Is your server running a DNS server that's open to the internet on port 53?
On 6/11/24 09:25, Jose A via tor-relays wrote:
Hello everyone.
I have received a communication from my ISP regarding the IP where I
have a Middle Relay and a Bridge, informing me that this IP is being
used for a DDoS
On Wed, Nov 06, 2024 at 11:04:51AM +0100, CK wrote:
> Replied to Hetzner with my own text and reinstalled my node and installed
> egress packet filter rules to block traffic to that network. Weird though.
Egress rules won't help, because the traffic never hits your server --
the source IP address
Hey,
my personal experience with OVH was that they would accept 5-10 abuse reports
per day, even if you replied to them, and then replied to the abuse report with
the forwarded reply, but they always disable your VM/Server after 21-30 days.
OVH is also on the GoodBadHosters community page.
-GH
Just adding a "me too" here: Hetzner node, running a relay (*not* an exit
node), received two abuse emails from Hetzner that a company called
"watchdogcyberdefense" complained about SSH login attempts to their 202.91/16
network.
Replied to Hetzner with my own text and reinstalled my node and in
Hello everyone.
I have received a communication from my ISP regarding the IP where I have a
Middle Relay and a Bridge, informing me that this IP is being used for a DDoS
attack.
I have checked the servers and everything is correct; there are no strange
processes running. I have run various too
Meanwhile 3* OVH abuse report (twice the same, once for 2nd IP), Virtarix,
ServaRICA - all from the same watchdogcyberdefence folks. I have replied to all
above ISPs, no suspensions so far.
Just received a suspension note without ANY explanation from AvenaCloud -
opened a support ticket with th
