I know, I know about how internet works :) I’ve just simply noted a large increase in SSH brute force attempts in the last two weeks. BTW I don’t have root login enabled and I have two factor authentication on my SSH port (not standard), which is enabled only for a single low privileges user, so there’s no problem. I work for a provider and I manage IPS devices, so I know that it is common to have a large amount of intrusion attempts, I was just wondering if there was some attack against Tor nodes going on since the increase of intrusion attempts in the last few weeks :)
Best regards, Fr33d0m4All
Il giorno 04 ott 2017, alle ore 08:35, Gareth Llewellyn gareth@networksaremadeofstring.co.uk ha scritto:
-------- Original Message -------- On 4 Oct 2017, 07:02, Fr33d0m4all < fr33d0m4all@riseup.net> wrote: Hi, My Tor middle relay public IP address is victim of SSH brute force connections’ attempts
Welcome to the Internet!
Any Internet connected machine will be port scanned, vuln probed, brute forced, blindly hit with ancient "1 shot" exploits (think wordpress plugins) and trawled for include vulnerabilities (e.g. ?file=../../../etc/passwd ) on a daily basis.
It's not normally something to worry about.
Disable root login, enable certificate authentication and if you feel particularly strongly about the log noise firewall off TCP/22 or move sshd to a high numbered port.