Hello Marcus,
On an ongoing basis, most of my relays get up to 4000 attempts each day. It's standard practice I guess! Many, many are from just a few IP addresses. The rest are just a few per IP address. Occasionally, I will go beyond the fail2ban "ban" and block an IP address in iptables via ufw. I then unblock that IP address in a week or two. I set fail2ban for long blocks maybe up to 12 hours (43000-seconds).
So, harden your operating system as best you can. SSH works but disable the password entry, X11, etc. if possible. This is always safe if your provider has a dashboard for you to use as a secondary access to the server. I change my SSH port number but that only slows the professionals my minutes or seconds. Remember to change the fail2ban SSH port number if you do that. Your host provider should have DDoS protection for his/her entire plant.
And don't sweat it! Learn from the experiences.
On 9/4/2018 5:35 AM, Marcus Wahle wrote:
Dear all,
Since 14:00 my logs (middle node) are spamed with around 100 faild ssh login attemps from different ips. Is there anybody else affected?
Best regards Marcus _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays