As others have mentioned, this does not look like a Tor issue to me. It more seems like a compromised or misconfigured server.
You mentioned you reinstalled the OS. Did you use the same root password? My suggestion is that you go about this step by step. First reinstall the OS with a different root password and no additional software or configuration. Wait to see if you get any abuse reports. The next step, install Tor and wait to see if you get an abuse report. And the last step would be installing any additional packages that you might be currently using for anything else if any.
This method could narrow down the cause.
On 7/23/2023 6:07 PM, John Crow via tor-relays wrote:
Hello all,
In the past 24 hrs, I have been receiving complaints from my hosting provider that they're receiving hundreds of abuse reports related to port scanning. I have no clue why I'm all of the sudden receiving abuse reports when this non-exit relay has been online for months without issues. In addition, I have other non-exit relays hosted by the same provider with no issues and more across other providers.
I proceeded to reinstall the OS and reconfigure Tor. I was then quickly notified by my hosting provider again of more abuse reports all showing port 22 as target port.
I have not changed my torrc at all and it's still setup as a non-exit relay. No other applications/services were installed alongside Tor. Tor Metrics does not show the relay as Exit either.
It feels like Tor Exit Traffic is leaking through my non-exit relay?
Has anyone else experienced any behavior similar to this? Any ideas on how to fix or prevent this?
prsv admin
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays