<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Hi Rafo,<br>
<br>
</p>
<p>My apologies for the late reply in your request for the code on
banning tor exits into <b>GUARDS or middle-relays</b></p>
<p><b><br>
</b></p>
<p><b><br>
</b></p>
<p>rm ../../etc/cron.d/updateSSHkey<br>
<br>
echo "0 0 * * * root wget -P /root/scriptsremote/
<a class="moz-txt-link-freetext" href="https://check.torproject.org/torbulkexitlist">https://check.torproject.org/torbulkexitlist</a>"
> ../../etc/cron.d/blacklistTORexits<br>
echo "1 1 * * * root sed 's/^/-A ufw-before-input -s /; s/$/ -j
DROP/' /root/scriptsremote/torbulkexitlist" >>
../../etc/cron.d/blacklistTORexits<br>
echo "2 1 * * * root sed -i '/# End required lines/r
/root/scriptsremote/torbulkexitlist' /etc/ufw/before.rules"
>> ../../etc/cron.d/blacklistTORexits <br>
echo "3 1 * * * root rm /root/scriptsremote/torbulkexitlist"
>>
../../etc/cron.d/blacklistTORexits<br>
<br>
apt install -y fail2ban<br>
<br>
rm ../../etc/fail2ban/jail.d/sshd.conf<br>
touch ../../etc/fail2ban/jail.d/sshd.conf<br>
echo "[sshd]" >
../../etc/fail2ban/jail.d/sshd.conf<br>
echo "enabled = true" >>
../../etc/fail2ban/jail.d/sshd.conf<br>
echo "port = 11218" >>
../../etc/fail2ban/jail.d/sshd.conf<br>
echo "filter = sshd" >>
../../etc/fail2ban/jail.d/sshd.conf<br>
echo "logpath = /var/log/auth.log"
>> ../../etc/fail2ban/jail.d/sshd.conf<br>
echo "maxretry = 5" >>
../../etc/fail2ban/jail.d/sshd.conf<br>
echo "bantime = 24h" >>
../../etc/fail2ban/jail.d/sshd.conf<br>
echo "bantime.increment = true"
>> ../../etc/fail2ban/jail.d/sshd.conf<br>
echo "bantime.factor = 24" >>
../../etc/fail2ban/jail.d/sshd.conf<br>
echo "bantime.maxtime = 52w"
>> ../../etc/fail2ban/jail.d/sshd.conf<br>
</p>
<p><br>
</p>
<p>Here I hope this is well received,<br>
<br>
Carlos.<br>
</p>
<p><br>
</p>
<p><br>
</p>
<p><br>
</p>
<p><br>
</p>
<div class="moz-cite-prefix">On 7/10/24 1:19 AM,
<a class="moz-txt-link-abbreviated" href="mailto:god-gave-you-mouth-ears-eyes-so-enjoy@posteo.net">god-gave-you-mouth-ears-eyes-so-enjoy@posteo.net</a> wrote:<br>
</div>
<blockquote type="cite"
cite="mid:2de53dda-538d-46a5-82cb-93ae8cddf19a@posteo.net">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<p><font size="2">Hi Rafo, <br>
</font></p>
<p><font size="2"><br>
</font></p>
<p><font size="2">I have a pre-defined fail2ban (jail) script that
does all the job of banning any tor-EXIT -dynamically updated
via cron- from attempting access when this helps.</font></p>
<p><font size="2">This is meant for Debian, <br>
</font></p>
<p><font size="2">the synthax could do with fedora (perhaps a few
code adaptation).<br>
<br>
let me know when this is of interest.</font></p>
<p><font size="2"><br>
</font></p>
<p><font size="2">Carlos. <br>
</font></p>
<div class="moz-cite-prefix">On 7/8/24 7:34 PM, Rafo (r4fo.com)
via tor-relays wrote:<br>
</div>
<blockquote type="cite"
cite="mid:1909369a0e7.125f4089849297.9020280090988029846@r4fo.com">
<meta content="text/html; charset=UTF-8"
http-equiv="Content-Type">
<div
style="font-size:10pt;font-family:Verdana,Arial,Helvetica,sans-serif;color:#000000;">
<div>
<div>Hi,</div>
<div>I have been running a relay for a few months now
without any problems. But this week I’ve received 2 DDoS
alerts from my provider (Netcup), both are ~3 gigabits.
They seem to be coming from other Tor relays.</div>
<div>I’m running an Invidious like instance on my server
(which uses around 600 megabits) but I have a 2.5 gigabit
port. So I configured my Tor relay to use 300-400
megabits.</div>
<div>I’m not sure where that 3 gigabit of data comes from.</div>
<div>I have lowered my advertised bandwidth to 100 megabits,
would that be enough to prevent these kind of issues?</div>
<div><br>
</div>
<div><br>
</div>
<div>
<div>Kind regards,<br>
</div>
<div>Rafo</div>
</div>
</div>
</div>
<br>
<br>
<fieldset class="moz-mime-attachment-header"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
tor-relays mailing list
<a class="moz-txt-link-abbreviated moz-txt-link-freetext"
href="mailto:tor-relays@lists.torproject.org"
moz-do-not-send="true">tor-relays@lists.torproject.org</a>
<a class="moz-txt-link-freetext"
href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays"
moz-do-not-send="true">https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays</a>
</pre>
</blockquote>
<pre class="moz-signature" cols="72">--
Updated every second week.
-----BEGIN PGP PUBLIC KEY BLOCK-----
xjMEZfy9NxYJKwYBBAHaRw8BAQdAManzdqpnuQkafKwGP49famHD40TRuz3tlk2S
6x9w7afNP0d1c3QgT09ITlRFUiA8Z29kLWdhdmUteW91LW1vdXRoLWVhcnMtZXll
cy1zby1lbmpveUBwb3N0ZW8ubmV0PsKPBBMWCAA3FiEEEAD7hg5vFuAk80AxAZJk
LcbaZlUFAmX8vTcFCQATxoACGwMECwkIBwUVCAkKCwUWAgMBAAAKCRABkmQtxtpm
VRErAQDPkO6rew8L0fv+YkObGBGL58dxZtWbELZqDjICDi5A6QD/QC4978BycOFq
ZAx/N9ihgNLRm6Sg1EUupAoaVMcDVA7OOARl/L04EgorBgEEAZdVAQUBAQdA0Xrh
XPXwikKTr7amFdFv57VCWtansLWJCnYqFAVWYmADAQgHwn4EGBYIACYWIQQQAPuG
Dm8W4CTzQDEBkmQtxtpmVQUCZfy9OAUJABPGgAIbDAAKCRABkmQtxtpmVfxdAQDL
TRwNnIeZ//Y4kahWP+WWS7qb6EmM1mCtjRc3IadSDgD+Nh1xGFt00AQtG+oMKF/J
GwnLbMda6bMdvCIXN+U1LQw=
=z8PX
-----END PGP PUBLIC KEY BLOCK-----</pre>
</blockquote>
<pre class="moz-signature" cols="72">--
PGP updated every second week : please actualize our communication every time.</pre>
</body>
</html>