Hi John,
Would it be possible that another device on your network is responsible for the
network scanning? If you have an infected PC for instance, your provider would
not see the difference.
Regards, Paul
--- Original Message ---
Op donderdag 27 juli 2023 om 21:54 schreef John Crow
As others have mentioned, this does not look like a Tor issue to me. It
more seems like a compromised or misconfigured server.
You mentioned you reinstalled the OS. Did you use the same root
password? My suggestion is that you go about this step by step. First
reinstall the OS with a different
>From the abuseipdb report, it almost seems like your server has been
>compromised and a rogue actor is attempting to ssh brute force attack the
>reporting plaintiffs' servers.
As suggested previously, use tcpdump on the server in question to confirm the
outbound tcp/22 traffic.
If the issue is
Hello,It is honestly still puzzling to me considering that the relay wasn’t compromised or misconfigured.If you or anyone wants to check out the reportshttps://www.abuseipdb.com/check/23.132.184.31 On Wed, Jul 26, 2023 at 2:16 PM, mpan - tor-1qnuaylp at mpan.pl
Hey John,
Perhaps one thing you can try in debugging is to run tcpdump on the server
in question, to check if it is indeed sending out a lot of port-scanning
packets. You can use the following command to filter for port 22 only. Make
sure to test with tor turned off as well.
"*sudo* *tcpdump -vv
someone has some insights about this and you can resolve your issue.
Regards,
Original Message
From: John Crow via tor-relays
Sent: July 24, 2023 12:07:44 AM GMT+02:00
To: tor-relays@lists.torproject.org
Cc: ad...@prsv.ch
Subject: [tor-relays] Receiving abuse reports for Non
In the past 24 hrs, I have been receiving complaints from my hosting provider
that they're receiving hundreds of abuse reports related to port scanning. I
have no clue why I'm all of the sudden receiving abuse reports when this
non-exit relay has been online for months without issues. In
Hello all,
In the past 24 hrs, I have been receiving complaints from my hosting provider
that they're receiving hundreds of abuse reports related to port scanning. I
have no clue why I'm all of the sudden receiving abuse reports when this
non-exit relay has been online for months without