[tor-relays] Tor node break-in attempts

Josef Stautner hello at veloc1ty.de
Thu Oct 22 19:29:06 UTC 2015

Hi LB,

SSH attacks happen 24/7 and are just stupid brute force mostly without
any reason.
You already setted up key auth and hopefully disabled password auth.

You can block brute force by setting up a log watcher like fail2ban.
That application follows the auth.log file on your server and adds an
iptables rules to drop the traffic from the attacker.


Am 22.10.2015 um 21:13 schrieb Larry Brandt:
> Hello,
> I need some advise on a situation new to me.  I operate a VPS exit
> node in Romania, a VPS guard node in the Czech Republic, a middle node
> and bridge in the US.  All are SSH public key authentication protocol
> 2.  Over the last 5 weeks all of these servers have been under attack
> by IPs in the range to Maybe 24 different
> IP addresses.  I have contacted the operator in Hong Kong on four
> different occasions but I've received no relief from the attempted
> attacks nor have they communicated back to me--as I have requested. 
> Attack counts are in the 100,000s.
> I have no personal information stored on any of these servers--only
> public info via Tor is available.  And then, how the hell did they get
> the address of my bridge?
> I see break-in attempts all the time but never at this volume.  The
> break-in attempts have been thwarted to date and will probably remain
> so.  But I find the situation disconcerting and irritating.
> Should I ignore these efforts?  Should I send abuse reports to
> someone?  Who?  Any sage advice out there?
> Did I give away any secure info just now?  lol
> LB
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

More information about the tor-relays mailing list