[tor-relays] Tor stop / reboot by itself + weird logs (hacking?)
niftybunny
abuse-contact at to-surf-and-protect.net
Thu Nov 7 10:16:20 UTC 2019
100% normal. Pick a strong pw or an SSH key and you are fine.
> On 6. Nov 2019, at 19:44, David Strappazon <david.strappazon at protonmail.com> wrote:
>
> Hello everyone,
>
> i'm running a bridge on a raspberry Pi 3B+ on Kali Linux.
>
> Everything looks fine but after checking the logs i noticed that the service rebooted by itself in the middle on the night:
>
> Nov 06 03:51:09.000 [notice] Interrupt: we have stopped accepting new connections, and will shut down in 30 seconds. Interrupt again to exit now.
> Nov 06 03:51:10.000 [notice] Delaying directory fetches: We are hibernating or shutting down.
> Nov 06 03:51:39.000 [notice] Clean shutdown finished. Exiting.
> etc...
>
> Then after that, it works again (will check tonight /tomorrow if it reboots again).
>
> I'm trying to find why it is rebooting but without success. I checked all logs possible and also notice this in journalctl -xe:
>
> nov. 06 19:37:58 kali-pi sshd[15920]: Failed password for root from XXXXX port 37494 ssh2
> nov. 06 19:38:03 kali-pi sshd[15920]: Failed password for root from XXXX port 37494 ssh2
> nov. 06 19:38:08 kali-pi sshd[15920]: Failed password for root from XXXXX port 37494 ssh2
> nov. 06 19:38:13 kali-pi sshd[15920]: Failed password for root from XXXXX port 37494 ssh2
> nov. 06 19:38:18 kali-pi sshd[15920]: Failed password for root from XXXXX port 37494 ssh2
> nov. 06 19:38:18 kali-pi sshd[15920]: error: maximum authentication attempts exceeded for root from 21>
> nov. 06 19:38:18 kali-pi sshd[15920]: Disconnecting authenticating user root 2XXXX port 37494: >
> nov. 06 19:38:18 kali-pi sshd[15920]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ss>
> nov. 06 19:38:18 kali-pi sshd[15920]: PAM service(sshd) ignoring max retries; 6 > 3
> nov. 06 19:38:21 kali-pi sshd[15950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid>
> nov. 06 19:38:22 kali-pi sshd[15953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid>
> nov. 06 19:38:23 kali-pi sshd[15950]: Failed password for root from XXXX port 64786 ssh2
> nov. 06 19:38:23 kali-pi sshd[15953]: Failed password for root from XXXXX port 6739 ssh2
>
> There's two different IP that i don't know. A whois says it's a Chinese provider...
>
> Should i consider that someone is trying to break into my home network?
>
>
>
> Sent with ProtonMail <https://protonmail.com/> Secure Email.
>
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20191107/3b4b611f/attachment.html>
More information about the tor-relays
mailing list