[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Relay failed logins

To: tor-relays@xxxxxxxxxxxxxxxxxxxx,Olaf Grimm <jeep665@xxxxxxxxx>
Subject: Re: [tor-relays] Relay failed logins
From: Spiros Andreou <mail@xxxxxxxxx>
Date: Sat, 24 Feb 2018 19:54:42 +0000
Autocrypt: addr=mail@xxxxxxxxx; keydata=mQINBFb24v4BEACpflA5cP3AeJ0/DFU+osLG tbBaZJRv//lT9x7KammzFCuCYa/lnpTHV1IdTkBD7XCl73JKD589XP7fNQOug6prW/u7tGEomEn4 1t5S3PiyfrTAw9RDI7J3PsrpWKqNEShCHskWVD3l+ov3ghkaHIWYLdSdW5cLYiR3inV+pGjkvVej ZK0gXk8e23IUSII34eQwO8E4ClhTdNLY/AECJd5wcuS43M6xWxvUjp39ORoNOrZU7c0Y/E4iiIMj TlimlG29s2DnEtL8uBvCfS/m4fojdghJ3O4Hu+2JB1M2kCKFv3cFvYzq47X7m9azZU2o2hGOsHjV JVlfggHRt2p6Cb9mX0di9NQeDLPK2r5/PVvJLd2yGA8NoXDHkNgKXxXVaJSC32ciZQabgq+yDt9P xIrKV5/W+R/tNhlNFI8XuSPyZ13vU5SjBxvRxjijsKZNSIDJ3ZjIbtUORZWA/wrfopWoRKvCDsfC tc+th6K1ujTGQhvZVNuoYxVQq3yc4yYWQMjU/tqLVZogOoCZHb64VqSitMfyBCGXHMj1fMIB3fYW mjYAWQ6V2k/Tgl9qpobAXc83hu6WLzo0T3xHDw54K23RYJl3FydbwW4QPyR54K8W08eYKjXrFuZy KCYLlUhQP746ytYpfnAw88BkPWkHJ1FI+Xk1cnpdQkAYy67rfvTB2wARAQABtB9TcGlyb3MgQW5k cmVvdSA8bWFpbEBzcGlyb3MuaW8+iQI9BBMBCgAnBQJW9uL+AhsDBQkHhh+ABQsJCAcDBRUKCQgL BRYCAwEAAh4BAheAAAoJEKEqExl9U8qmrSoP/2FgIPh49z7dUmOyM/gcmnUIYOnKikbGEUVxZ7uw mVl9fUtamghkwNUEjeXjmDbQX5+wNwBo7JcIF9lbgK1dEXBSELWzAvQr7MHqNkdnLb4CNExWR6Nc F81ZMu5jbTQ8/CuChrYJjTWqxTC7hzSdx0Rm0bQB+IA+7M0ect37e3yVoQBEsDuVjicW2rkIGPgh 4vUNrwUmxF/AV3Svk+84XGNuKTHEotgcnT9MCxtWiV6V7itkpBGpHfBIxwe2nKtEu1kQOhlgNdZl 13d51gqdp5dnp8oRGhdhvmt2Lcn1QaxTFoAOQZ1gBIfFFei9Z6MV89pYBmH08U4J17ofgdB35krl onxN+kHUU7niEvcX/xpr0kC4Y1UB5u8eeoHZSKBu3sVcTjvNiRB4tYIK+eFXpRPPGKs0iwkf9AoW QpMwOU0u52cHhKjmCcefPqN0xM4NFxZdETAEm8bNE0lDcbLhYUNw9n8XCTMXCmR6zH4D1824Lsqm HnJCSOvkVflzcfSUVp6vZ1VTo2UvE/TNIORgLBlvvv7jLhU67r36xWTz+smxelepprQbnhvCCrY2 +PWhiwcwLY9vY/vvrFq/33Lz6CPBoCovklLbgGoISC2M4p1OugQkADN3649/F0azpJHhbDgcfmxd PUaxuXKKVMMWcJjYw0aIo2Ckg4UZDIlmRoK1uQINBFb24v4BEACctWIX+SGWAvpxFuw9nFbHvXbJ cYfKPbUsuA5sKIhR0EzwtdSpDR21COTyyFVvD56UTOFJmiqNVNOMmDGnwDb5EqdMbOvH9Ez6N/RP HXl7WlbGSDWOlTu7qEAtKUy3QOdFDIaWagnfeodqoTUtVNUpVqsAOkdAUJ+UMmeTzxxDBx0g6wGq usZTJR1LqqhUfEJ6dQB9rWEt6mb2vJydLH4chv8SAlBXEbpFH2eC/0VQIaa9+1EnkRBe9vpPwKJ2 ii3Lltu1vDUwjsCoBXYgRzGmXoDJ4vnkw3XeEKyCp3iy09h1j5QAT/BPasy9xrH/hn/txSDFxtF6 xptWu9I7QvUEzUn79UGc/15D7cUNOqIpclMfQjPGCpYCkkEtEfV3IW6If5beMAqotMuwpD6Tt9g7 QpYS7g56XDnc2TPvg0qE4x00qeSQ1eLIdoAQu5mhiAiRV7LYYFvkWa96hT31iojV5f3lkI8VjeQa /D0KeJ5k248rU6ymT1AZ8vuin3J89caoaq4WLAPEaqSsYRShrRFZml6sacBvcUxip/YOh6J35ghQ Lk3KCZC/DeX7SN5+DxuyfB3Bo5ba76FEoG6WQz0oM9MfyffYe7aLpAQJSlmbs+meKDlz1jIuGiaV zA5dWqVOemTpcx2ZY5rhdX7uLv+ngVB3pR45Vd/rzA8tfcqKRQARAQABiQIlBBgBCgAPBQJW9uL+ AhsMBQkHhh+AAAoJEKEqExl9U8qmH0UP/0GAc6vs0Yf3vQUSbeTv9Iu9UhQ0SJQp9gSeUKGiq3QS ng6m4x538N3UgYQhNMO4C2uoOIrxkEeHiRqrgPu+oulz32UVuHAGprphetPJt5rSi3DZExRTYSMv updNb4hi3TwucfzICvXtluEOHc/AtnOCos5jGxC4ywCvXZQJS+TJbDl8OEHl61w20za9vbW4iM+Z S0dAol8j9FKk8QrTBKz5EJdyifKIocvJBDPe9Z/V6H8lBOPNBQNYg+LiKMvnTaaPY4/4TSBd5KUL dzpUVOligdDyVFLG8azJz9WC9K6zMdrTDsNeKoRXOkzoJHur+idL/8/fGF/jWkmF/ucoIsn9Zyb6 gLn+sTHWva+Rtp8t0JfufLyZa8pZditTKvy6pBwS6dWDhuNzrhtzMNZzSqG5UdouosLRixBlk+A/ SdpiYv/F8Er7WQx1iSE05Da93f5uqLeaXjpb6W/B0NpjhqN0vkEeIzKGWX7g3jX0pIxxHn1HnNjP e7twvjHIp8YzcARhKsk9bOCK8amUFUiZ5TRbWMxU2lGISJlNmAKkUP9qkTkWi4XL532NV1BwLd0j vxDwjIRZ0VJqAV7rxOlAR1OPcHSopGYWMipSd2y3vWSUg82bxUKCmVfJA9i6RuCIIUI6v9AyAJxr eglhsj4xogg/3rYjmWOhHmbF6cQpEYuN
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 24 Feb 2018 14:55:00 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1519502086; bh=vfAb28jppbCZUVUeogfd6CS8D5HQHEygPdwqehD51JI=; h=Date:In-Reply-To:References:Subject:To:From:From:Subject; b=auSEbVDZzVibhbHUq3mheVSRQVUvIp/fpU78fJ0ontK6z76c9tINUaMaHCinyLQuxxvnxr/+bLyfauvkuUoHUYSnXSQrdEXKcQ10DvyY8737hsNEuukgsXNf9O5M14/v1YJmJmeNw+BADQG8qXu/2ifIch6FceQa/f00ZvSwIvACLoLJ68P6q2TMX8+Dfre7p6vOh1q4bpAaRdcF7H+/38KXkF/YgjkEbtVgSh3xpTI3bZM/wmNOqGhooh3NbRMFCkGwhLErbqiqQpCdptUT3ZN2y1RMsIsftbHvqy9xHHtvgx4EtSBRArBDjnt8WE6+jGwF6+/mbbi7sZfcrK6czA==
In-reply-to: <4f232528-7a91-b096-a5d8-15b64b62c432@posteo.de>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <4f232528-7a91-b096-a5d8-15b64b62c432@posteo.de>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

Hi Olaf,

SSH brute force attacks are commonplace on any internet facing server with port 22 open. You have a number of countermeasure options:

1) install fail2ban which will block anyone who fails a login 3 times
2) move SSH to a non standard port (preferably >1000)
3) reconfigure SSH to only allow login with keys instead of passwords - generate and successfully test login with a key first before you set this option
4) change the firewall to only allow logins from a specified IP address (yours if you have a static IP)

I recommend if you can that you implement all of these measures as they will improve your security and stop the attacks filling up your logfiles.

S

On February 24, 2018 7:36:16 PM UTC, Olaf Grimm <jeep665@xxxxxxxxx> wrote:

Dear guys,


I am now on my server with SSH and get the message during login:

...

Last failed login: Sat Feb 24 14:22:47 EST 2018 from 5.188.10.179 on
ssh:notty
There were 1343 failed login attempts since the last successful login.

...


This simple relay (no exit) is online since less days. Location Moldavia
/ Trabia Network; VPS

Is this amount of attacks regular? In the past i had a log file of 12MB
on an other server - all failed logins.

It is not a problem. It is only for my feeling "Ok, That's right!".

Nickname node49c


Olaf



tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

--
Spiros Andreou

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] Relay failed logins
  - From: Lars Noodén
- Re: [tor-relays] Relay failed logins
  - From: Santiago R.R.

References:
- [tor-relays] Relay failed logins
  - From: Olaf Grimm

Prev by Author: Re: [tor-relays] FreeBSD 11.1 ZFS Tor Image
Next by Author: [tor-relays] gabelmoo's BW scanner, temporary or permanent leave?
Previous by thread: Re: [tor-relays] Relay failed logins
Next by thread: Re: [tor-relays] Relay failed logins
Index(es):
- Author
- Thread