Hi LB, SSH attacks happen 24/7 and are just stupid brute force mostly without any reason. You already setted up key auth and hopefully disabled password auth. You can block brute force by setting up a log watcher like fail2ban. That application follows the auth.log file on your server and adds an iptables rules to drop the traffic from the attacker. ~Josef Am 22.10.2015 um 21:13 schrieb Larry Brandt:

Hello, I need some advise on a situation new to me. I operate a VPS exit node in Romania, a VPS guard node in the Czech Republic, a middle node and bridge in the US. All are SSH public key authentication protocol 2. Over the last 5 weeks all of these servers have been under attack by IPs in the range 43.229.52.00 to 43.229.55.255. Maybe 24 different IP addresses. I have contacted the operator in Hong Kong on four different occasions but I've received no relief from the attempted attacks nor have they communicated back to me--as I have requested. Attack counts are in the 100,000s. I have no personal information stored on any of these servers--only public info via Tor is available. And then, how the hell did they get the address of my bridge? I see break-in attempts all the time but never at this volume. The break-in attempts have been thwarted to date and will probably remain so. But I find the situation disconcerting and irritating. Should I ignore these efforts? Should I send abuse reports to someone? Who? Any sage advice out there? Did I give away any secure info just now? lol LB

_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays