[tor-relays] Tor node break-in attempts
Josef Stautner
hello at veloc1ty.de
Thu Oct 22 19:29:06 UTC 2015
Hi LB,
SSH attacks happen 24/7 and are just stupid brute force mostly without
any reason.
You already setted up key auth and hopefully disabled password auth.
You can block brute force by setting up a log watcher like fail2ban.
That application follows the auth.log file on your server and adds an
iptables rules to drop the traffic from the attacker.
~Josef
Am 22.10.2015 um 21:13 schrieb Larry Brandt:
> Hello,
> I need some advise on a situation new to me. I operate a VPS exit
> node in Romania, a VPS guard node in the Czech Republic, a middle node
> and bridge in the US. All are SSH public key authentication protocol
> 2. Over the last 5 weeks all of these servers have been under attack
> by IPs in the range 43.229.52.00 to 43.229.55.255. Maybe 24 different
> IP addresses. I have contacted the operator in Hong Kong on four
> different occasions but I've received no relief from the attempted
> attacks nor have they communicated back to me--as I have requested.
> Attack counts are in the 100,000s.
> I have no personal information stored on any of these servers--only
> public info via Tor is available. And then, how the hell did they get
> the address of my bridge?
> I see break-in attempts all the time but never at this volume. The
> break-in attempts have been thwarted to date and will probably remain
> so. But I find the situation disconcerting and irritating.
> Should I ignore these efforts? Should I send abuse reports to
> someone? Who? Any sage advice out there?
> Did I give away any secure info just now? lol
> LB
>
>
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
More information about the tor-relays
mailing list