Hi LB, SSH attacks happen 24/7 and are just stupid brute force mostly without any reason. You already setted up key auth and hopefully disabled password auth.
You can block brute force by setting up a log watcher like fail2ban. That application follows the auth.log file on your server and adds an iptables rules to drop the traffic from the attacker. ~Josef Am 22.10.2015 um 21:13 schrieb Larry Brandt: > Hello, > I need some advise on a situation new to me. I operate a VPS exit > node in Romania, a VPS guard node in the Czech Republic, a middle node > and bridge in the US. All are SSH public key authentication protocol > 2. Over the last 5 weeks all of these servers have been under attack > by IPs in the range 43.229.52.00 to 43.229.55.255. Maybe 24 different > IP addresses. I have contacted the operator in Hong Kong on four > different occasions but I've received no relief from the attempted > attacks nor have they communicated back to me--as I have requested. > Attack counts are in the 100,000s. > I have no personal information stored on any of these servers--only > public info via Tor is available. And then, how the hell did they get > the address of my bridge? > I see break-in attempts all the time but never at this volume. The > break-in attempts have been thwarted to date and will probably remain > so. But I find the situation disconcerting and irritating. > Should I ignore these efforts? Should I send abuse reports to > someone? Who? Any sage advice out there? > Did I give away any secure info just now? lol > LB > > > _______________________________________________ > tor-relays mailing list > [email protected] > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays _______________________________________________ tor-relays mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
