[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] SSH scans from Tor exit

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] SSH scans from Tor exit
From: I <beatthebastards@xxxxxxxxx>
Date: Mon, 28 Apr 2014 16:28:25 -0800
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 28 Apr 2014 20:28:38 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; q=dns/txt; d=inbox.com; s=s1; h=mime-version:date:message-id:subject:from:to:content-type; bh=x/4AOBw/vLTgWlpBc42+U2ssvdwn/rCJmH6ilH3y6PM=; b=G9trwaOgP6O7gl1wXrI/WD79kYaFe1OlBEZEJ46YNXhapQquCpP+gFRL8mZw7M95ZLZV gVtLrsfQNp333AjhsZVld8q3Gl1cp4V72IJ9qmc2TNWUjCU7/zT3h45J0d8/fEPHt8MZbw bpMhxBIxQcM2/67cTvVFj9Wnh5LzogdUc=
Domainkey-signature: q=dns; a=rsa-sha1; c=nofws; d=inbox.com; s=s1; h=mime-version:date:message-id:from:subject:to:content-type; b=vcodwGCUChzXmtZ1C/SZBGLyd0WRaONaE5U+DWeVL029lg+H8OR4sfggb4xtbtUlPbfb goVgtNTv5iZ94SnqP6jVMhTATykMosTeon3r7KEmUYB9Gv7/WcFf9JLhbjbRRSthO/u8NV qqvvQZEonN5ASc/ZnYY4d4u/kMk8hnmJw=
In-reply-to: <535EDA9E.7000402@xxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <105aeadd2d5.00000a7dbeatthebastards@xxxxxxxxx>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

I first thought that the numerous complaints of my VPS being the source of the SSH (outgoing) attacks was that I hadn't done the things you suggested below and been 'hacked' but now one VPS business has looked at the VPS processes and said it must be coming out of Tor as I run an exit.

So I am asking whether this is rare or am I not doing something which others are doing?
Is it just a matter of removing SSH from the already long list of port limitations?

Robert
 
> Could you explain with more details? Your question is not totally clear.
> 
> If your VPS is being SSH brute forced there are many ways to protect:
> - - make hostbased authentication or use keys instead of password-based
> authentication
> - - install fail2ban to ban IPs after "x" wrong passwords
> - - make sure you put a very strong password, seriously
> - - disable root login via ssh
> - - if you have a VPS made with KVM you can disable SSH access at all
> and use the javaconsole from the VPS panel?


_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] SSH scans from Tor exit
  - From: Zack Weinberg

References:
- Re: [tor-relays] SSH scans from Tor exit
  - From: s7r@xxxxxxxxxx

Prev by Author: [tor-relays] SSH scans from Tor exit
Next by Author: Re: [tor-relays] SSH scans from Tor exit
Previous by thread: Re: [tor-relays] SSH scans from Tor exit
Next by thread: Re: [tor-relays] SSH scans from Tor exit
Index(es):
- Author
- Thread