[tor-relays] Tor node break-in attempts
lbrandt at cni.net
Thu Oct 22 19:13:00 UTC 2015
I need some advise on a situation new to me. I operate a VPS exit node
in Romania, a VPS guard node in the Czech Republic, a middle node and
bridge in the US. All are SSH public key authentication protocol 2.
Over the last 5 weeks all of these servers have been under attack by IPs
in the range 43.229.52.00 to 188.8.131.52. Maybe 24 different IP
addresses. I have contacted the operator in Hong Kong on four different
occasions but I've received no relief from the attempted attacks nor
have they communicated back to me--as I have requested. Attack counts
are in the 100,000s.
I have no personal information stored on any of these servers--only
public info via Tor is available. And then, how the hell did they get
the address of my bridge?
I see break-in attempts all the time but never at this volume. The
break-in attempts have been thwarted to date and will probably remain
so. But I find the situation disconcerting and irritating.
Should I ignore these efforts? Should I send abuse reports to someone?
Who? Any sage advice out there?
Did I give away any secure info just now? lol
More information about the tor-relays