On Wed, Oct 04, 2017 at 02:32:10PM +0100, Robin wrote: :I restrict SSH access with iptables allowing only access from two IP addresses (work, and home). :I also disable root login (as many already do), as well as use the AllowUsers option in SSH.
Hard for me to tell if my Tor nodes get any more scans becasue I have a similar IP restricted setup.
I can say a public login system that I run currenlty has 144 hosts blacklisted by sshguard which means they've failed a number of login attempts and atleast one in the past 2 minutes, not sure what the average size of that list is but that subjectively seems normalish
Someone did apparently try to DoS my exit a couple weeks ago and Akamai/Prolexic (contracted by my upstream provider so I had no contacts) helpfully "mittigated" this by null routing the whole /24 it was on :( This is more a fight between me and my provider but I still have no response on what triggered that so can't provide any more detail, just eventually went away on it's own.
-Jon
: :regards, Robin : :----- Original message ----- :From: Fr33d0m4all fr33d0m4all@riseup.net :To: tor-relays@lists.torproject.org :Subject: [tor-relays] SSH brute force attempts to connect to my Middle Relay IP address :Date: Wed, 4 Oct 2017 08:02:55 +0200 : :Hi, :My Tor middle relay public IP address is victim of SSH brute force connections’ attempts and the attack is going on since two weeks ago. It’s not a problem, the server that is listening with SSH on the same IP address than my Tor relay blocks the connections and bans the IP addresses (with Fail2Ban) but I just wanted to know if there is some campaign of attacks carried against Tor relays.. are you experiencing the same? The attacks are carried on with a botnet given the large amount of different IP addresses that I see in the logs. : :Best regards, : Fr33d0m4All :_______________________________________________ :tor-relays mailing list :tor-relays@lists.torproject.org :https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays :_______________________________________________ :tor-relays mailing list :tor-relays@lists.torproject.org :https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
--