I have a Relay and a Bridge up and running with ssh password disabled, ssh port changed and fail2ban installed.
With that I noticed that one particular IP was trying to ssh my both machines and that IP belongs to Liberty Global, an Anglo-Dutch-American telecommunication company which is owner of the Virgin Media, UPS and Vodafone.
I was wondering, why is this company trying to ssh my Tor machines?
Has anyone else noticed this?
I am afraid to share the company IP here because they could be here on this list and they could use one IP to target on specific subject and if I disclose that IP they could find me out 😂
It’s just a FYI.
Stay safe.
Surely it is one of their customers…..
From: tor-relays tor-relays-bounces@lists.torproject.org On Behalf Of Cristiano Kubiaki Gomes Sent: 05 April 2021 16:34 To: tor-relays@lists.torproject.org Subject: [tor-relays] ssh request from Virgin Media (Liberty Global)
I have a Relay and a Bridge up and running with ssh password disabled, ssh port changed and fail2ban installed.
With that I noticed that one particular IP was trying to ssh my both machines and that IP belongs to Liberty Global, an Anglo-Dutch-American telecommunication company which is owner of the Virgin Media, UPS and Vodafone.
I was wondering, why is this company trying to ssh my Tor machines?
Has anyone else noticed this?
I am afraid to share the company IP here because they could be here on this list and they could use one IP to target on specific subject and if I disclose that IP they could find me out 😂
It’s just a FYI.
Stay safe.
It might not belong to Liberty Global itself even though it was registered as such but to one of their subsidiaries, likely Virgin Media or Vodafone.
Random SSH probes happen very frequently, it's nothing to worry about if you deny root login, force public key (Ed25519 if your version of sshd supports it) authentication and make use of the AllowUsers config variable.
Fail2Ban is useless bloatware in my opinion, you can do the same with iptables natively.
- William
On 05/04/2021, Cristiano Kubiaki Gomes cristianockg@gmail.com wrote:
I have a Relay and a Bridge up and running with ssh password disabled, ssh port changed and fail2ban installed.
With that I noticed that one particular IP was trying to ssh my both machines and that IP belongs to Liberty Global, an Anglo-Dutch-American telecommunication company which is owner of the Virgin Media, UPS and Vodafone.
I was wondering, why is this company trying to ssh my Tor machines?
Has anyone else noticed this?
I am afraid to share the company IP here because they could be here on this list and they could use one IP to target on specific subject and if I disclose that IP they could find me out 😂
It’s just a FYI.
Stay safe.
-- Cristiano Kubiaki Telegram https://telegram.me/cris_kubiaki | LinkedIn https://www.linkedin.com/in/cristianokubiaki/ | Twitter https://twitter.com/criskubiaki ITIL - MCP - MCDST - MCTS - DCSE
Apr 5, 2021, 10:34 by cristianockg@gmail.com:
I have a Relay and a Bridge up and running with ssh password disabled, ssh port changed and fail2ban installed.
With that I noticed that one particular IP was trying to ssh my both machines and that IP belongs to Liberty Global, an Anglo-Dutch-American telecommunication company which is owner of the Virgin Media, UPS and Vodafone.
I was wondering, why is this company trying to ssh my Tor machines?
It could be an exposed router on their network someone is using to probe you. Just ban like your currently doing, restrict to specific IP, and/or change your Ssh port is about all you can do. Ssh scanning bots out there are as numerous as plankton it seems. XD
tor-relays@lists.torproject.org
-
Cristiano Kubiaki Gomes -
gerardï¼ bulger.co.uk -
klarheitï¼ tuta.io -
William Kane