[tor-relays] SSH login attempts

arisbe arisbe at cni.net
Tue Sep 4 18:22:27 UTC 2018


Hello Marcus,

On an ongoing basis, most of my relays get up to 4000 attempts each 
day.  It's standard practice I guess!  Many, many are from just a few IP 
addresses.  The rest are just a few per IP address. Occasionally, I will 
go beyond the fail2ban "ban" and block an IP address in iptables  via 
ufw.  I then unblock that IP address in a week or two.  I set fail2ban 
for long blocks maybe up to 12 hours (43000-seconds).

So, harden your operating system as best you can.  SSH works but disable 
the password entry, X11, etc. if possible.  This is always safe if your 
provider has a dashboard for you to use as a secondary access to the 
server.  I change my SSH port number but that only slows the 
professionals my minutes or seconds.  Remember to change the fail2ban 
SSH port number if you do that.  Your host provider should have DDoS 
protection for his/her entire plant.

And don't sweat it!  Learn from the experiences.


On 9/4/2018 5:35 AM, Marcus Wahle wrote:
> Dear all,
>
> Since 14:00 my logs (middle node) are spamed with around 100 faild ssh login attemps from different ips.
> Is there anybody else affected?
>
> Best regards
> Marcus
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

-- 
One person's moral compass is another person's face in the dirt.



More information about the tor-relays mailing list