Furthermore, an identical email was received on a server operated by me, Running I2PD. The email originated from watchdogcyberdefense.com, which is hosted on a server located in the Philippines. Additionally, the company has published an article on this matter, which can be accessed via the following link: https://watchdogcyberdefense.com/2024/11/is-this-attackers-ip-spoofed/.
On Thu, Nov 7, 2024 at 4:02 PM tor-relays-request@lists.torproject.org wrote:
Send tor-relays mailing list submissions to tor-relays@lists.torproject.org
To subscribe or unsubscribe via the World Wide Web, visit https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays or, via email, send a message with subject or body 'help' to tor-relays-request@lists.torproject.org
You can reach the person managing the list at tor-relays-owner@lists.torproject.org
When replying, please edit your Subject line so it is more specific than "Re: Contents of tor-relays digest..."
Today's Topics:
- Re: Fwd: [Abuse #KMLTFQPGVQ] Abusive use of your service vps-3e661acc.vps.ovh.net (Ren? Ladan)
- Re: Raspberry Pi 4 (Michael W?chter)
- Re: Fwd: [Abuse #KMLTFQPGVQ] Abusive use of your service vps-3e661acc.vps.ovh.net (George Hartley)
Message: 1 Date: Mon, 4 Nov 2024 18:33:25 +0100 From: Ren? Ladan rene0@freedom.nl To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] Fwd: [Abuse #KMLTFQPGVQ] Abusive use of your service vps-3e661acc.vps.ovh.net Message-ID: a0332b84-ada5-435a-8f02-3eaae04b236e@freedom.nl Content-Type: text/plain; charset=UTF-8; format=flowed
On 11/3/24 05:10, Keifer Bly wrote:
Just got this note, I run a middle relay on ovh. Why would this suddenly happen? Thanks. Relay is usdeserveprivacy
Interestingly (for some definition), I got an abuse mail forwarded by my ISP today with exactly the same destination addresses and from the same last Friday as in the your report.
--Keifer
Regards, Ren?
---------- Forwarded message --------- From: <ticket+KMLTFQPGVQ.ca83@abuse.ovh.net mailto:ticket%2BKMLTFQPGVQ.ca83@abuse.ovh.net> Date: Sat, Nov 2, 2024, 9:07?PM Subject: [Abuse #KMLTFQPGVQ] Abusive use of your service vps-3e661acc.vps.ovh.net http://vps-3e661acc.vps.ovh.net To: <keifer.bly@gmail.com mailto:keifer.bly@gmail.com>
Hello,
An abusive behaviour (Intrusion) originating from your VPS vps-3e661acc[.]vps[.]ovh[.]net has been reported to or noticed by our Abuse Team.
Technical details showing the aforementioned problem follow :
-- start of the technical details --
<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=us-ascii"></head> <body><pre> Greetings Fellow Sys Ad/s
I hope this message finds you well. I'm reaching out to you today regarding a matter of potential concern involving one or more IP addresses associated with your system Our network security logs have recently detected unusual activity originating from these IP addresses. While we understand that such incidents can sometimes occur innocently, it's crucial to investigate and address them promptly to ensure the security of all networks involved
To assist you in understanding the situation, we have provided the relevant log data below, with timestamps adjusted to our GMT &#43;8 timezone:
? ? ? ? ? ? ? ? DateTime? ?Action AttackClass? ? ? ?SourceIP Srcport Protocol? ? DestinationIP DestPort 0? ?01-Nov-2024 05:07:55? ?DENIED? ? ? ? ? ? ? 51[.]68[.]197[.]220 ?44959? ? ? TCP? ? 202[.]91[.]161[.]97? ? ? ?22 1? ?01-Nov-2024 05:24:37? ?DENIED? ? ? ? ? ? ? 51[.]68[.]197[.]220 ?58734? ? ? TCP? ? 202[.]91[.]161[.]98? ? ? ?22 2? ?01-Nov-2024 08:48:23? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220 8551? ? ? TCP? ?202[.]91[.]161[.]132? ? ? ?22 3? ?01-Nov-2024 08:53:27? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220 2419? ? ? TCP? ?202[.]91[.]161[.]169? ? ? ?22 4? ?01-Nov-2024 08:58:05? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220 5917? ? ? TCP? 192[.]168[.]200[.]216? ? ? ?22 5? ?01-Nov-2024 08:59:24? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220 ?56858? ? ? TCP? ?202[.]91[.]161[.]132? ? ? ?22 6? ?01-Nov-2024 09:04:23? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220 ?32161? ? ? TCP? ?202[.]91[.]161[.]169? ? ? ?22 7? ?01-Nov-2024 09:17:30? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220 ?33472? ? ? TCP? ?202[.]91[.]161[.]132? ? ? ?22 8? ?01-Nov-2024 09:18:02? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220 ?11282? ? ? TCP? ?202[.]91[.]161[.]132? ? ? ?22 9? ?01-Nov-2024 09:19:00? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220 3727? ? ? TCP? ?202[.]91[.]161[.]132? ? ? ?22 10? 01-Nov-2024 09:20:31? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220 4388? ? ? TCP? ?202[.]91[.]161[.]169? ? ? ?22 11? 01-Nov-2024 09:25:57? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220 6898? ? ? TCP? ?202[.]91[.]161[.]165? ? ? ?22 12? 01-Nov-2024 09:32:06? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220 ?18202? ? ? TCP? ?202[.]91[.]161[.]132? ? ? ?22 13? 01-Nov-2024 09:39:40? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220 ?51142? ? ? TCP? ?202[.]91[.]161[.]132? ? ? ?22 14? 01-Nov-2024 09:45:32? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220 ?46914? ? ? TCP? 192[.]168[.]200[.]216? ? ? ?22 15? 01-Nov-2024 10:40:48? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220 ?60991? ? ? TCP? 192[.]168[.]200[.]216? ? ? ?22 16? 01-Nov-2024 10:42:58? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220 ?42833? ? ? TCP? ?202[.]91[.]161[.]132? ? ? ?22 17? 01-Nov-2024 10:47:13? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220 ?38382? ? ? TCP? ?202[.]91[.]161[.]132? ? ? ?22 18? 01-Nov-2024 10:47:23? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220 ?30596? ? ? TCP? 192[.]168[.]200[.]216? ? ? ?22 19? 01-Nov-2024 10:47:46? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220 ?56767? ? ? TCP? ?202[.]91[.]161[.]185? ? ? ?22 20? 01-Nov-2024 10:52:10? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220 8983? ? ? TCP? ?202[.]91[.]161[.]132? ? ? ?22 21? 01-Nov-2024 10:55:04? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220 ?55684? ? ? TCP? 192[.]168[.]200[.]216? ? ? ?22 22? 01-Nov-2024 10:57:43? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220 ?37003? ? ? TCP? ?202[.]91[.]161[.]185? ? ? ?22 23? 01-Nov-2024 10:58:43? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220 ?10524? ? ? TCP? 192[.]168[.]200[.]216? ? ? ?22 24? 01-Nov-2024 11:01:06? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220 6384? ? ? TCP? ?202[.]91[.]161[.]132? ? ? ?22 25? 01-Nov-2024 11:03:46? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220 6779? ? ? TCP? ?202[.]91[.]161[.]185? ? ? ?22 26? 01-Nov-2024 11:06:05? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220 ?23062? ? ? TCP? 192[.]168[.]200[.]216? ? ? ?22 27? 01-Nov-2024 11:58:01? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220 ?33174? ? ? TCP? ?202[.]91[.]161[.]132? ? ? ?22 28? 01-Nov-2024 11:58:05? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220 ?29422? ? ? TCP? ?202[.]91[.]161[.]132? ? ? ?22 29? 01-Nov-2024 11:58:26? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220 ?53504? ? ? TCP? ?202[.]91[.]161[.]185? ? ? ?22 30? 01-Nov-2024 12:00:03? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220 5898? ? ? TCP? 192[.]168[.]200[.]216? ? ? ?22 31? 01-Nov-2024 12:00:20? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220 ?38324? ? ? TCP? ?202[.]91[.]161[.]185? ? ? ?22 32? 01-Nov-2024 12:00:30? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220 6362? ? ? TCP? ?202[.]91[.]161[.]132? ? ? ?22 33? 01-Nov-2024 12:03:11? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220 ?38581? ? ? TCP? ?202[.]91[.]161[.]132? ? ? ?22 34? 01-Nov-2024 12:05:37? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220 ?43932? ? ? TCP? ?202[.]91[.]161[.]132? ? ? ?22 35? 01-Nov-2024 12:07:27? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220 5141? ? ? TCP? ?202[.]91[.]161[.]185? ? ? ?22 36? 01-Nov-2024 12:08:42? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220 ?56161? ? ? TCP? ?202[.]91[.]161[.]132? ? ? ?22 37? 01-Nov-2024 12:12:26? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220 6269? ? ? TCP? ?202[.]91[.]161[.]132? ? ? ?22 38? 01-Nov-2024 12:14:33? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220 ?164? ? ? TCP? 192[.]168[.]200[.]216? ? ? ?22 39? 01-Nov-2024 12:15:48? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220 ?25787? ? ? TCP? ?202[.]91[.]161[.]185? ? ? ?22 40? 01-Nov-2024 12:16:39? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220 9188? ? ? TCP? ?202[.]91[.]161[.]185? ? ? ?22 41? 01-Nov-2024 12:16:58? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220 ?32317? ? ? TCP? ?202[.]91[.]161[.]132? ? ? ?22 42? 01-Nov-2024 12:22:28? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220 ?21955? ? ? TCP? ?202[.]91[.]161[.]185? ? ? ?22 43? 01-Nov-2024 12:29:50? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220 ?33563? ? ? TCP? ?202[.]91[.]161[.]185? ? ? ?22 44? 01-Nov-2024 12:32:18? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220 ?48519? ? ? TCP? ?202[.]91[.]161[.]132? ? ? ?22 45? 01-Nov-2024 12:33:24? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220 ?42914? ? ? TCP? ?202[.]91[.]161[.]132? ? ? ?22 46? 01-Nov-2024 12:34:07? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220 ?11296? ? ? TCP? ?202[.]91[.]161[.]185? ? ? ?22 47? 01-Nov-2024 12:36:43? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220 6522? ? ? TCP? ?202[.]91[.]161[.]132? ? ? ?22 48? 01-Nov-2024 12:37:55? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220 ?57962? ? ? TCP? ?202[.]91[.]161[.]185? ? ? ?22 49? 01-Nov-2024 12:37:56? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220 ?53189? ? ? TCP? ?202[.]91[.]161[.]132? ? ? ?22 50? 01-Nov-2024 12:39:29? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220 7411? ? ? TCP? 192[.]168[.]200[.]216? ? ? ?22 51? 01-Nov-2024 12:41:51? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220 ?27413? ? ? TCP? 192[.]168[.]200[.]216? ? ? ?22 52? 01-Nov-2024 12:44:00? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220 ?355? ? ? TCP? ?202[.]91[.]161[.]181? ? ? ?22 53? 01-Nov-2024 12:50:35? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220 ?28953? ? ? TCP? ?202[.]91[.]161[.]185? ? ? ?22 54? 01-Nov-2024 12:50:53? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220 ?46927? ? ? TCP? 192[.]168[.]200[.]216? ? ? ?22 55? 01-Nov-2024 12:52:00? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220 ?45122? ? ? TCP? ?202[.]91[.]161[.]185? ? ? ?22 56? 01-Nov-2024 12:55:04? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220 4184? ? ? TCP? ?202[.]91[.]161[.]181? ? ? ?22 57? 01-Nov-2024 12:55:15? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220 ?33245? ? ? TCP? ?202[.]91[.]161[.]185? ? ? ?22 58? 01-Nov-2024 12:57:38? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220 ?50897? ? ? TCP? 192[.]168[.]200[.]216? ? ? ?22 59? 01-Nov-2024 12:58:58? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220 ?35903? ? ? TCP? ?202[.]91[.]161[.]132? ? ? ?22 60? 01-Nov-2024 12:59:35? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220 ?16158? ? ? TCP? 192[.]168[.]200[.]216? ? ? ?22 61? 01-Nov-2024 13:01:40? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220 ?18404? ? ? TCP? ?202[.]91[.]161[.]181? ? ? ?22 62? 01-Nov-2024 13:04:12? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220 ?32885? ? ? TCP? ?202[.]91[.]161[.]181? ? ? ?22 63? 01-Nov-2024 13:05:50? BLOCKED? ? ? ? ? ? ? 51[.]68[.]197[.]220 6316? ? ? TCP? ?202[.]91[.]161[.]132? ? ? ?22
We believe that by working together to resolve this matter swiftly, we can help safeguard the integrity of our networks and prevent any further issues. If you require any additional information or support from our end to facilitate your investigation, please don't hesitate to reach out. Your prompt attention to this matter would be greatly appreciated. We value your expertise and cooperation in resolving this situation effectively. Thank you for your time and consideration. For any corrections/updates, kindly email email- removed@provider[.]com</pre></body></html>
-- end of the technical details --
Your should investigate and fix this problem, as it constitutes a violation to our terms of service.
Please answer to this e-mail indicating which measures you've taken to stop the abusive behaviour.
Cordially,
The OVHcloud Trust & Safety team.
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Message: 2 Date: Mon, 4 Nov 2024 14:30:59 +0100 From: Michael W?chter mwaechter@mac.com To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] Raspberry Pi 4 Message-ID: A709A06F-E27D-40CE-8A9F-43D028277066@mac.com Content-Type: text/plain; charset="utf-8"
Hi all, I?m running a relay on a Pi 4 now for almost 2 years, almost no issues at all. Average CPU load 40 %, average bandwidth 5 MB. Updating to a newer version of tor is a bit tricky.
Rads
Michael
Am 04.11.2024 um 12:40 schrieb jl2238--- via tor-relays <
tor-relays@lists.torproject.org>:
It works. My relay is running on a Raspberry Pi 4B with 4 GB RAM.
Bandwith for the relay is 2 Mbit/s, CPU Load of the relay is about 20 %
Am 02.11.24 um 02:15 schrieb Keifer Bly:
Hi,
So I am wondering, is a Raspberry Pi 4 a recommended device to run a
tor relay on? In terms of traffic load, etc? Thanks.
--Keifer
tor-relays mailing list tor-relays@lists.torproject.org <mailto:tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays@lists.torproject.org