[tor-relays] DDOS alerts from my provider
eff_03675549 at posteo.se
eff_03675549 at posteo.se
Thu Aug 8 20:20:35 UTC 2024
Hi Rafo,
My apologies for the late reply in your request for the code on banning
tor exits into *GUARDS or middle-relays*
*
*
*
*
rm ../../etc/cron.d/updateSSHkey
echo "0 0 * * * root wget -P /root/scriptsremote/
https://check.torproject.org/torbulkexitlist" >
../../etc/cron.d/blacklistTORexits
echo "1 1 * * * root sed 's/^/-A ufw-before-input -s /; s/$/ -j DROP/'
/root/scriptsremote/torbulkexitlist" >>
../../etc/cron.d/blacklistTORexits
echo "2 1 * * * root sed -i '/# End required lines/r
/root/scriptsremote/torbulkexitlist' /etc/ufw/before.rules" >>
../../etc/cron.d/blacklistTORexits
echo "3 1 * * * root rm /root/scriptsremote/torbulkexitlist"
>> ../../etc/cron.d/blacklistTORexits
apt install -y fail2ban
rm ../../etc/fail2ban/jail.d/sshd.conf
touch ../../etc/fail2ban/jail.d/sshd.conf
echo "[sshd]" >
../../etc/fail2ban/jail.d/sshd.conf
echo "enabled = true" >>
../../etc/fail2ban/jail.d/sshd.conf
echo "port = 11218" >>
../../etc/fail2ban/jail.d/sshd.conf
echo "filter = sshd" >>
../../etc/fail2ban/jail.d/sshd.conf
echo "logpath = /var/log/auth.log" >> ../../etc/fail2ban/jail.d/sshd.conf
echo "maxretry = 5" >>
../../etc/fail2ban/jail.d/sshd.conf
echo "bantime = 24h" >>
../../etc/fail2ban/jail.d/sshd.conf
echo "bantime.increment = true" >> ../../etc/fail2ban/jail.d/sshd.conf
echo "bantime.factor = 24" >>
../../etc/fail2ban/jail.d/sshd.conf
echo "bantime.maxtime = 52w" >> ../../etc/fail2ban/jail.d/sshd.conf
Here I hope this is well received,
Carlos.
On 7/10/24 1:19 AM, god-gave-you-mouth-ears-eyes-so-enjoy at posteo.net wrote:
>
> Hi Rafo,
>
>
> I have a pre-defined fail2ban (jail) script that does all the job of
> banning any tor-EXIT -dynamically updated via cron- from attempting
> access when this helps.
>
> This is meant for Debian,
>
> the synthax could do with fedora (perhaps a few code adaptation).
>
> let me know when this is of interest.
>
>
> Carlos.
>
> On 7/8/24 7:34 PM, Rafo (r4fo.com) via tor-relays wrote:
>> Hi,
>> I have been running a relay for a few months now without any
>> problems. But this week I’ve received 2 DDoS alerts from my provider
>> (Netcup), both are ~3 gigabits. They seem to be coming from other Tor
>> relays.
>> I’m running an Invidious like instance on my server (which uses
>> around 600 megabits) but I have a 2.5 gigabit port. So I configured
>> my Tor relay to use 300-400 megabits.
>> I’m not sure where that 3 gigabit of data comes from.
>> I have lowered my advertised bandwidth to 100 megabits, would that be
>> enough to prevent these kind of issues?
>>
>>
>> Kind regards,
>> Rafo
>>
>>
>> _______________________________________________
>> tor-relays mailing list
>> tor-relays at lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> --
> Updated every second week.
>
> -----BEGIN PGP PUBLIC KEY BLOCK-----
>
> xjMEZfy9NxYJKwYBBAHaRw8BAQdAManzdqpnuQkafKwGP49famHD40TRuz3tlk2S
> 6x9w7afNP0d1c3QgT09ITlRFUiA8Z29kLWdhdmUteW91LW1vdXRoLWVhcnMtZXll
> cy1zby1lbmpveUBwb3N0ZW8ubmV0PsKPBBMWCAA3FiEEEAD7hg5vFuAk80AxAZJk
> LcbaZlUFAmX8vTcFCQATxoACGwMECwkIBwUVCAkKCwUWAgMBAAAKCRABkmQtxtpm
> VRErAQDPkO6rew8L0fv+YkObGBGL58dxZtWbELZqDjICDi5A6QD/QC4978BycOFq
> ZAx/N9ihgNLRm6Sg1EUupAoaVMcDVA7OOARl/L04EgorBgEEAZdVAQUBAQdA0Xrh
> XPXwikKTr7amFdFv57VCWtansLWJCnYqFAVWYmADAQgHwn4EGBYIACYWIQQQAPuG
> Dm8W4CTzQDEBkmQtxtpmVQUCZfy9OAUJABPGgAIbDAAKCRABkmQtxtpmVfxdAQDL
> TRwNnIeZ//Y4kahWP+WWS7qb6EmM1mCtjRc3IadSDgD+Nh1xGFt00AQtG+oMKF/J
> GwnLbMda6bMdvCIXN+U1LQw=
> =z8PX
> -----END PGP PUBLIC KEY BLOCK-----
--
PGP updated every second week : please actualize our communication every time.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20240808/257c8b10/attachment.htm>
More information about the tor-relays
mailing list