grarpamp:
The servers aren't the one's that shouldn't be online, it's their idiot operators who think SSH's DEFAULT SCREAMING ABOUT DENIED HACK ATTEMPTS in the logs is some kind of important, and then go reporting it to every place they can think of, each of those places staffed by more clueless idiots, etc. Grow up people, quit whining about ssh and learn to admin. Meanwhile, Theo laughs heartily at everyone.
Often, SSH brute-force login attempts come directly from compromised machines, not Tor exit nodes. Reporting such attacks helps administrators realize a machine is compromised, which is a good thing. It could be helping protect the privacy of someone whose machine is compromised.
I'd suggest the problem is administrators treating a Tor exit node the same as a compromised machine. If the goal of an administrator is to eliminate SSH attacks emanating from Tor, they should simply block port 22 connections from Tor exit nodes.
It is a bit cynical or defeatist, I think, to say "There are a lot of these attacks, so administrators should have to just accept them." If you see someone attempting to break into cars, do you report it, or do you say "There are so many car thefts in the world, what's the point?"
Delton