[tor-relays] 7 relays gone because of spammers
ZEROF
security at netmajstor.com
Thu Feb 26 02:42:31 UTC 2015
Hi man,
I will try to explain you how things got in wrong direction for you. OVH
don't lie, but they don't have best support that you can find around.
Anyway. Last 15-25 days a lot of attacks was made on French ISP's and
attacker used Tor IP list to do one part of his sick idea. One of my nodes
"in my home" was infected as well. As Linux devs need some time to patch
packages that make us vulnerable, we are just attack objects to them. In my
case they used exim4 security issue, and as this sh.. comes preinstalled
with server ISO i didn't even look to it.
Your are victim of same thing I guess. Classic server side infection from
some bot net. Better question is what you can do to protect your servers in
the future.
1. Allow logging to your server from one country or IP, for that i use
geoip : http://www.axllent.org/docs/view/ssh-geoip/
2. Add simple 2 min settings to fail2ban:
https://www.digitalocean.com/community/tutorials/how-to-protect-ssh-with-fail2ban-on-centos-6
(this settings can be used on debian as well etc.)
3. Remove ssh password logins from your servers, use only keys
4. Setup honey-pot on your server and play their game (10-15 job):
http://linuxdrops.com/how-to-set-up-a-honeypot-using-smart-and-simple-artillery-debian-6-0/
In the future I will write ansible play-book for this, or some bash or
python script to do this on every server i use for Tor nodes.
I run one exit node from 2014 with OVH cloud (runabove) and thanks to all
security measures I made (using some firewall setting as well) i don't have
issue with them, and they respect that i take care about my servers
security.
Try same and you will see. Block port 25 as well.
On 26 February 2015 at 02:35, I <beatthebastards at inbox.com> wrote:
> OVH says no to Tor exits openly doesn't it?
>
> > Quote:
> > "Rest assure that, in case of an abuse, we will not terminate your
> > account without notice. In fact we may not even terminate your VPS. You
> > will receive a warning from our Abuse department giving you a choice to
> > resolve the abuse case"
> >
> > Has OVH contacted you before because of an abuse complaint?
> >
> >
>
>
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
--
http://www.backbox.org
http://www.pentester.iz.rs
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20150226/334d3234/attachment.html>
More information about the tor-relays
mailing list