If you are just talking about regular server hacking attempts, and you are using debian, tben try demyhosts and have it query the demyhosts server every hour or so. It will download a list of known attacking ips On Aug 2, 2013 3:41 PM, "Bryan Carey" z0civic483@gmail.com wrote:
Is there any kind of compiled list of IPs that relay operators can refer to that are known bad IPs (sources of brute force SSH attempts, etc.)? Is there a reason to NOT block (drop) traffic from these IPs?
Here are some that I have seen recently trying to brute force common user accounts and root password attempts: 198.50.197.98 220.161.148.178 223.4.217.47 199.187.125.250 175.99.95.252 62.64.83.38 125.209.110.234 37.235.53.172
Also, in general what are some good security practices to keep in mind while running a Tor relay?
Thanks, Bryan
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays