On 3 Oct 2017, at 22:35, tanous .c sawtous@gmail.com wrote:
Have any of you had this sort of problem? I'm having difficulty determining if this log information represents a normal exit relay ocurrence or if my server has been compromised... What could i do in order to solve this?
Yes, Profihost sent me one recently that looked very similar. Fortunately, I use OutboundBindAddress, so I knew it was (very likely to be) exit traffic.
You can: * do nothing * respond and ask for verification that they want your exit to block their site, but explain that they need to block all Tor Exits for the traffic to stop * add exit policy entries to block each of the mentioned IPs and ports * block port 22 on your exit
I'll be doing nothing.
You should consider your provider's reaction, because they may want you do something about the complaint, even if it's something ineffective.
Tim