Just adding a "me too" here: Hetzner node, running a relay (*not* an exit node), received two abuse emails from Hetzner that a company called "watchdogcyberdefense" complained about SSH login attempts to their 202.91/16 network.
Replied to Hetzner with my own text and reinstalled my node and installed egress packet filter rules to block traffic to that network. Weird though. Thanks for reporting this to the list! On 5 November 2024 17:24:07 CET, t...@nullvoid.me wrote: >Update for my experience with OVH. > >Received 4 abuse emails in total (2 per each relay), each was replied within >24h. No followup on any or response. >Still have service uninterrupted. > >Hopefully the attacker's ISP kicks them off instead. All of the honeypot that >send "incorrect" abuse emails get a flood of responses and update their >detection scripts. Ideally no one loses any nodes, but it seems to have >already happened. > >Good luck everyone, > >Dimitris T. via tor-relays: >> another abuse report from hetzner (by the same watchdogcyberdefence) a few >> hours ago. no reply from hetzner yet to previous ticket. >> >> this time, alleged attacked /20 subnet from watchdogcyberdefence was >> firewalled since 30/10/2024, just to confirm new false abuse reports..., and >> they confirmed (=their report, shows traffic from our ip on 3/11/2024).... >> >> replied to hetzner with proposed template and minor changes. >> >> d. >> >> Στις 31/10/24 17:58, ο/η mick έγραψε: >>> On Thu, 31 Oct 2024 11:25:30 +0200 >>> "Dimitris T. via tor-relays" <tor-relays@lists.torproject.org> >>> allegedly wrote: >>> >>>> similar situation here with hetzner.. got a first report 2 days ago, >>>> and just a while ago got another abuse report, by the same >>>> watchdogcyberdefence.... with more alleged activity from our ip... >>>> >>>> like everybody else, there's nothing coming out from our relay ip, so >>>> we strongly believe "Theory three"[1] . >>>> >>> Agree. >>> >>> I have just received another "abuse" report. Hetzner have yet to >>> respond to my last reply to them. >>> >>> Mick >>> >>> --------------------------------------------------------------------- >>> Mick Morgan >>> gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312 >>> blog: baldric.net >>> --------------------------------------------------------------------- >>> >> _______________________________________________ >> tor-relays mailing list -- tor-relays@lists.torproject.org >> To unsubscribe send an email to tor-relays-le...@lists.torproject.org > _______________________________________________ tor-relays mailing list -- tor-relays@lists.torproject.org To unsubscribe send an email to tor-relays-le...@lists.torproject.org
