Hello, I do operate an exit node which rejects exits on port 22.
You should, by default, change your SSH port to a random 5 digit number: Random.org Random Number Generator And apply static IPTables rules to block connection spam even if someone portscans your system (make sure to apply this rule to your random port, I just set the port here to 22): > $IPT -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name > SSH > $IPT -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update > --seconds 300 --hitcount 4 --name SSH -j DROP > $IPT -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT Also, disable password-based authentication entirely, and go for at least RSA4096 or even better ED25519 login rendezvous. I promise to later do a tcpdump on my machine, and see if relays on the public lists are more affected then your average "normal" server. Of course there are always machines, more often infected than not, scanning the IPv4 ranges for open SSH ports, which possible can be exploited. Please wait for me reply in a few hours friend. -GH On Tuesday, October 29th, 2024 at 4:33 AM, Pierre Bourdon [email protected] wrote: > Hi relay ops, > By any chance, any other relay ops seeing the same thing, or am I just > going crazy? (it does kind of sound insane...) > Software Engineer @ Zürich, Switzerland > https://delroth.net/ > _______________________________________________ > tor-relays mailing list > [email protected] > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
publickey - [email protected] - 0xAEE8E00F.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tor-relays mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
