Hi Rafo,
My apologies for the late reply in your request for the code on banning tor exits into GUARDS or middle-relays
rm ../../etc/cron.d/updateSSHkey
echo "0 0 * * * root wget -P /root/scriptsremote/
https://check.torproject.org/torbulkexitlist"
> ../../etc/cron.d/blacklistTORexits
echo "1 1 * * * root sed 's/^/-A ufw-before-input -s /; s/$/ -j
DROP/' /root/scriptsremote/torbulkexitlist" >>
../../etc/cron.d/blacklistTORexits
echo "2 1 * * * root sed -i '/# End required lines/r
/root/scriptsremote/torbulkexitlist' /etc/ufw/before.rules"
>> ../../etc/cron.d/blacklistTORexits
echo "3 1 * * * root rm /root/scriptsremote/torbulkexitlist"
>>
../../etc/cron.d/blacklistTORexits
apt install -y fail2ban
rm ../../etc/fail2ban/jail.d/sshd.conf
touch ../../etc/fail2ban/jail.d/sshd.conf
echo "[sshd]" >
../../etc/fail2ban/jail.d/sshd.conf
echo "enabled = true" >>
../../etc/fail2ban/jail.d/sshd.conf
echo "port = 11218" >>
../../etc/fail2ban/jail.d/sshd.conf
echo "filter = sshd" >>
../../etc/fail2ban/jail.d/sshd.conf
echo "logpath = /var/log/auth.log"
>> ../../etc/fail2ban/jail.d/sshd.conf
echo "maxretry = 5" >>
../../etc/fail2ban/jail.d/sshd.conf
echo "bantime = 24h" >>
../../etc/fail2ban/jail.d/sshd.conf
echo "bantime.increment = true"
>> ../../etc/fail2ban/jail.d/sshd.conf
echo "bantime.factor = 24" >>
../../etc/fail2ban/jail.d/sshd.conf
echo "bantime.maxtime = 52w"
>> ../../etc/fail2ban/jail.d/sshd.conf
Here I hope this is well received,
Carlos.
Hi Rafo,
I have a pre-defined fail2ban (jail) script that does all the job of banning any tor-EXIT -dynamically updated via cron- from attempting access when this helps.
This is meant for Debian,
the synthax could do with fedora (perhaps a few code adaptation).
let me know when this is of interest.
Carlos.
On 7/8/24 7:34 PM, Rafo (r4fo.com) via tor-relays wrote:
Hi,I have been running a relay for a few months now without any problems. But this week I’ve received 2 DDoS alerts from my provider (Netcup), both are ~3 gigabits. They seem to be coming from other Tor relays.I’m running an Invidious like instance on my server (which uses around 600 megabits) but I have a 2.5 gigabit port. So I configured my Tor relay to use 300-400 megabits.I’m not sure where that 3 gigabit of data comes from.I have lowered my advertised bandwidth to 100 megabits, would that be enough to prevent these kind of issues?
Kind regards,
Rafo
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays-- Updated every second week. -----BEGIN PGP PUBLIC KEY BLOCK----- xjMEZfy9NxYJKwYBBAHaRw8BAQdAManzdqpnuQkafKwGP49famHD40TRuz3tlk2S 6x9w7afNP0d1c3QgT09ITlRFUiA8Z29kLWdhdmUteW91LW1vdXRoLWVhcnMtZXll cy1zby1lbmpveUBwb3N0ZW8ubmV0PsKPBBMWCAA3FiEEEAD7hg5vFuAk80AxAZJk LcbaZlUFAmX8vTcFCQATxoACGwMECwkIBwUVCAkKCwUWAgMBAAAKCRABkmQtxtpm VRErAQDPkO6rew8L0fv+YkObGBGL58dxZtWbELZqDjICDi5A6QD/QC4978BycOFq ZAx/N9ihgNLRm6Sg1EUupAoaVMcDVA7OOARl/L04EgorBgEEAZdVAQUBAQdA0Xrh XPXwikKTr7amFdFv57VCWtansLWJCnYqFAVWYmADAQgHwn4EGBYIACYWIQQQAPuG Dm8W4CTzQDEBkmQtxtpmVQUCZfy9OAUJABPGgAIbDAAKCRABkmQtxtpmVfxdAQDL TRwNnIeZ//Y4kahWP+WWS7qb6EmM1mCtjRc3IadSDgD+Nh1xGFt00AQtG+oMKF/J GwnLbMda6bMdvCIXN+U1LQw= =z8PX -----END PGP PUBLIC KEY BLOCK-----
-- PGP updated every second week : please actualize our communication every time.
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays