[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] DoS from my tor guard VPS



On 15 November 2016 at 20:41, Arisbe <arisbe@xxxxxxx> wrote:
> One of my tor guard relays is a medium size VPS operating in the Czech
> Republic.  It's been up and stable for several years.  Several weeks ago I
> was notified that my VPS was a source of UDP DoS traffic.  It was shut down.
> Logs showed no intrusions.
>
> I installed a different instance of linux, changed my SSH port, added
> fail2ban and even installed clamav.  I did not make changes to the tor exit
> policy.  Then, this week I received the following:
>
> "Hello,
> surveillance system detected a disproportionate outgoing DoS traffic on your
> VPS torexitcz and then our network under a DDoS attack. Your server
> torexitcz has been stopped. This is another problem with your VPS. Your
> service will be terminated.
> Thanks for understanding."
>
> Can anyone offer an opinion as to how my relay was used for DoS? How can I
> avoid this in the future?  My goal, as always is to provide stable nodes to
> the tor network while protecting myself and my VPS supplier.
>
> 4061C553CA88021B8302F0814365070AAE617270
> 185.100.85.101

Your relay allows exit, and based on the name that seems intentional
If you don't want it to possibly be used for attacks, you should not run an exit
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays