On 2015-01-04 09:07, Daniel Case wrote:
On 4 January 2015 at 11:00, kura@kura.io wrote:
I should have specified that I was talking about brute force attempts against http servers, not SSH servers. I don't get any complaints about SSH brute force attempts.
I have also had a spike these last few days, mainly against sysads running Wordpress. I just send a standard reply...
I find these come in short waves. In my case, they're also about claimed (and probably accurately so) activity from one relay, but not from another relay that also exits to port 80.
Perhaps at least one someone is running scans, and explicitly selecting one particular relay or set of relays rather than letting Tor pick randomly.
Richard