[tor-relays] SSH scans from Tor exit

s7r at sky-ip.org s7r at sky-ip.org
Mon Apr 28 22:47:58 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 4/29/2014 1:31 AM, I wrote:
> One VPS company has just asserted that SSH scans are being run from
> my Tor exit rather than another process on the VPS. Is this
> happening to anyone else? Does anyone know what can be done to stop
> it?
> 
> Robert
> 
> 
> _______________________________________________ tor-relays mailing
> list tor-relays at lists.torproject.org 
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 


Could you explain with more details? Your question is not totally clear.

If your VPS is being SSH brute forced there are many ways to protect:
- - make hostbased authentication or use keys instead of password-based
authentication
- - install fail2ban to ban IPs after "x" wrong passwords
- - make sure you put a very strong password, seriously
- - disable root login via ssh
- - if you have a VPS made with KVM you can disable SSH access at all
and use the javaconsole from the VPS panel?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)

iQEcBAEBCAAGBQJTXtqcAAoJEIN/pSyBJlsRyu4IAMsD1fsZeqZsMuQhCgQ2bDfW
M6rSKQjjCDXbI37W6w153rEZkSrA6cxh40t7PkcyhuWDXSSZTi/CfY2r5AzRNBxk
CKNrKioPVU28PETqJLo/8aOcmRFVZAgUYXpUwDnMCqOOW7Lun71UOzgAbyNdcOaa
ogECDzC92lkrGvN7ofy64NeBnyZ82DysNBUss1BxQ1bX5prnlSznY/0OgxYsBwsS
UCFCZ3tmcf905b7esibYinwtLlXG9Oc8PdTaBH+JV64s+m+J5DTLK6zRqDiaIpDJ
TqOQF3ALAYijDvJ+eO5JHY0whqMAWDFC6pRBDyAsok9D5AA1bkJtEXlFPe/8NLM=
=UukK
-----END PGP SIGNATURE-----


More information about the tor-relays mailing list