[tor-relays] significant rise in fail2ban alerts for ssh abuse
Dirk
tor-relay.dirk at o.banes.ch
Thu Aug 10 20:34:03 UTC 2017
Hello,
maybe I expressed it wrong. We are quite used to the usual abuse mails
based on ssh brute forcing since we have several years of operation with
several exits out of Switzerland.
The astonishing thing is that now every one seems to have an Fail2Ban
configuration which does automatic abuse response to the abuse box and
the network operator abuse address.
I rather think this is driven by a software release which does a lot of
this automatic or semi automatic. And I would like to find the
maintainer and convince him only to write to the offical abuse email
address than additionally to the network operator.
Any hint where this improved fail2ban config comes from is welcome.
best regards
Dirk
On 10.08.2017 22:15, Keepyourprivacy wrote:
> I can‘t talk about the source, but there are indeed more and more
> script kiddies out there who use Tor or VPNs just to test around. They
> hook up Linux Kali and thinking they are becoming the next big hacker.
> I‘ve read from another provider which supports tor exit, that they
> only accept exits if mail, irc and ssh ports are blocked, because they
> are the biggest vectors for abuse messages. So i guess you are not
> alone...
>
>
>
>
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
More information about the tor-relays
mailing list