[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-relays] Botnet targeting Tor relays
Hi Kai,
Any systemd/Linux system connected to the internet with IPv4 is going to be hit with endless bruteforce attempts, not just tor relays (although most tor relays have their IP addresses published online,
meaning attackers find out about such systems sooner).
The solution is to disable password auth and use pubkeys only (so bruteforcing attacks won't succeed until after the universe burns out), too bad most of the bots are incompetently programmed and keep
retrying with a password even if the sshd returns that such auth method is not available.
You still get logspam, but you can stop that with sshguard or fail2ban, note that setting thresholds too low will end up with you blocking yourself.
--
Kind Regards, DiffieHellman
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays