[tor-relays] Receiving abuse reports for Non-Exit Relay

Chris Enkidu-6 tor at wcbsecurity.com
Fri Jul 28 01:42:34 UTC 2023 

As others have mentioned, this does not look like a Tor issue to me. It
more seems like a compromised or misconfigured server.

You mentioned you reinstalled the OS. Did you use the same root
password? My suggestion is that you go about this step by step. First
reinstall the OS with a different root password and no additional
software or configuration. Wait to see if you get any abuse reports. The
next step, install Tor and wait to see if you get an abuse report. And
the last step would be installing any additional packages that you might
be currently using for anything else if any.

This method could narrow down the cause.



On 7/23/2023 6:07 PM, John Crow via tor-relays wrote:
> Hello all,
>
> In the past 24 hrs, I have been receiving complaints from my hosting
> provider that they're receiving hundreds of abuse reports related to
> port scanning. I have no clue why I'm all of the sudden receiving
> abuse reports when this non-exit relay has been online for months
> without issues. In addition, I have other non-exit relays hosted by
> the same provider with no issues and more across other providers.
>
> I proceeded to reinstall the OS and reconfigure Tor.  I was then
> quickly notified by my hosting provider again of more abuse reports
> all showing port 22 as target port.
>
> I have not changed my torrc at all and it's still setup as a non-exit
> relay. No other applications/services were installed alongside Tor.
> Tor Metrics does not show the relay as Exit either.
>
> It feels like Tor Exit Traffic is leaking through my non-exit relay?
>
> Has anyone else experienced any behavior similar to this? Any ideas on
> how to fix or prevent this?
>
> prsv admin
>
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20230727/b956c19d/attachment-0001.htm>

More information about the tor-relays mailing list