I know, I know about how internet works :) I’ve just simply noted a large increase in SSH brute force attempts in the last two weeks. BTW I don’t have root login enabled and I have two factor authentication on my SSH port (not standard), which is enabled only for a single low privileges user, so there’s no problem. I work for a provider and I manage IPS devices, so I know that it is common to have a large amount of intrusion attempts, I was just wondering if there was some attack against Tor nodes going on since the increase of intrusion attempts in the last few weeks :)
Best regards, Fr33d0m4All > Il giorno 04 ott 2017, alle ore 08:35, Gareth Llewellyn > <gar...@networksaremadeofstring.co.uk> ha scritto: > > -------- Original Message -------- > On 4 Oct 2017, 07:02, Fr33d0m4all < fr33d0m4...@riseup.net> wrote: Hi, My Tor > middle relay public IP address is victim of SSH brute force connections’ > attempts > > Welcome to the Internet! > > Any Internet connected machine will be port scanned, vuln probed, brute > forced, blindly hit with ancient "1 shot" exploits (think wordpress plugins) > and trawled for include vulnerabilities (e.g. ?file=../../../etc/passwd ) on > a daily basis. > > It's not normally something to worry about. > > Disable root login, enable certificate authentication and if you feel > particularly strongly about the log noise firewall off TCP/22 or move sshd to > a high numbered port. _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays