[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Tor node break-in attempts

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Tor node break-in attempts
From: Josef Stautner <hello@xxxxxxxxxxx>
Date: Thu, 22 Oct 2015 21:29:06 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 22 Oct 2015 15:29:02 -0400
In-reply-to: <5629353C.4030408@xxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <5629353C.4030408@xxxxxxx>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0

Hi LB,

SSH attacks happen 24/7 and are just stupid brute force mostly without
any reason.
You already setted up key auth and hopefully disabled password auth.

You can block brute force by setting up a log watcher like fail2ban.
That application follows the auth.log file on your server and adds an
iptables rules to drop the traffic from the attacker.

~Josef

Am 22.10.2015 um 21:13 schrieb Larry Brandt:
> Hello,
> I need some advise on a situation new to me.  I operate a VPS exit
> node in Romania, a VPS guard node in the Czech Republic, a middle node
> and bridge in the US.  All are SSH public key authentication protocol
> 2.  Over the last 5 weeks all of these servers have been under attack
> by IPs in the range 43.229.52.00 to 43.229.55.255. Maybe 24 different
> IP addresses.  I have contacted the operator in Hong Kong on four
> different occasions but I've received no relief from the attempted
> attacks nor have they communicated back to me--as I have requested. 
> Attack counts are in the 100,000s.
> I have no personal information stored on any of these servers--only
> public info via Tor is available.  And then, how the hell did they get
> the address of my bridge?
> I see break-in attempts all the time but never at this volume.  The
> break-in attempts have been thwarted to date and will probably remain
> so.  But I find the situation disconcerting and irritating.
> Should I ignore these efforts?  Should I send abuse reports to
> someone?  Who?  Any sage advice out there?
> Did I give away any secure info just now?  lol
> LB
>
>
> _______________________________________________
> tor-relays mailing list
> tor-relays@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] Tor node break-in attempts
  - From: Toralf FÃrster

References:
- [tor-relays] Tor node break-in attempts
  - From: Larry Brandt

Prev by Author: Re: [tor-relays] webiron requesting to block several /24 subnet
Next by Author: Re: [tor-relays] webiron requesting to block several /24 subnet
Previous by thread: [tor-relays] Tor node break-in attempts
Next by thread: Re: [tor-relays] Tor node break-in attempts
Index(es):
- Author
- Thread