On Thu, Nov 7, 2024 at 4:02 PM <tor-relays-request@lists.torproject.org> wrote:

Send tor-relays mailing list submissions to
tor-relays@lists.torproject.org

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
or, via email, send a message with subject or body 'help' to
tor-relays-request@lists.torproject.org

You can reach the person managing the list at
tor-relays-owner@lists.torproject.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of tor-relays digest..."

Today's Topics:

1. Re: Fwd: [Abuse #KMLTFQPGVQ] Abusive use of your service
vps-3e661acc.vps.ovh.net (Ren? Ladan)
2. Re: Raspberry Pi 4 (Michael W?chter)
3. Re: Fwd: [Abuse #KMLTFQPGVQ] Abusive use of your service
vps-3e661acc.vps.ovh.net (George Hartley)

----------------------------------------------------------------------

Message: 1
Date: Mon, 4 Nov 2024 18:33:25 +0100
From: Ren? Ladan <rene0@freedom.nl>
To: tor-relays@lists.torproject.org
Subject: Re: [tor-relays] Fwd: [Abuse #KMLTFQPGVQ] Abusive use of your
service vps-3e661acc.vps.ovh.net
Message-ID: <a0332b84-ada5-435a-8f02-3eaae04b236e@freedom.nl>
Content-Type: text/plain; charset=UTF-8; format=flowed

On 11/3/24 05:10, Keifer Bly wrote:
> Just got this note, I run a middle relay on ovh. Why would this suddenly
> happen? Thanks. Relay is usdeserveprivacy
>
Interestingly (for some definition), I got an abuse mail forwarded by my
ISP today with exactly the same destination addresses and from the same
last Friday as in the your report.

>
> --Keifer
>

Regards,
Ren?

> ---------- Forwarded message ---------
> From: <ticket+KMLTFQPGVQ.ca83@abuse.ovh.net
> <mailto:ticket%2BKMLTFQPGVQ.ca83@abuse.ovh.net>>
> Date: Sat, Nov 2, 2024, 9:07?PM
> Subject: [Abuse #KMLTFQPGVQ] Abusive use of your service
> vps-3e661acc.vps.ovh.net <http://vps-3e661acc.vps.ovh.net>
> To: <keifer.bly@gmail.com <mailto:keifer.bly@gmail.com>>
>
>
> Hello,
>
> An abusive behaviour (Intrusion) originating from your VPS
> vps-3e661acc[.]vps[.]ovh[.]net has been reported to or noticed by our
> Abuse Team.
>
> Technical details showing the aforementioned problem follow :
>
> -- start of the technical details --
>
> <html>
> <head>
> <meta http-equiv="Content-Type" content="text/html;
> charset=us-ascii"></head>
> <body><pre>
> Greetings Fellow Sys Ad/s
>
> I hope this message finds you well. I'm reaching out to you today
> regarding a matter of potential concern involving one or more IP
> addresses associated with your system
> Our network security logs have recently detected unusual activity
> originating from these IP addresses. While we understand that such
> incidents can sometimes occur innocently, it's crucial to
> investigate and address them promptly to ensure the security of all
> networks involved
>
>
> To assist you in understanding the situation, we have provided the
> relevant log data below, with timestamps adjusted to our GMT &#43;8
> timezone:
>
>
> ? ? ? ? ? ? ? ? DateTime? ?Action AttackClass? ? ? ?SourceIP Srcport
> Protocol? ? DestinationIP DestPort
> 0? ?01-Nov-2024 05:07:55? ?DENIED? ? ? ? ? ? ? 51[.]68[.]197[.]220
> ?44959? ? ? TCP? ? 202[.]91[.]161[.]97? ? ? ?22
> 1? ?01-Nov-2024 05:24:37? ?DENIED? ? ? ? ? ? ? 51[.]68[.]197[.]220
> ?58734? ? ? TCP? ? 202[.]91[.]161[.]98? ? ? ?22
> 2? ?01-Nov-2024 08:48:23? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220
> 8551? ? ? TCP? ?202[.]91[.]161[.]132? ? ? ?22
> 3? ?01-Nov-2024 08:53:27? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220
> 2419? ? ? TCP? ?202[.]91[.]161[.]169? ? ? ?22
> 4? ?01-Nov-2024 08:58:05? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220
> 5917? ? ? TCP? 192[.]168[.]200[.]216? ? ? ?22
> 5? ?01-Nov-2024 08:59:24? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220
> ?56858? ? ? TCP? ?202[.]91[.]161[.]132? ? ? ?22
> 6? ?01-Nov-2024 09:04:23? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220
> ?32161? ? ? TCP? ?202[.]91[.]161[.]169? ? ? ?22
> 7? ?01-Nov-2024 09:17:30? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220
> ?33472? ? ? TCP? ?202[.]91[.]161[.]132? ? ? ?22
> 8? ?01-Nov-2024 09:18:02? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220
> ?11282? ? ? TCP? ?202[.]91[.]161[.]132? ? ? ?22
> 9? ?01-Nov-2024 09:19:00? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220
> 3727? ? ? TCP? ?202[.]91[.]161[.]132? ? ? ?22
> 10? 01-Nov-2024 09:20:31? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220
> 4388? ? ? TCP? ?202[.]91[.]161[.]169? ? ? ?22
> 11? 01-Nov-2024 09:25:57? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220
> 6898? ? ? TCP? ?202[.]91[.]161[.]165? ? ? ?22
> 12? 01-Nov-2024 09:32:06? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220
> ?18202? ? ? TCP? ?202[.]91[.]161[.]132? ? ? ?22
> 13? 01-Nov-2024 09:39:40? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220
> ?51142? ? ? TCP? ?202[.]91[.]161[.]132? ? ? ?22
> 14? 01-Nov-2024 09:45:32? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220
> ?46914? ? ? TCP? 192[.]168[.]200[.]216? ? ? ?22
> 15? 01-Nov-2024 10:40:48? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220
> ?60991? ? ? TCP? 192[.]168[.]200[.]216? ? ? ?22
> 16? 01-Nov-2024 10:42:58? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220
> ?42833? ? ? TCP? ?202[.]91[.]161[.]132? ? ? ?22
> 17? 01-Nov-2024 10:47:13? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220
> ?38382? ? ? TCP? ?202[.]91[.]161[.]132? ? ? ?22
> 18? 01-Nov-2024 10:47:23? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220
> ?30596? ? ? TCP? 192[.]168[.]200[.]216? ? ? ?22
> 19? 01-Nov-2024 10:47:46? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220
> ?56767? ? ? TCP? ?202[.]91[.]161[.]185? ? ? ?22
> 20? 01-Nov-2024 10:52:10? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220
> 8983? ? ? TCP? ?202[.]91[.]161[.]132? ? ? ?22
> 21? 01-Nov-2024 10:55:04? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220
> ?55684? ? ? TCP? 192[.]168[.]200[.]216? ? ? ?22
> 22? 01-Nov-2024 10:57:43? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220
> ?37003? ? ? TCP? ?202[.]91[.]161[.]185? ? ? ?22
> 23? 01-Nov-2024 10:58:43? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220
> ?10524? ? ? TCP? 192[.]168[.]200[.]216? ? ? ?22
> 24? 01-Nov-2024 11:01:06? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220
> 6384? ? ? TCP? ?202[.]91[.]161[.]132? ? ? ?22
> 25? 01-Nov-2024 11:03:46? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220
> 6779? ? ? TCP? ?202[.]91[.]161[.]185? ? ? ?22
> 26? 01-Nov-2024 11:06:05? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220
> ?23062? ? ? TCP? 192[.]168[.]200[.]216? ? ? ?22
> 27? 01-Nov-2024 11:58:01? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220
> ?33174? ? ? TCP? ?202[.]91[.]161[.]132? ? ? ?22
> 28? 01-Nov-2024 11:58:05? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220
> ?29422? ? ? TCP? ?202[.]91[.]161[.]132? ? ? ?22
> 29? 01-Nov-2024 11:58:26? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220
> ?53504? ? ? TCP? ?202[.]91[.]161[.]185? ? ? ?22
> 30? 01-Nov-2024 12:00:03? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220
> 5898? ? ? TCP? 192[.]168[.]200[.]216? ? ? ?22
> 31? 01-Nov-2024 12:00:20? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220
> ?38324? ? ? TCP? ?202[.]91[.]161[.]185? ? ? ?22
> 32? 01-Nov-2024 12:00:30? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220
> 6362? ? ? TCP? ?202[.]91[.]161[.]132? ? ? ?22
> 33? 01-Nov-2024 12:03:11? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220
> ?38581? ? ? TCP? ?202[.]91[.]161[.]132? ? ? ?22
> 34? 01-Nov-2024 12:05:37? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220
> ?43932? ? ? TCP? ?202[.]91[.]161[.]132? ? ? ?22
> 35? 01-Nov-2024 12:07:27? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220
> 5141? ? ? TCP? ?202[.]91[.]161[.]185? ? ? ?22
> 36? 01-Nov-2024 12:08:42? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220
> ?56161? ? ? TCP? ?202[.]91[.]161[.]132? ? ? ?22
> 37? 01-Nov-2024 12:12:26? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220
> 6269? ? ? TCP? ?202[.]91[.]161[.]132? ? ? ?22
> 38? 01-Nov-2024 12:14:33? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220
> ?164? ? ? TCP? 192[.]168[.]200[.]216? ? ? ?22
> 39? 01-Nov-2024 12:15:48? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220
> ?25787? ? ? TCP? ?202[.]91[.]161[.]185? ? ? ?22
> 40? 01-Nov-2024 12:16:39? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220
> 9188? ? ? TCP? ?202[.]91[.]161[.]185? ? ? ?22
> 41? 01-Nov-2024 12:16:58? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220
> ?32317? ? ? TCP? ?202[.]91[.]161[.]132? ? ? ?22
> 42? 01-Nov-2024 12:22:28? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220
> ?21955? ? ? TCP? ?202[.]91[.]161[.]185? ? ? ?22
> 43? 01-Nov-2024 12:29:50? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220
> ?33563? ? ? TCP? ?202[.]91[.]161[.]185? ? ? ?22
> 44? 01-Nov-2024 12:32:18? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220
> ?48519? ? ? TCP? ?202[.]91[.]161[.]132? ? ? ?22
> 45? 01-Nov-2024 12:33:24? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220
> ?42914? ? ? TCP? ?202[.]91[.]161[.]132? ? ? ?22
> 46? 01-Nov-2024 12:34:07? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220
> ?11296? ? ? TCP? ?202[.]91[.]161[.]185? ? ? ?22
> 47? 01-Nov-2024 12:36:43? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220
> 6522? ? ? TCP? ?202[.]91[.]161[.]132? ? ? ?22
> 48? 01-Nov-2024 12:37:55? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220
> ?57962? ? ? TCP? ?202[.]91[.]161[.]185? ? ? ?22
> 49? 01-Nov-2024 12:37:56? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220
> ?53189? ? ? TCP? ?202[.]91[.]161[.]132? ? ? ?22
> 50? 01-Nov-2024 12:39:29? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220
> 7411? ? ? TCP? 192[.]168[.]200[.]216? ? ? ?22
> 51? 01-Nov-2024 12:41:51? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220
> ?27413? ? ? TCP? 192[.]168[.]200[.]216? ? ? ?22
> 52? 01-Nov-2024 12:44:00? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220
> ?355? ? ? TCP? ?202[.]91[.]161[.]181? ? ? ?22
> 53? 01-Nov-2024 12:50:35? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220
> ?28953? ? ? TCP? ?202[.]91[.]161[.]185? ? ? ?22
> 54? 01-Nov-2024 12:50:53? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220
> ?46927? ? ? TCP? 192[.]168[.]200[.]216? ? ? ?22
> 55? 01-Nov-2024 12:52:00? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220
> ?45122? ? ? TCP? ?202[.]91[.]161[.]185? ? ? ?22
> 56? 01-Nov-2024 12:55:04? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220
> 4184? ? ? TCP? ?202[.]91[.]161[.]181? ? ? ?22
> 57? 01-Nov-2024 12:55:15? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220
> ?33245? ? ? TCP? ?202[.]91[.]161[.]185? ? ? ?22
> 58? 01-Nov-2024 12:57:38? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220
> ?50897? ? ? TCP? 192[.]168[.]200[.]216? ? ? ?22
> 59? 01-Nov-2024 12:58:58? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220
> ?35903? ? ? TCP? ?202[.]91[.]161[.]132? ? ? ?22
> 60? 01-Nov-2024 12:59:35? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220
> ?16158? ? ? TCP? 192[.]168[.]200[.]216? ? ? ?22
> 61? 01-Nov-2024 13:01:40? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220
> ?18404? ? ? TCP? ?202[.]91[.]161[.]181? ? ? ?22
> 62? 01-Nov-2024 13:04:12? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220
> ?32885? ? ? TCP? ?202[.]91[.]161[.]181? ? ? ?22
> 63? 01-Nov-2024 13:05:50? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220
> 6316? ? ? TCP? ?202[.]91[.]161[.]132? ? ? ?22
>
> We believe that by working together to resolve this matter swiftly, we
> can help safeguard the integrity of our networks and prevent any further
> issues. If you require any additional information or support from our
> end to facilitate your investigation, please don't hesitate to reach
> out.
> Your prompt attention to this matter would be greatly appreciated. We
> value your expertise and cooperation in resolving this situation
> effectively. Thank you for your time and consideration.
> For any corrections/updates, kindly email email-
> removed@provider[.]com</pre></body></html>
>
> -- end of the technical details --
>
> Your should investigate and fix this problem, as it constitutes a
> violation to our terms of service.
>
> Please answer to this e-mail indicating which measures you've taken to
> stop the abusive behaviour.
>
> Cordially,
>
> The OVHcloud Trust & Safety team.
>
> _______________________________________________
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

------------------------------

Message: 2
Date: Mon, 4 Nov 2024 14:30:59 +0100
From: Michael W?chter <mwaechter@mac.com>
To: tor-relays@lists.torproject.org
Subject: Re: [tor-relays] Raspberry Pi 4
Message-ID: <A709A06F-E27D-40CE-8A9F-43D028277066@mac.com>
Content-Type: text/plain; charset="utf-8"

Hi all,
I?m running a relay on a Pi 4 now for almost 2 years, almost no issues at all. Average CPU load 40 %, average bandwidth 5 MB.
Updating to a newer version of tor is a bit tricky.

Rads

Michael

> Am 04.11.2024 um 12:40 schrieb jl2238--- via tor-relays <tor-relays@lists.torproject.org>:
>
> It works. My relay is running on a Raspberry Pi 4B with 4 GB RAM. Bandwith for the relay is 2 Mbit/s, CPU Load of the relay is about 20 %
>
>
> Am 02.11.24 um 02:15 schrieb Keifer Bly:
>> Hi,
>>
>> So I am wondering, is a Raspberry Pi 4 a recommended device to run a tor relay on? In terms of traffic load, etc? Thanks.
>> --Keifer
>>
>>
>> _______________________________________________
>> tor-relays mailing list
>> tor-relays@lists.torproject.org <mailto:tor-relays@lists.torproject.org>
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
> _______________________________________________
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20241104/9532b67f/attachment-0001.htm>

------------------------------

Message: 3
Date: Mon, 04 Nov 2024 15:20:03 +0000
From: George Hartley <hartley_george@proton.me>
To: tor-relays@lists.torproject.org, "keifer.bly@gmail.com"
<keifer.bly@gmail.com>
Subject: Re: [tor-relays] Fwd: [Abuse #KMLTFQPGVQ] Abusive use of your
service vps-3e661acc.vps.ovh.net
Message-ID:
<IwMyGOQwlNQjQxQIOAcKCsA7YYx40TJw4qTnSYv9cIr6DYdJiretcJRV8COokjvUNPIYv4ehCdEzfWstIACjTGDiMmJdaD6jFhrlQ85WakM=@proton.me>

Content-Type: text/plain; charset="utf-8"

Hello,

it's best to ask the host, we are not from OVH around here :)

You might be a victim of the public tor relay spoofed IP SSH port scan attack.

Install tcpdump, and do the following using sudo / root capabilities:

> tcpdump dst 22

If you see a large number of inbound connections, I suppose you could block the attempts (if you have a legitimate sshd running on port 22) with some IPTables magic.

I attached the script, just please don't lock yourself out - which is very likely because my DEFAULT policy for INBOUND traffic is to DROP it!

Make sure to add the ports you NEED!

Thanks,
-GH

On Sunday, November 3rd, 2024 at 5:10 AM, Keifer Bly keifer.bly@gmail.com wrote:

> Just got this note, I run a middle relay on ovh. Why would this suddenly happen? Thanks. Relay is usdeserveprivacy
>

> --Keifer
>

> ---------- Forwarded message ---------
> From: ticket+KMLTFQPGVQ.ca83@abuse.ovh.net
> Date: Sat, Nov 2, 2024, 9:07?PM
> Subject: [Abuse #KMLTFQPGVQ] Abusive use of your service vps-3e661acc.vps.ovh.net
> To: keifer.bly@gmail.com
>

> Hello,
>

> An abusive behaviour (Intrusion) originating from your VPS vps-3e661acc[.]vps[.]ovh[.]net has been reported to or noticed by our Abuse Team.
>

> Technical details showing the aforementioned problem follow :
>

> -- start of the technical details --
>

> <html>
> <head>
> <meta http-equiv="Content-Type" content="text/html; charset=us-ascii"></head>
> <body><pre>
> Greetings Fellow Sys Ad/s
>

> I hope this message finds you well. I'm reaching out to you today regarding a matter of potential concern involving one or more IP addresses associated with your system
> Our network security logs have recently detected unusual activity originating from these IP addresses. While we understand that such incidents can sometimes occur innocently, it's crucial to investigate and address them promptly to ensure the security of all networks involved
>

> To assist you in understanding the situation, we have provided the relevant log data below, with timestamps adjusted to our GMT +8 timezone:
>

> DateTime Action AttackClass SourceIP Srcport Protocol DestinationIP DestPort
> 0 01-Nov-2024 05:07:55 DENIED 51[.]68[.]197[.]220 44959 TCP 202[.]91[.]161[.]97 22
> 1 01-Nov-2024 05:24:37 DENIED 51[.]68[.]197[.]220 58734 TCP 202[.]91[.]161[.]98 22
> 2 01-Nov-2024 08:48:23 BLOCKED 51[.]68[.]197[.]220 8551 TCP 202[.]91[.]161[.]132 22
> 3 01-Nov-2024 08:53:27 BLOCKED 51[.]68[.]197[.]220 2419 TCP 202[.]91[.]161[.]169 22
> 4 01-Nov-2024 08:58:05 BLOCKED 51[.]68[.]197[.]220 5917 TCP 192[.]168[.]200[.]216 22
> 5 01-Nov-2024 08:59:24 BLOCKED 51[.]68[.]197[.]220 56858 TCP 202[.]91[.]161[.]132 22
> 6 01-Nov-2024 09:04:23 BLOCKED 51[.]68[.]197[.]220 32161 TCP 202[.]91[.]161[.]169 22
> 7 01-Nov-2024 09:17:30 BLOCKED 51[.]68[.]197[.]220 33472 TCP 202[.]91[.]161[.]132 22
> 8 01-Nov-2024 09:18:02 BLOCKED 51[.]68[.]197[.]220 11282 TCP 202[.]91[.]161[.]132 22
> 9 01-Nov-2024 09:19:00 BLOCKED 51[.]68[.]197[.]220 3727 TCP 202[.]91[.]161[.]132 22
> 10 01-Nov-2024 09:20:31 BLOCKED 51[.]68[.]197[.]220 4388 TCP 202[.]91[.]161[.]169 22
> 11 01-Nov-2024 09:25:57 BLOCKED 51[.]68[.]197[.]220 6898 TCP 202[.]91[.]161[.]165 22
> 12 01-Nov-2024 09:32:06 BLOCKED 51[.]68[.]197[.]220 18202 TCP 202[.]91[.]161[.]132 22
> 13 01-Nov-2024 09:39:40 BLOCKED 51[.]68[.]197[.]220 51142 TCP 202[.]91[.]161[.]132 22
> 14 01-Nov-2024 09:45:32 BLOCKED 51[.]68[.]197[.]220 46914 TCP 192[.]168[.]200[.]216 22
> 15 01-Nov-2024 10:40:48 BLOCKED 51[.]68[.]197[.]220 60991 TCP 192[.]168[.]200[.]216 22
> 16 01-Nov-2024 10:42:58 BLOCKED 51[.]68[.]197[.]220 42833 TCP 202[.]91[.]161[.]132 22
> 17 01-Nov-2024 10:47:13 BLOCKED 51[.]68[.]197[.]220 38382 TCP 202[.]91[.]161[.]132 22
> 18 01-Nov-2024 10:47:23 BLOCKED 51[.]68[.]197[.]220 30596 TCP 192[.]168[.]200[.]216 22
> 19 01-Nov-2024 10:47:46 BLOCKED 51[.]68[.]197[.]220 56767 TCP 202[.]91[.]161[.]185 22
> 20 01-Nov-2024 10:52:10 BLOCKED 51[.]68[.]197[.]220 8983 TCP 202[.]91[.]161[.]132 22
> 21 01-Nov-2024 10:55:04 BLOCKED 51[.]68[.]197[.]220 55684 TCP 192[.]168[.]200[.]216 22
> 22 01-Nov-2024 10:57:43 BLOCKED 51[.]68[.]197[.]220 37003 TCP 202[.]91[.]161[.]185 22
> 23 01-Nov-2024 10:58:43 BLOCKED 51[.]68[.]197[.]220 10524 TCP 192[.]168[.]200[.]216 22
> 24 01-Nov-2024 11:01:06 BLOCKED 51[.]68[.]197[.]220 6384 TCP 202[.]91[.]161[.]132 22
> 25 01-Nov-2024 11:03:46 BLOCKED 51[.]68[.]197[.]220 6779 TCP 202[.]91[.]161[.]185 22
> 26 01-Nov-2024 11:06:05 BLOCKED 51[.]68[.]197[.]220 23062 TCP 192[.]168[.]200[.]216 22
> 27 01-Nov-2024 11:58:01 BLOCKED 51[.]68[.]197[.]220 33174 TCP 202[.]91[.]161[.]132 22
> 28 01-Nov-2024 11:58:05 BLOCKED 51[.]68[.]197[.]220 29422 TCP 202[.]91[.]161[.]132 22
> 29 01-Nov-2024 11:58:26 BLOCKED 51[.]68[.]197[.]220 53504 TCP 202[.]91[.]161[.]185 22
> 30 01-Nov-2024 12:00:03 BLOCKED 51[.]68[.]197[.]220 5898 TCP 192[.]168[.]200[.]216 22
> 31 01-Nov-2024 12:00:20 BLOCKED 51[.]68[.]197[.]220 38324 TCP 202[.]91[.]161[.]185 22
> 32 01-Nov-2024 12:00:30 BLOCKED 51[.]68[.]197[.]220 6362 TCP 202[.]91[.]161[.]132 22
> 33 01-Nov-2024 12:03:11 BLOCKED 51[.]68[.]197[.]220 38581 TCP 202[.]91[.]161[.]132 22
> 34 01-Nov-2024 12:05:37 BLOCKED 51[.]68[.]197[.]220 43932 TCP 202[.]91[.]161[.]132 22
> 35 01-Nov-2024 12:07:27 BLOCKED 51[.]68[.]197[.]220 5141 TCP 202[.]91[.]161[.]185 22
> 36 01-Nov-2024 12:08:42 BLOCKED 51[.]68[.]197[.]220 56161 TCP 202[.]91[.]161[.]132 22
> 37 01-Nov-2024 12:12:26 BLOCKED 51[.]68[.]197[.]220 6269 TCP 202[.]91[.]161[.]132 22
> 38 01-Nov-2024 12:14:33 BLOCKED 51[.]68[.]197[.]220 164 TCP 192[.]168[.]200[.]216 22
> 39 01-Nov-2024 12:15:48 BLOCKED 51[.]68[.]197[.]220 25787 TCP 202[.]91[.]161[.]185 22
> 40 01-Nov-2024 12:16:39 BLOCKED 51[.]68[.]197[.]220 9188 TCP 202[.]91[.]161[.]185 22
> 41 01-Nov-2024 12:16:58 BLOCKED 51[.]68[.]197[.]220 32317 TCP 202[.]91[.]161[.]132 22
> 42 01-Nov-2024 12:22:28 BLOCKED 51[.]68[.]197[.]220 21955 TCP 202[.]91[.]161[.]185 22
> 43 01-Nov-2024 12:29:50 BLOCKED 51[.]68[.]197[.]220 33563 TCP 202[.]91[.]161[.]185 22
> 44 01-Nov-2024 12:32:18 BLOCKED 51[.]68[.]197[.]220 48519 TCP 202[.]91[.]161[.]132 22
> 45 01-Nov-2024 12:33:24 BLOCKED 51[.]68[.]197[.]220 42914 TCP 202[.]91[.]161[.]132 22
> 46 01-Nov-2024 12:34:07 BLOCKED 51[.]68[.]197[.]220 11296 TCP 202[.]91[.]161[.]185 22
> 47 01-Nov-2024 12:36:43 BLOCKED 51[.]68[.]197[.]220 6522 TCP 202[.]91[.]161[.]132 22
> 48 01-Nov-2024 12:37:55 BLOCKED 51[.]68[.]197[.]220 57962 TCP 202[.]91[.]161[.]185 22
> 49 01-Nov-2024 12:37:56 BLOCKED 51[.]68[.]197[.]220 53189 TCP 202[.]91[.]161[.]132 22
> 50 01-Nov-2024 12:39:29 BLOCKED 51[.]68[.]197[.]220 7411 TCP 192[.]168[.]200[.]216 22
> 51 01-Nov-2024 12:41:51 BLOCKED 51[.]68[.]197[.]220 27413 TCP 192[.]168[.]200[.]216 22
> 52 01-Nov-2024 12:44:00 BLOCKED 51[.]68[.]197[.]220 355 TCP 202[.]91[.]161[.]181 22
> 53 01-Nov-2024 12:50:35 BLOCKED 51[.]68[.]197[.]220 28953 TCP 202[.]91[.]161[.]185 22
> 54 01-Nov-2024 12:50:53 BLOCKED 51[.]68[.]197[.]220 46927 TCP 192[.]168[.]200[.]216 22
> 55 01-Nov-2024 12:52:00 BLOCKED 51[.]68[.]197[.]220 45122 TCP 202[.]91[.]161[.]185 22
> 56 01-Nov-2024 12:55:04 BLOCKED 51[.]68[.]197[.]220 4184 TCP 202[.]91[.]161[.]181 22
> 57 01-Nov-2024 12:55:15 BLOCKED 51[.]68[.]197[.]220 33245 TCP 202[.]91[.]161[.]185 22
> 58 01-Nov-2024 12:57:38 BLOCKED 51[.]68[.]197[.]220 50897 TCP 192[.]168[.]200[.]216 22
> 59 01-Nov-2024 12:58:58 BLOCKED 51[.]68[.]197[.]220 35903 TCP 202[.]91[.]161[.]132 22
> 60 01-Nov-2024 12:59:35 BLOCKED 51[.]68[.]197[.]220 16158 TCP 192[.]168[.]200[.]216 22
> 61 01-Nov-2024 13:01:40 BLOCKED 51[.]68[.]197[.]220 18404 TCP 202[.]91[.]161[.]181 22
> 62 01-Nov-2024 13:04:12 BLOCKED 51[.]68[.]197[.]220 32885 TCP 202[.]91[.]161[.]181 22
> 63 01-Nov-2024 13:05:50 BLOCKED 51[.]68[.]197[.]220 6316 TCP 202[.]91[.]161[.]132 22
>

> We believe that by working together to resolve this matter swiftly, we can help safeguard the integrity of our networks and prevent any further issues. If you require any additional information or support from our end to facilitate your investigation, please don't hesitate to reach out.
> Your prompt attention to this matter would be greatly appreciated. We value your expertise and cooperation in resolving this situation effectively. Thank you for your time and consideration.
> For any corrections/updates, kindly email email-removed@provider[.]com</pre></body></html>
>

> -- end of the technical details --
>

> Your should investigate and fix this problem, as it constitutes a violation to our terms of service.
>

> Please answer to this e-mail indicating which measures you've taken to stop the abusive behaviour.
>

> Cordially,
>

> The OVHcloud Trust & Safety team.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20241104/e6aaef5c/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ip4tables.sh
Type: application/x-shellscript
Size: 843 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20241104/e6aaef5c/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: publickey - hartley_george@proton.me - 0xAEE8E00F.asc
Type: application/pgp-keys
Size: 657 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20241104/e6aaef5c/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 249 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20241104/e6aaef5c/attachment.sig>

------------------------------

Subject: Digest Footer

_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

------------------------------

End of tor-relays Digest, Vol 166, Issue 7
******************************************