As others have mentioned, this does not look like a Tor issue to me. It
more seems like a compromised or misconfigured server.
You mentioned you reinstalled the OS. Did you use the same root
password? My suggestion is that you go about this step by step. First
reinstall the OS with a different
>From the abuseipdb report, it almost seems like your server has been
>compromised and a rogue actor is attempting to ssh brute force attack the
>reporting plaintiffs' servers.
As suggested previously, use tcpdump on the server in question to confirm the
outbound tcp/22 traffic.
If the issue is
Hello,It is honestly still puzzling to me considering that the relay wasn’t compromised or misconfigured.If you or anyone wants to check out the reportshttps://www.abuseipdb.com/check/23.132.184.31 On Wed, Jul 26, 2023 at 2:16 PM, mpan - tor-1qnuaylp at mpan.pl
Hey John,
Perhaps one thing you can try in debugging is to run tcpdump on the server
in question, to check if it is indeed sending out a lot of port-scanning
packets. You can use the following command to filter for port 22 only. Make
sure to test with tor turned off as well.
"*sudo* *tcpdump -vv
Hi. I am from. Turkmenistan. I have obtained obsf4 bridge from internet but
only ip address is readable. If anybody knows fully obsf4 bridge please
send me to my mail. Ip address is:
obsf4 93.104.161.141
___
tor-relays mailing list
Hello John,
Unfortunately I don't have an answer and are not familiar with this problem.
It's not exactly clear to me what is scanning what. Are the complains about
traffic coming from your relay as port scanning devices around the internet on
port 22? Or lots of incoming traffic scanning your
In the past 24 hrs, I have been receiving complaints from my hosting provider
that they're receiving hundreds of abuse reports related to port scanning. I
have no clue why I'm all of the sudden receiving abuse reports when this
non-exit relay has been online for months without issues. In
