Hi DiffieHellman,
The solution is to disable password auth and use pubkeys only (so bruteforcing
attacks won't succeed until after the universe burns out), too bad most of the
bots are incompetently programmed and keep
retrying with a password even if the sshd returns that such auth method is not
available.
You still get logspam, but you can stop that with sshguard or fail2ban, note
that setting thresholds too low will end up with you blocking yourself.
don't worry, such measures have been implemented. Therefore, the attacks will
not be successful.
I only notice that the other servers (which are also kind of well-known out
there) only receive a few attacks per day, while the Tor nodes receive well
over a hundred each (would be significantly more w/o fail2ban).
So I was wondering whether a botnet is currently targeting Tor nodes in
particular.
Best,
Kai.
_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
