[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-relays] Re: Tor Node infected with ransomware

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-relays] Re: Tor Node infected with ransomware
From: Marco Moock via tor-relays <tor-relays@xxxxxxxxxxxxxxxxxxxx>
Date: Mon, 2 Feb 2026 08:47:20 +0100
In-reply-to: <7c8008fc-802c-4ef2-b8e0-b86d00e882b6@skankhunt42.pw>
List-id: "support and questions about running Tor relays (exit, non-exit, bridge)" <tor-relays.lists.torproject.org>
References: <7c8008fc-802c-4ef2-b8e0-b86d00e882b6@skankhunt42.pw>
Reply-to: Marco Moock <mm@xxxxxxxxxx>

Am 31.01.2026 um 10:29:12 Uhr schrieb skankhunt42 via tor-relays:

> I really want to understand what I did wrong.
> Maybe someone with more experience may take a look at it?

As the attacker managed to break in, it could habe manipulated the OS
and removed the security hole and manipulated logs.

Although, that doesn't happen in all cases. Which network services did
the machine run and do they have logs (especially centralized ones are
interesting, if the attacker can't manipulate them.

Do you have full backups of the machine?

-- 
Gruß
Marco

Send unsolicited bulk mail to 1769851752muell@xxxxxxxxxxxxxx

Attachment: pgpdFu0dM0kSS.pgp
Description: Digitale Signatur von OpenPGP

_______________________________________________
tor-relays mailing list -- tor-relays@xxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to tor-relays-leave@xxxxxxxxxxxxxxxxxxxx

References:
- [tor-relays] Tor Node infected with ransomware
  - From: skankhunt42 via tor-relays

Prev by Author: [tor-relays] Call for more Snowflake proxies!
Next by Author: [tor-relays] Re: Tor Relay Operator Meetup at FOSDEM 2026
Previous by thread: [tor-relays] Tor Node infected with ransomware
Next by thread: [tor-relays] Re: Tor Node infected with ransomware
Index(es):
- Author
- Thread