[tor-relays] SSH brute force attempts to connect to my Middle Relay IP address
Fr33d0m4all
fr33d0m4all at riseup.net
Wed Oct 4 06:41:17 UTC 2017
I know, I know about how internet works :) I’ve just simply noted a large increase in SSH brute force attempts in the last two weeks. BTW I don’t have root login enabled and I have two factor authentication on my SSH port (not standard), which is enabled only for a single low privileges user, so there’s no problem. I work for a provider and I manage IPS devices, so I know that it is common to have a large amount of intrusion attempts, I was just wondering if there was some attack against Tor nodes going on since the increase of intrusion attempts in the last few weeks :)
Best regards,
Fr33d0m4All
> Il giorno 04 ott 2017, alle ore 08:35, Gareth Llewellyn <gareth at networksaremadeofstring.co.uk> ha scritto:
>
> -------- Original Message --------
> On 4 Oct 2017, 07:02, Fr33d0m4all < fr33d0m4all at riseup.net> wrote: Hi, My Tor middle relay public IP address is victim of SSH brute force connections’ attempts
>
> Welcome to the Internet!
>
> Any Internet connected machine will be port scanned, vuln probed, brute forced, blindly hit with ancient "1 shot" exploits (think wordpress plugins) and trawled for include vulnerabilities (e.g. ?file=../../../etc/passwd ) on a daily basis.
>
> It's not normally something to worry about.
>
> Disable root login, enable certificate authentication and if you feel particularly strongly about the log noise firewall off TCP/22 or move sshd to a high numbered port.
More information about the tor-relays
mailing list