Hello again,
indeed, the port 9050 is closed, but not filtered. I've set up a drop rule in the VPS firewall( Parallels Plesk Panel) on this port, but it's not working fine.
I am amazed by all the amount of this kind of traffic, more than 700 packets/second. According to Kent Backman, this is the clickfraud net called "Rotpoi$on" (a lot of info at https://b.kentbackman.com/2013/04/15/rotpoion-botnet-powered-by-thousands-of -servers/)
Maybe I'll be able to block all these incoming connections, but I'm afraid that overall relay performance will decrease drastically because all the filtering work...
The relay--> Atlas: newTorThird : https://atlas.torproject.org/#details/ACED456D102F634F8DB3CBE8BC9A96F2569EC3...
2013/11/5 Paritesh Boyeyoko parity.boy@gmail.com
@jj tor
The fact that your relay is refusing connections says that the port isn't open, which is a good thing.
I suspect that persons unknown have port scanned your VPS, realised that you have Tor running (on standard ports) and is speculatively using a bot to (hopefully) connect to the SOCKS interface.
I would
a) move the Tor relay to non-standard ports
b) use iptables to drop all incoming connections apart from the (new) Tor ports and shell access.
Best,
--
Parity
parity.boy@gmail.com
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays