Hi Rafo,

My apologies for the late reply in your request for the code on banning tor exits into GUARDS or middle-relays



rm ../../etc/cron.d/updateSSHkey

echo "0 0 * * *  root wget -P /root/scriptsremote/ https://check.torproject.org/torbulkexitlist"                 >  ../../etc/cron.d/blacklistTORexits
echo "1 1 * * *  root sed 's/^/-A ufw-before-input -s /; s/$/ -j DROP/' /root/scriptsremote/torbulkexitlist"         >> ../../etc/cron.d/blacklistTORexits
echo "2 1 * * *  root sed -i '/# End required lines/r /root/scriptsremote/torbulkexitlist' /etc/ufw/before.rules"      >> ../../etc/cron.d/blacklistTORexits  
echo "3 1 * * *  root rm /root/scriptsremote/torbulkexitlist"                                 >> ../../etc/cron.d/blacklistTORexits

apt install -y fail2ban

rm ../../etc/fail2ban/jail.d/sshd.conf
touch ../../etc/fail2ban/jail.d/sshd.conf
echo "[sshd]"                                         > ../../etc/fail2ban/jail.d/sshd.conf
echo "enabled = true"                                     >> ../../etc/fail2ban/jail.d/sshd.conf
echo "port = 11218"                                     >> ../../etc/fail2ban/jail.d/sshd.conf
echo "filter = sshd"                                     >> ../../etc/fail2ban/jail.d/sshd.conf
echo "logpath = /var/log/auth.log"                             >> ../../etc/fail2ban/jail.d/sshd.conf
echo "maxretry = 5"                                     >> ../../etc/fail2ban/jail.d/sshd.conf
echo "bantime = 24h"                                     >> ../../etc/fail2ban/jail.d/sshd.conf
echo "bantime.increment = true"                                 >> ../../etc/fail2ban/jail.d/sshd.conf
echo "bantime.factor = 24"                                >> ../../etc/fail2ban/jail.d/sshd.conf
echo "bantime.maxtime = 52w"                                 >> ../../etc/fail2ban/jail.d/sshd.conf
 


Here I hope this is well received,

Carlos.





On 7/10/24 1:19 AM, god-gave-you-mouth-ears-eyes-so-enjoy@posteo.net wrote:

Hi Rafo,


I have a pre-defined fail2ban (jail) script that does all the job of banning any tor-EXIT  -dynamically updated via cron- from attempting access when this helps.

This is meant for Debian,

the synthax could do with fedora (perhaps a few code adaptation).

let me know when this is of interest.


Carlos.

On 7/8/24 7:34 PM, Rafo (r4fo.com) via tor-relays wrote:
Hi,
I have been running a relay for a few months now without any problems. But this week I’ve received 2 DDoS alerts from my provider (Netcup), both are ~3 gigabits. They seem to be coming from other Tor relays.
I’m running an Invidious like instance on my server (which uses around 600 megabits) but I have a 2.5 gigabit port. So I configured my Tor relay to use 300-400 megabits.
I’m not sure where that 3 gigabit of data comes from.
I have lowered my advertised bandwidth to 100 megabits, would that be enough to prevent these kind of issues?


Kind regards,
Rafo


_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-- 
Updated every second week.

-----BEGIN PGP PUBLIC KEY BLOCK-----

xjMEZfy9NxYJKwYBBAHaRw8BAQdAManzdqpnuQkafKwGP49famHD40TRuz3tlk2S
6x9w7afNP0d1c3QgT09ITlRFUiA8Z29kLWdhdmUteW91LW1vdXRoLWVhcnMtZXll
cy1zby1lbmpveUBwb3N0ZW8ubmV0PsKPBBMWCAA3FiEEEAD7hg5vFuAk80AxAZJk
LcbaZlUFAmX8vTcFCQATxoACGwMECwkIBwUVCAkKCwUWAgMBAAAKCRABkmQtxtpm
VRErAQDPkO6rew8L0fv+YkObGBGL58dxZtWbELZqDjICDi5A6QD/QC4978BycOFq
ZAx/N9ihgNLRm6Sg1EUupAoaVMcDVA7OOARl/L04EgorBgEEAZdVAQUBAQdA0Xrh
XPXwikKTr7amFdFv57VCWtansLWJCnYqFAVWYmADAQgHwn4EGBYIACYWIQQQAPuG
Dm8W4CTzQDEBkmQtxtpmVQUCZfy9OAUJABPGgAIbDAAKCRABkmQtxtpmVfxdAQDL
TRwNnIeZ//Y4kahWP+WWS7qb6EmM1mCtjRc3IadSDgD+Nh1xGFt00AQtG+oMKF/J
GwnLbMda6bMdvCIXN+U1LQw=
=z8PX
-----END PGP PUBLIC KEY BLOCK-----
-- 
PGP updated every second week : please actualize our communication every time.