[tor-relays] Tor stop / reboot by itself + weird logs (hacking?)

Wed, 06 Nov 2019 18:32:11 -0800 

Hello everyone,

i'm running a bridge on a raspberry Pi 3B+ on Kali Linux.

Everything looks fine but after checking the logs i noticed that the service 
rebooted by itself in the middle on the night:

Nov 06 03:51:09.000 [notice] Interrupt: we have stopped accepting new 
connections, and will shut down in 30 seconds. Interrupt again to exit now.
Nov 06 03:51:10.000 [notice] Delaying directory fetches: We are hibernating or 
shutting down.
Nov 06 03:51:39.000 [notice] Clean shutdown finished. Exiting.
etc...

Then after that, it works again (will check tonight /tomorrow if it reboots 
again).

I'm trying to find why it is rebooting but without success. I checked all logs 
possible and also notice this in journalctl -xe:

nov. 06 19:37:58 kali-pi sshd[15920]: Failed password for root from XXXXX port 
37494 ssh2
nov. 06 19:38:03 kali-pi sshd[15920]: Failed password for root from XXXX port 
37494 ssh2
nov. 06 19:38:08 kali-pi sshd[15920]: Failed password for root from XXXXX port 
37494 ssh2
nov. 06 19:38:13 kali-pi sshd[15920]: Failed password for root from XXXXX port 
37494 ssh2
nov. 06 19:38:18 kali-pi sshd[15920]: Failed password for root from XXXXX port 
37494 ssh2
nov. 06 19:38:18 kali-pi sshd[15920]: error: maximum authentication attempts 
exceeded for root from 21>
nov. 06 19:38:18 kali-pi sshd[15920]: Disconnecting authenticating user root 
2XXXX port 37494: >
nov. 06 19:38:18 kali-pi sshd[15920]: PAM 5 more authentication failures; 
logname= uid=0 euid=0 tty=ss>
nov. 06 19:38:18 kali-pi sshd[15920]: PAM service(sshd) ignoring max retries; 6 
> 3
nov. 06 19:38:21 kali-pi sshd[15950]: pam_unix(sshd:auth): authentication 
failure; logname= uid=0 euid>
nov. 06 19:38:22 kali-pi sshd[15953]: pam_unix(sshd:auth): authentication 
failure; logname= uid=0 euid>
nov. 06 19:38:23 kali-pi sshd[15950]: Failed password for root from XXXX port 
64786 ssh2
nov. 06 19:38:23 kali-pi sshd[15953]: Failed password for root from XXXXX port 
6739 ssh2

There's two different IP that i don't know. A whois says it's a Chinese 
provider...

Should i consider that someone is trying to break into my home network?

Sent with [ProtonMail](https://protonmail.com) Secure Email.
_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Reply via email to