[tor-relays] Tor stop / reboot by itself + weird logs (hacking?)
David Strappazon
david.strappazon at protonmail.com
Wed Nov 6 18:44:58 UTC 2019
Hello everyone,
i'm running a bridge on a raspberry Pi 3B+ on Kali Linux.
Everything looks fine but after checking the logs i noticed that the service rebooted by itself in the middle on the night:
Nov 06 03:51:09.000 [notice] Interrupt: we have stopped accepting new connections, and will shut down in 30 seconds. Interrupt again to exit now.
Nov 06 03:51:10.000 [notice] Delaying directory fetches: We are hibernating or shutting down.
Nov 06 03:51:39.000 [notice] Clean shutdown finished. Exiting.
etc...
Then after that, it works again (will check tonight /tomorrow if it reboots again).
I'm trying to find why it is rebooting but without success. I checked all logs possible and also notice this in journalctl -xe:
nov. 06 19:37:58 kali-pi sshd[15920]: Failed password for root from XXXXX port 37494 ssh2
nov. 06 19:38:03 kali-pi sshd[15920]: Failed password for root from XXXX port 37494 ssh2
nov. 06 19:38:08 kali-pi sshd[15920]: Failed password for root from XXXXX port 37494 ssh2
nov. 06 19:38:13 kali-pi sshd[15920]: Failed password for root from XXXXX port 37494 ssh2
nov. 06 19:38:18 kali-pi sshd[15920]: Failed password for root from XXXXX port 37494 ssh2
nov. 06 19:38:18 kali-pi sshd[15920]: error: maximum authentication attempts exceeded for root from 21>
nov. 06 19:38:18 kali-pi sshd[15920]: Disconnecting authenticating user root 2XXXX port 37494: >
nov. 06 19:38:18 kali-pi sshd[15920]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ss>
nov. 06 19:38:18 kali-pi sshd[15920]: PAM service(sshd) ignoring max retries; 6 > 3
nov. 06 19:38:21 kali-pi sshd[15950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid>
nov. 06 19:38:22 kali-pi sshd[15953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid>
nov. 06 19:38:23 kali-pi sshd[15950]: Failed password for root from XXXX port 64786 ssh2
nov. 06 19:38:23 kali-pi sshd[15953]: Failed password for root from XXXXX port 6739 ssh2
There's two different IP that i don't know. A whois says it's a Chinese provider...
Should i consider that someone is trying to break into my home network?
Sent with [ProtonMail](https://protonmail.com) Secure Email.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20191106/0d17fc05/attachment.html>
More information about the tor-relays
mailing list