[tor-relays] SSH brute force attempts to connect to my Middle Relay IP address

Santiago santiagorr at riseup.net
Wed Oct 4 07:06:23 UTC 2017


El 04/10/17 a las 08:41, Fr33d0m4all escribió:
> I know, I know about how internet works :) I’ve just simply noted a large increase in SSH brute force attempts in the last two weeks. BTW I don’t have root login enabled and I have two factor authentication on my SSH port (not standard), which is enabled only for a single low privileges user, so there’s no problem. I work for a provider and I manage IPS devices, so I know that it is common to have a large amount of intrusion attempts, I was just wondering if there was some attack against Tor nodes going on since the increase of intrusion attempts in the last few weeks :)
> 
> Best regards,

Also, you could consider pam-abl (auto blacklisting) instead of
fail2ban. Relying on PAM, it doesn't need to process the logs to ban
hosts or users.


More information about the tor-relays mailing list