGAINT Admin P.S. My PGP key is here: http://sigaintevyh2rzvw.onion/pubkey.txt -----BEGIN PGP SIGNATURE----- Version: GnuPG iQIcBAEBAgAGBQJVOGCZAAoJEM1IOzMPil9PMesQAKc2ne7jUfG5BQPrdQw3KN7V n4Tc3Xa6tPrEZamJZ1bFtU7Urw/3u9ffz6APG1DAIi3j/CeWot0W1zpLHJJQ6CQO pJ200wjxOwozItDhZQMzTawos6LnWJ+i8P5qJk3/BY9Kt/ve1Jh0QxBTBBQl7SBM 3w4by8axK1wzQkEeKFM5wjlM6Sw1wB2KPBB6ZeVRWXQmTZTE+uXa1tDfuL2f1/2e 4CY+3oec1FXXTcDsxT/2EHBCSRKx+VCXoLyD1rk3h4mWfuh9Xld0ED9l0Bi7WAG2 1EJH/aLzmxs/fDAV0nSWu5aErh1nd45S0TbDG/uPrvAZbWeK9og7ZLJuaPv3Ix2a JXjU6aQke8sVLDZr9AwDULpb5G0AcbkPGWwLCkgbalnxiuMcWYG/wwcKa66jarJ2 XyV/ewXPFBfByMj25CS79M8DZeDV9U7wBNdLtFufFW5OkpwDyRmAoyeaZYoLWj1/ 8lZB9fRWxGuqf3hFwdKwBe8yTfTYjLtNoCHUddyuuIZ2X2PBi1OmmC5lVOOG6C/v +Pe3+Do1v5zYilT47a8FCf2CfhOLUksCZWL7LQs4774UenIjvQQJNWQAG9IHXxJu d+zyfUolwWx0lB90MOWobGijxJrwS2reClSOLoJZ6eUdsqgxGenEr4A7jFKTbJOm +Cc1JX/xRYbRpJ9J/FyK =r6pc -----END PGP SIGNATURE-----