On October 3, 2017 11:02:55 PM PDT, Fr33d0m4all fr33d0m4all@riseup.net wrote:
Hi, My Tor middle relay public IP address is victim of SSH brute force connections’ attempts and the attack is going on since two weeks ago. It’s not a problem, the server that is listening with SSH on the same IP address than my Tor relay blocks the connections and bans the IP addresses (with Fail2Ban) but I just wanted to know if there is some campaign of attacks carried against Tor relays.. are you experiencing the same? The attacks are carried on with a botnet given the large amount of different IP addresses that I see in the logs.
This happens to any machine with an open ssh port on the internet. Just set up ssh keys for login, disable password auth, and ignore the fruitless attempts. I personally don't bother with f2b. The only time I ever bother blocking attackers is if I'm trying to live view my logs and the attacks are polluting my view. Otherwise it's not worth my time.
--Sean