<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p><font size="-1"><font face="Arial">As others have mentioned, this
does not look like a Tor issue to me. It more seems like a
compromised or misconfigured server.</font></font></p>
<p><font size="-1"><font face="Arial">You mentioned you reinstalled
the OS. Did you use the same root password? My suggestion is
that you go about this step by step. First reinstall the OS
with a different root password and no additional software or
configuration. Wait to see if you get any abuse reports. The
next step, install Tor and wait to see if you get an abuse
report. And the last step would be installing any additional
packages that you might be currently using for anything else
if any.</font></font></p>
<p><font size="-1"><font face="Arial">This method could narrow down
the cause.</font></font></p>
<p><font size="-1"><font face="Arial"><br>
</font></font></p>
<p><font size="-1"><font face="Arial"><br>
</font></font></p>
<div class="moz-cite-prefix">On 7/23/2023 6:07 PM, John Crow via
tor-relays wrote:<br>
</div>
<blockquote type="cite"
cite="mid:169015008052.6.11314670290208858332.156415461@prsv.ch">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div style="font-family: Arial, sans-serif; font-size: 14px;">Hello
all, <br>
</div>
<div style="font-family: Arial, sans-serif; font-size: 14px;"><br>
</div>
<div style="font-family: Arial, sans-serif; font-size: 14px;">In
the past 24 hrs, I have been receiving complaints from my
hosting provider that they're receiving hundreds of abuse
reports related to port scanning. I have no clue why I'm all of
the sudden receiving abuse reports when this non-exit relay has
been online for months without issues. In addition, I have other
non-exit relays hosted by the same provider with no issues and
more across other providers.<br>
</div>
<div style="font-family: Arial, sans-serif; font-size: 14px;"><br>
</div>
<div style="font-family: Arial, sans-serif; font-size: 14px;">I
proceeded to reinstall the OS and reconfigure Tor. I was then
quickly notified by my hosting provider again of more abuse
reports all showing port 22 as target port. <br>
</div>
<div style="font-family: Arial, sans-serif; font-size: 14px;"><br>
</div>
<div style="font-family: Arial, sans-serif; font-size: 14px;">I
have not changed my torrc at all and it's still setup as a
non-exit relay. No other applications/services were installed
alongside Tor. Tor Metrics does not show the relay as Exit
either.<br>
</div>
<div style="font-family: Arial, sans-serif; font-size: 14px;"><br>
</div>
<div style="font-family: Arial, sans-serif; font-size: 14px;">It
feels like Tor Exit Traffic is leaking through my non-exit
relay?</div>
<div style="font-family: Arial, sans-serif; font-size: 14px;"><br>
</div>
<div style="font-family: Arial, sans-serif; font-size: 14px;">Has
anyone else experienced any behavior similar to this? Any ideas
on how to fix or prevent this?</div>
<div style="font-family: Arial, sans-serif; font-size: 14px;"><br>
</div>
<div style="font-family: Arial, sans-serif; font-size: 14px;">prsv
admin<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
tor-relays mailing list
<a class="moz-txt-link-abbreviated" href="mailto:tor-relays@lists.torproject.org">tor-relays@lists.torproject.org</a>
<a class="moz-txt-link-freetext" href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays">https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays</a>
</pre>
</blockquote>
</body>
</html>