[tor-relays] SSH Bruteforce Attempts
teor
teor2345 at gmail.com
Wed Oct 4 02:44:46 UTC 2017
> On 3 Oct 2017, at 22:35, tanous .c <sawtous at gmail.com> wrote:
>
> Have any of you had this sort of problem? I'm having difficulty determining if this log information represents a normal exit relay ocurrence or if my server has been compromised... What could i do in order to solve this?
Yes, Profihost sent me one recently that looked very similar.
Fortunately, I use OutboundBindAddress, so I knew it was
(very likely to be) exit traffic.
You can:
* do nothing
* respond and ask for verification that they want your exit
to block their site, but explain that they need to block
all Tor Exits for the traffic to stop
* add exit policy entries to block each of the mentioned
IPs and ports
* block port 22 on your exit
I'll be doing nothing.
You should consider your provider's reaction, because they
may want you do something about the complaint, even if
it's something ineffective.
Tim
More information about the tor-relays
mailing list