Aren't the iptables rules going to change the source address of the
forwarded traffic to the IP of the old server, causing it to misreport
IP addresses?
On Thu, Oct 22, 2015 at 1:38 PM, SiNA Rabbani wrote:
> Dear Relay Operator,
>
> I am the operator of Faravahar, It has been
Hi LB,
SSH attacks happen 24/7 and are just stupid brute force mostly without
any reason.
You already setted up key auth and hopefully disabled password auth.
You can block brute force by setting up a log watcher like fail2ban.
That application follows the auth.log file on your server and adds
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 10/22/2015 09:29 PM, Josef Stautner wrote:
> Hi LB,
>
> SSH attacks happen 24/7 and are just stupid brute force mostly without
> any reason.
The most stupid of them you can avoid/ignore by just choosing a ssh port != 22.
- --
Toralf, pgp key:
Hello,
I need some advise on a situation new to me. I operate a VPS exit node
in Romania, a VPS guard node in the Czech Republic, a middle node and
bridge in the US. All are SSH public key authentication protocol 2.
Over the last 5 weeks all of these servers have been under attack by IPs
I run the relay Logforme (855BC2DABE24C861CD887DB9B2E950424B49FC34)
Saw this in yesterday's log file:
Oct 22 03:17:55.000 [notice] Our IP Address has changed from
84.219.173.60 to 154.35.32.5; rebuilding descriptor (source:
154.35.175.225).
Oct 22 03:17:55.000 [notice] Self-testing indicates your
Dear Relay Operator,
I am the operator of Faravahar, It has been having some network issues,
specifically very long latency. But this is the first time I hear of an issue
like this.
154.35.32.5 is Faravahr's older IP addresses which was replaced with and
154.35.175.225 is the new IP (current).
"ntp/time sync peculiarities in relays"
Can you please elaborate? I may have missed an earlier discussion, and a
quick Google search isn't providing too much help. I found the ticket
below, which is interesting reading, but I'm not sure what specific
peculiarities you're referring to.
On 22 October 2015 at 19:22, Logforme wrote:
> I run the relay Logforme (855BC2DABE24C861CD887DB9B2E950424B49FC34)
>
> Saw this in yesterday's log file:
> Oct 22 03:17:55.000 [notice] Our IP Address has changed from
> 84.219.173.60 to 154.35.32.5; rebuilding descriptor (source:
>
I see this from time to time as well. Here's another example:
Oct 17 23:02:44.000 [notice] Our IP Address has changed from
52.64.142.121 to [CORRECT IP]; rebuilding descriptor (source: 86.59.21.38).
52.64.142.121 appears to be an instance on Amazon's EC2. I don't run any
nodes on EC2.
>
> Attack counts are in the 100,000s.
>
This sort of thing posses no threat and
is quite stupid as previously observed.
Is mainly annoying for the mess it makes
of /var/log/security.
If you don't want to change the SSH port
(best solution IMO), here's an 'iptables'
rule that will fix it
Here we go. Thats the input i needed.
Regarding to >>
https://atlas.torproject.org/#details/E20FF09A9A800B16C1C7C16E8C0DF95F46F649B0
my advertised Bandwith is 681.33 KB/s , which is little more than 5MBps.
So its kinda "maxed out" .
> On 22 Oct 2015, at 01:42, 12xBTM <12x...@gmail.com> wrote:
11 matches
Mail list logo