[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-relays] SSH Bruteforce Attempts



Hi,
I have been running one  tor exit relay for about 51 days and i recently got this abuse report:                                                                                                                                                                         
                                                                                                                                                                                                                                                          
Good afternoon,
 
Your Ip address (212.47.239.73) has been reported to us by profihost because it seems to have attempted to bruteforce.
Thank you to take the necessary action as soon as possible.
You will find more information about this report below this message.
Feel free to contact Online.net technical assistance for more information.
Online.net Abuse service
 ------------------------------------------------------------------------------
(time is MET / GMT+1):
Tue Oct 3 08:59:40 2017: user: root service: ssh target: 77.75.252.250 source: 212.47.239.73 Tue Oct 3 08:59:10 2017: user: root service: ssh target: 77.75.252.250 source: 212.47.239.73 Tue Oct 3 08:59:10 2017: user: root service: ssh target: 77.75.252.250 source: 212.47.239.73 Tue Oct 3 08:36:18 2017: user: admin service: ssh target: 37.228.155.188 source: 212.47.239.73 Tue Oct 3 07:06:42 2017: user: user service: ssh target: 77.75.252.80 source: 212.47.239.73 Tue Oct 3 07:06:12 2017: user: user1 service: ssh target: 77.75.252.80 source: 212.47.239.73 Tue Oct 3 06:14:12 2017: user: admin service: ssh target: 77.75.251.85 source: 212.47.239.73 Tue Oct 3 06:01:41 2017: user: admin service: ssh target: 77.75.252.78 source: 212.47.239.73 Tue Oct 3 05:37:01 2017: user: admin service: ssh target: 185.39.221.52 source: 212.47.239.73 Tue Oct 3 02:07:46 2017: user: admin service: ssh target: 77.75.249.19 source: 212.47.239.73 Tue Oct 3 01:23:57 2017: user: admin service: ssh target: 85.158.176.137 source: 212.47.239.73 Mon Oct 2 20:10:45 2017: user: admin service: ssh target: 77.75.255.76 source: 212.47.239.73 Mon Oct 2 17:30:13 2017: user: admin service: ssh target: 185.39.221.145 source: 212.47.239.73 Mon Oct 2 17:30:13 2017: user: admin service: ssh target: 185.39.221.145 source: 212.47.239.73 Mon Oct 2 17:09:32 2017: user: admin service: ssh target: 37.228.154.149 source: 212.47.239.73 Mon Oct 2 17:09:23 2017: user: admin service: ssh target: 37.228.154.102 source: 212.47.239.73 Mon Oct 2 16:43:12 2017: user: admin service: ssh target: 77.75.252.233 source: 212.47.239.73 Mon Oct 2 16:23:41 2017: user: admin service: ssh target: 37.228.155.125 source: 212.47.239.73 Mon Oct 2 14:17:24 2017: user: admin service: ssh target: 77.75.250.84 source: 212.47.239.73 Mon Oct 2 13:24:14 2017: user: supervisor service: ssh target: 37.228.159.139 source: 212.47.239.73 Mon Oct 2 13:24:14 2017: user: support service: ssh target: 37.228.159.139 source: 212.47.239.73 Mon Oct 2 13:23:44 2017: user: super service: ssh target: 37.228.159.139 source: 212.47.239.73 Mon Oct 2 12:48:09 2017: user: user service: ssh target: 37.228.159.98 source: 212.47.239.73 Mon Oct 2 12:47:39 2017: user: user service: ssh target: 37.228.159.98 source: 212.47.239.73
 ------ This data has been truncated because it was too long ------                                                                                                                                                                                                              
                                                                                                         
                                                                                                                                                                                                              
Have any of you had this sort of problem? I'm having difficulty determining if this log information represents a normal exit relay ocurrence or if my server has been compromised... What could i do in order to solve this?

Thank you all,

Tanous

                                                                                                                                                                                                              
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays