[tor-relays] Fwd: [Abuse #KMLTFQPGVQ] Abusive use of your service vps-3e661acc.vps.ovh.net

Just got this note, I run a middle relay on ovh. Why would this suddenly happen? Thanks. Relay is usdeserveprivacy

–Keifer

···

---------- Forwarded message ---------
From: <ticket+KMLTFQPGVQ.ca83@abuse.ovh.net>
Date: Sat, Nov 2, 2024, 9:07 PM
Subject: [Abuse #KMLTFQPGVQ] Abusive use of your service vps-3e661acc.vps.ovh.net
To: <keifer.bly@gmail.com>

Hello,

An abusive behaviour (Intrusion) originating from your VPS vps-3e661acc[.]vps[.]ovh[.]net has been reported to or noticed by our Abuse Team.

Technical details showing the aforementioned problem follow :

– start of the technical details –

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii"></head>
<body><pre>
Greetings Fellow Sys Ad/s

I hope this message finds you well. I'm reaching out to you today regarding a matter of potential concern involving one or more IP addresses associated with your system
Our network security logs have recently detected unusual activity originating from these IP addresses. While we understand that such incidents can sometimes occur innocently, it's crucial to investigate and address them promptly to ensure the security of all networks involved

To assist you in understanding the situation, we have provided the relevant log data below, with timestamps adjusted to our GMT &#43;8 timezone:

DateTime Action AttackClass SourceIP Srcport Protocol DestinationIP DestPort
0 01-Nov-2024 05:07:55 DENIED 51[.]68[.]197[.]220 44959 TCP 202[.]91[.]161[.]97 22
1 01-Nov-2024 05:24:37 DENIED 51[.]68[.]197[.]220 58734 TCP 202[.]91[.]161[.]98 22
2 01-Nov-2024 08:48:23 BLOCKED 51[.]68[.]197[.]220 8551 TCP 202[.]91[.]161[.]132 22
3 01-Nov-2024 08:53:27 BLOCKED 51[.]68[.]197[.]220 2419 TCP 202[.]91[.]161[.]169 22
4 01-Nov-2024 08:58:05 BLOCKED 51[.]68[.]197[.]220 5917 TCP 192[.]168[.]200[.]216 22
5 01-Nov-2024 08:59:24 BLOCKED 51[.]68[.]197[.]220 56858 TCP 202[.]91[.]161[.]132 22
6 01-Nov-2024 09:04:23 BLOCKED 51[.]68[.]197[.]220 32161 TCP 202[.]91[.]161[.]169 22
7 01-Nov-2024 09:17:30 BLOCKED 51[.]68[.]197[.]220 33472 TCP 202[.]91[.]161[.]132 22
8 01-Nov-2024 09:18:02 BLOCKED 51[.]68[.]197[.]220 11282 TCP 202[.]91[.]161[.]132 22
9 01-Nov-2024 09:19:00 BLOCKED 51[.]68[.]197[.]220 3727 TCP 202[.]91[.]161[.]132 22
10 01-Nov-2024 09:20:31 BLOCKED 51[.]68[.]197[.]220 4388 TCP 202[.]91[.]161[.]169 22
11 01-Nov-2024 09:25:57 BLOCKED 51[.]68[.]197[.]220 6898 TCP 202[.]91[.]161[.]165 22
12 01-Nov-2024 09:32:06 BLOCKED 51[.]68[.]197[.]220 18202 TCP 202[.]91[.]161[.]132 22
13 01-Nov-2024 09:39:40 BLOCKED 51[.]68[.]197[.]220 51142 TCP 202[.]91[.]161[.]132 22
14 01-Nov-2024 09:45:32 BLOCKED 51[.]68[.]197[.]220 46914 TCP 192[.]168[.]200[.]216 22
15 01-Nov-2024 10:40:48 BLOCKED 51[.]68[.]197[.]220 60991 TCP 192[.]168[.]200[.]216 22
16 01-Nov-2024 10:42:58 BLOCKED 51[.]68[.]197[.]220 42833 TCP 202[.]91[.]161[.]132 22
17 01-Nov-2024 10:47:13 BLOCKED 51[.]68[.]197[.]220 38382 TCP 202[.]91[.]161[.]132 22
18 01-Nov-2024 10:47:23 BLOCKED 51[.]68[.]197[.]220 30596 TCP 192[.]168[.]200[.]216 22
19 01-Nov-2024 10:47:46 BLOCKED 51[.]68[.]197[.]220 56767 TCP 202[.]91[.]161[.]185 22
20 01-Nov-2024 10:52:10 BLOCKED 51[.]68[.]197[.]220 8983 TCP 202[.]91[.]161[.]132 22
21 01-Nov-2024 10:55:04 BLOCKED 51[.]68[.]197[.]220 55684 TCP 192[.]168[.]200[.]216 22
22 01-Nov-2024 10:57:43 BLOCKED 51[.]68[.]197[.]220 37003 TCP 202[.]91[.]161[.]185 22
23 01-Nov-2024 10:58:43 BLOCKED 51[.]68[.]197[.]220 10524 TCP 192[.]168[.]200[.]216 22
24 01-Nov-2024 11:01:06 BLOCKED 51[.]68[.]197[.]220 6384 TCP 202[.]91[.]161[.]132 22
25 01-Nov-2024 11:03:46 BLOCKED 51[.]68[.]197[.]220 6779 TCP 202[.]91[.]161[.]185 22
26 01-Nov-2024 11:06:05 BLOCKED 51[.]68[.]197[.]220 23062 TCP 192[.]168[.]200[.]216 22
27 01-Nov-2024 11:58:01 BLOCKED 51[.]68[.]197[.]220 33174 TCP 202[.]91[.]161[.]132 22
28 01-Nov-2024 11:58:05 BLOCKED 51[.]68[.]197[.]220 29422 TCP 202[.]91[.]161[.]132 22
29 01-Nov-2024 11:58:26 BLOCKED 51[.]68[.]197[.]220 53504 TCP 202[.]91[.]161[.]185 22
30 01-Nov-2024 12:00:03 BLOCKED 51[.]68[.]197[.]220 5898 TCP 192[.]168[.]200[.]216 22
31 01-Nov-2024 12:00:20 BLOCKED 51[.]68[.]197[.]220 38324 TCP 202[.]91[.]161[.]185 22
32 01-Nov-2024 12:00:30 BLOCKED 51[.]68[.]197[.]220 6362 TCP 202[.]91[.]161[.]132 22
33 01-Nov-2024 12:03:11 BLOCKED 51[.]68[.]197[.]220 38581 TCP 202[.]91[.]161[.]132 22
34 01-Nov-2024 12:05:37 BLOCKED 51[.]68[.]197[.]220 43932 TCP 202[.]91[.]161[.]132 22
35 01-Nov-2024 12:07:27 BLOCKED 51[.]68[.]197[.]220 5141 TCP 202[.]91[.]161[.]185 22
36 01-Nov-2024 12:08:42 BLOCKED 51[.]68[.]197[.]220 56161 TCP 202[.]91[.]161[.]132 22
37 01-Nov-2024 12:12:26 BLOCKED 51[.]68[.]197[.]220 6269 TCP 202[.]91[.]161[.]132 22
38 01-Nov-2024 12:14:33 BLOCKED 51[.]68[.]197[.]220 164 TCP 192[.]168[.]200[.]216 22
39 01-Nov-2024 12:15:48 BLOCKED 51[.]68[.]197[.]220 25787 TCP 202[.]91[.]161[.]185 22
40 01-Nov-2024 12:16:39 BLOCKED 51[.]68[.]197[.]220 9188 TCP 202[.]91[.]161[.]185 22
41 01-Nov-2024 12:16:58 BLOCKED 51[.]68[.]197[.]220 32317 TCP 202[.]91[.]161[.]132 22
42 01-Nov-2024 12:22:28 BLOCKED 51[.]68[.]197[.]220 21955 TCP 202[.]91[.]161[.]185 22
43 01-Nov-2024 12:29:50 BLOCKED 51[.]68[.]197[.]220 33563 TCP 202[.]91[.]161[.]185 22
44 01-Nov-2024 12:32:18 BLOCKED 51[.]68[.]197[.]220 48519 TCP 202[.]91[.]161[.]132 22
45 01-Nov-2024 12:33:24 BLOCKED 51[.]68[.]197[.]220 42914 TCP 202[.]91[.]161[.]132 22
46 01-Nov-2024 12:34:07 BLOCKED 51[.]68[.]197[.]220 11296 TCP 202[.]91[.]161[.]185 22
47 01-Nov-2024 12:36:43 BLOCKED 51[.]68[.]197[.]220 6522 TCP 202[.]91[.]161[.]132 22
48 01-Nov-2024 12:37:55 BLOCKED 51[.]68[.]197[.]220 57962 TCP 202[.]91[.]161[.]185 22
49 01-Nov-2024 12:37:56 BLOCKED 51[.]68[.]197[.]220 53189 TCP 202[.]91[.]161[.]132 22
50 01-Nov-2024 12:39:29 BLOCKED 51[.]68[.]197[.]220 7411 TCP 192[.]168[.]200[.]216 22
51 01-Nov-2024 12:41:51 BLOCKED 51[.]68[.]197[.]220 27413 TCP 192[.]168[.]200[.]216 22
52 01-Nov-2024 12:44:00 BLOCKED 51[.]68[.]197[.]220 355 TCP 202[.]91[.]161[.]181 22
53 01-Nov-2024 12:50:35 BLOCKED 51[.]68[.]197[.]220 28953 TCP 202[.]91[.]161[.]185 22
54 01-Nov-2024 12:50:53 BLOCKED 51[.]68[.]197[.]220 46927 TCP 192[.]168[.]200[.]216 22
55 01-Nov-2024 12:52:00 BLOCKED 51[.]68[.]197[.]220 45122 TCP 202[.]91[.]161[.]185 22
56 01-Nov-2024 12:55:04 BLOCKED 51[.]68[.]197[.]220 4184 TCP 202[.]91[.]161[.]181 22
57 01-Nov-2024 12:55:15 BLOCKED 51[.]68[.]197[.]220 33245 TCP 202[.]91[.]161[.]185 22
58 01-Nov-2024 12:57:38 BLOCKED 51[.]68[.]197[.]220 50897 TCP 192[.]168[.]200[.]216 22
59 01-Nov-2024 12:58:58 BLOCKED 51[.]68[.]197[.]220 35903 TCP 202[.]91[.]161[.]132 22
60 01-Nov-2024 12:59:35 BLOCKED 51[.]68[.]197[.]220 16158 TCP 192[.]168[.]200[.]216 22
61 01-Nov-2024 13:01:40 BLOCKED 51[.]68[.]197[.]220 18404 TCP 202[.]91[.]161[.]181 22
62 01-Nov-2024 13:04:12 BLOCKED 51[.]68[.]197[.]220 32885 TCP 202[.]91[.]161[.]181 22
63 01-Nov-2024 13:05:50 BLOCKED 51[.]68[.]197[.]220 6316 TCP 202[.]91[.]161[.]132 22

We believe that by working together to resolve this matter swiftly, we can help safeguard the integrity of our networks and prevent any further issues. If you require any additional information or support from our end to facilitate your investigation, please don't hesitate to reach out.
Your prompt attention to this matter would be greatly appreciated. We value your expertise and cooperation in resolving this situation effectively. Thank you for your time and consideration.
For any corrections/updates, kindly email email-removed@provider[.]com</pre></body></html>

– end of the technical details –

Your should investigate and fix this problem, as it constitutes a violation to our terms of service.

Please answer to this e-mail indicating which measures you’ve taken to stop the abusive behaviour.

Cordially,

The OVHcloud Trust & Safety team.

if you want to read the full story, you should read these threads and
posts: [tor-relays] Tor relays source IPs spoofed to mass-scan port 22?
, Dir auths getting abuse complaints about port 22 scanning (#85) · Issues · The Tor Project / Network Health / Analysis · GitLab
and delroth's homepage - One weird trick to get the whole planet to send abuse complaints to your best friend(s) .
The tldr is that some actor is spoofing the IP of tor nodes, and
initiating tcp connections with port 22 of a few addresses. This is
pretty harmless, that actor can't receive the corresponding SYN+ACK,
so they can't finish the handshake.
Nonetheless, the entities behind those addresses do send report to
your service provider because they believe they are being scanned by
you (which is likely the goal of the actor).
You should reply to your providers to inform them of such, and
possibly link them to some or all of the above references.

Regards,
1686a

···

On Mon, 4 Nov 2024 at 14:27, Richard Menedetter via tor-relays <tor-relays@lists.torproject.org> wrote:

Hi

I just receive a very similar abuse message.

I answered my server hosters abuse people, i guess that should be that. (hopefully)

We have received an abuse report concerning your product vxxxxxxxxxxxxxxx - RS 1000 G11 12M today. Additional information can be found at the end of this message.
Please inspect the reported abuse and inform us within 48 hours what the cause of the report is. If you do not reply or if further abuse reports should arrive, we will deactivate your product, to prevent further damages.
Please note that we have to follow up with every abuse message for good measure. If the reason for the report is not understandable or if you are not the initiator, we still need a response from you.
You can find the abuse report at the end of this message.

========== Abusemeldung / Abuse report ==========
Greetings Fellow Sys Ad/s I hope this message finds you well. I'm reaching out to you today regarding a matter of potential concern involving one or more IP addresses associated with your system Our network security logs have recently detected unusual activity originating from these IP addresses. While we understand that such incidents can sometimes occur innocently, it's crucial to investigate and address them promptly to ensure the security of all networks involved To assist you in understanding the situation, we have provided the relevant log data below, with timestamps adjusted to our GMT +8 timezone: DateTime Action AttackClass SourceIP Srcport Protocol DestinationIP DestPort

CU, Ricsi
Gesendet: Sonntag, 3. November 2024 um 05:10
Von: "Keifer Bly" <keifer.bly@gmail.com>
An: tor-relays@lists.torproject.org
Betreff: [tor-relays] Fwd: [Abuse #KMLTFQPGVQ] Abusive use of your service vps-3e661acc.vps.ovh.net
Just got this note, I run a middle relay on ovh. Why would this suddenly happen? Thanks. Relay is usdeserveprivacy

--Keifer

---------- Forwarded message ---------
From: <ticket+KMLTFQPGVQ.ca83@abuse.ovh.net>
Date: Sat, Nov 2, 2024, 9:07 PM
Subject: [Abuse #KMLTFQPGVQ] Abusive use of your service vps-3e661acc.vps.ovh.net
To: <keifer.bly@gmail.com>

Hello,

An abusive behaviour (Intrusion) originating from your VPS vps-3e661acc[.]vps[.]ovh[.]net has been reported to or noticed by our Abuse Team.

Technical details showing the aforementioned problem follow :

-- start of the technical details --

&lt;html&gt;
&lt;head&gt;
&lt;meta http-equiv=&quot;Content-Type&quot; content=&quot;text/html; charset=us-ascii&quot;&gt;&lt;/head&gt;
&lt;body&gt;&lt;pre&gt;
Greetings Fellow Sys Ad/s

I hope this message finds you well. I&#39;m reaching out to you today regarding a matter of potential concern involving one or more IP addresses associated with your system
Our network security logs have recently detected unusual activity originating from these IP addresses. While we understand that such incidents can sometimes occur innocently, it&#39;s crucial to investigate and address them promptly to ensure the security of all networks involved

To assist you in understanding the situation, we have provided the relevant log data below, with timestamps adjusted to our GMT &amp;#43;8 timezone:

                DateTime Action AttackClass SourceIP Srcport Protocol DestinationIP DestPort
0 01-Nov-2024 05:07:55 DENIED 51[.]68[.]197[.]220 44959 TCP 202[.]91[.]161[.]97 22
1 01-Nov-2024 05:24:37 DENIED 51[.]68[.]197[.]220 58734 TCP 202[.]91[.]161[.]98 22
2 01-Nov-2024 08:48:23 BLOCKED 51[.]68[.]197[.]220 8551 TCP 202[.]91[.]161[.]132 22
3 01-Nov-2024 08:53:27 BLOCKED 51[.]68[.]197[.]220 2419 TCP 202[.]91[.]161[.]169 22
4 01-Nov-2024 08:58:05 BLOCKED 51[.]68[.]197[.]220 5917 TCP 192[.]168[.]200[.]216 22
5 01-Nov-2024 08:59:24 BLOCKED 51[.]68[.]197[.]220 56858 TCP 202[.]91[.]161[.]132 22
6 01-Nov-2024 09:04:23 BLOCKED 51[.]68[.]197[.]220 32161 TCP 202[.]91[.]161[.]169 22
7 01-Nov-2024 09:17:30 BLOCKED 51[.]68[.]197[.]220 33472 TCP 202[.]91[.]161[.]132 22
8 01-Nov-2024 09:18:02 BLOCKED 51[.]68[.]197[.]220 11282 TCP 202[.]91[.]161[.]132 22
9 01-Nov-2024 09:19:00 BLOCKED 51[.]68[.]197[.]220 3727 TCP 202[.]91[.]161[.]132 22
10 01-Nov-2024 09:20:31 BLOCKED 51[.]68[.]197[.]220 4388 TCP 202[.]91[.]161[.]169 22
11 01-Nov-2024 09:25:57 BLOCKED 51[.]68[.]197[.]220 6898 TCP 202[.]91[.]161[.]165 22
12 01-Nov-2024 09:32:06 BLOCKED 51[.]68[.]197[.]220 18202 TCP 202[.]91[.]161[.]132 22
13 01-Nov-2024 09:39:40 BLOCKED 51[.]68[.]197[.]220 51142 TCP 202[.]91[.]161[.]132 22
14 01-Nov-2024 09:45:32 BLOCKED 51[.]68[.]197[.]220 46914 TCP 192[.]168[.]200[.]216 22
15 01-Nov-2024 10:40:48 BLOCKED 51[.]68[.]197[.]220 60991 TCP 192[.]168[.]200[.]216 22
16 01-Nov-2024 10:42:58 BLOCKED 51[.]68[.]197[.]220 42833 TCP 202[.]91[.]161[.]132 22
17 01-Nov-2024 10:47:13 BLOCKED 51[.]68[.]197[.]220 38382 TCP 202[.]91[.]161[.]132 22
18 01-Nov-2024 10:47:23 BLOCKED 51[.]68[.]197[.]220 30596 TCP 192[.]168[.]200[.]216 22
19 01-Nov-2024 10:47:46 BLOCKED 51[.]68[.]197[.]220 56767 TCP 202[.]91[.]161[.]185 22
20 01-Nov-2024 10:52:10 BLOCKED 51[.]68[.]197[.]220 8983 TCP 202[.]91[.]161[.]132 22
21 01-Nov-2024 10:55:04 BLOCKED 51[.]68[.]197[.]220 55684 TCP 192[.]168[.]200[.]216 22
22 01-Nov-2024 10:57:43 BLOCKED 51[.]68[.]197[.]220 37003 TCP 202[.]91[.]161[.]185 22
23 01-Nov-2024 10:58:43 BLOCKED 51[.]68[.]197[.]220 10524 TCP 192[.]168[.]200[.]216 22
24 01-Nov-2024 11:01:06 BLOCKED 51[.]68[.]197[.]220 6384 TCP 202[.]91[.]161[.]132 22
25 01-Nov-2024 11:03:46 BLOCKED 51[.]68[.]197[.]220 6779 TCP 202[.]91[.]161[.]185 22
26 01-Nov-2024 11:06:05 BLOCKED 51[.]68[.]197[.]220 23062 TCP 192[.]168[.]200[.]216 22
27 01-Nov-2024 11:58:01 BLOCKED 51[.]68[.]197[.]220 33174 TCP 202[.]91[.]161[.]132 22
28 01-Nov-2024 11:58:05 BLOCKED 51[.]68[.]197[.]220 29422 TCP 202[.]91[.]161[.]132 22
29 01-Nov-2024 11:58:26 BLOCKED 51[.]68[.]197[.]220 53504 TCP 202[.]91[.]161[.]185 22
30 01-Nov-2024 12:00:03 BLOCKED 51[.]68[.]197[.]220 5898 TCP 192[.]168[.]200[.]216 22
31 01-Nov-2024 12:00:20 BLOCKED 51[.]68[.]197[.]220 38324 TCP 202[.]91[.]161[.]185 22
32 01-Nov-2024 12:00:30 BLOCKED 51[.]68[.]197[.]220 6362 TCP 202[.]91[.]161[.]132 22
33 01-Nov-2024 12:03:11 BLOCKED 51[.]68[.]197[.]220 38581 TCP 202[.]91[.]161[.]132 22
34 01-Nov-2024 12:05:37 BLOCKED 51[.]68[.]197[.]220 43932 TCP 202[.]91[.]161[.]132 22
35 01-Nov-2024 12:07:27 BLOCKED 51[.]68[.]197[.]220 5141 TCP 202[.]91[.]161[.]185 22
36 01-Nov-2024 12:08:42 BLOCKED 51[.]68[.]197[.]220 56161 TCP 202[.]91[.]161[.]132 22
37 01-Nov-2024 12:12:26 BLOCKED 51[.]68[.]197[.]220 6269 TCP 202[.]91[.]161[.]132 22
38 01-Nov-2024 12:14:33 BLOCKED 51[.]68[.]197[.]220 164 TCP 192[.]168[.]200[.]216 22
39 01-Nov-2024 12:15:48 BLOCKED 51[.]68[.]197[.]220 25787 TCP 202[.]91[.]161[.]185 22
40 01-Nov-2024 12:16:39 BLOCKED 51[.]68[.]197[.]220 9188 TCP 202[.]91[.]161[.]185 22
41 01-Nov-2024 12:16:58 BLOCKED 51[.]68[.]197[.]220 32317 TCP 202[.]91[.]161[.]132 22
42 01-Nov-2024 12:22:28 BLOCKED 51[.]68[.]197[.]220 21955 TCP 202[.]91[.]161[.]185 22
43 01-Nov-2024 12:29:50 BLOCKED 51[.]68[.]197[.]220 33563 TCP 202[.]91[.]161[.]185 22
44 01-Nov-2024 12:32:18 BLOCKED 51[.]68[.]197[.]220 48519 TCP 202[.]91[.]161[.]132 22
45 01-Nov-2024 12:33:24 BLOCKED 51[.]68[.]197[.]220 42914 TCP 202[.]91[.]161[.]132 22
46 01-Nov-2024 12:34:07 BLOCKED 51[.]68[.]197[.]220 11296 TCP 202[.]91[.]161[.]185 22
47 01-Nov-2024 12:36:43 BLOCKED 51[.]68[.]197[.]220 6522 TCP 202[.]91[.]161[.]132 22
48 01-Nov-2024 12:37:55 BLOCKED 51[.]68[.]197[.]220 57962 TCP 202[.]91[.]161[.]185 22
49 01-Nov-2024 12:37:56 BLOCKED 51[.]68[.]197[.]220 53189 TCP 202[.]91[.]161[.]132 22
50 01-Nov-2024 12:39:29 BLOCKED 51[.]68[.]197[.]220 7411 TCP 192[.]168[.]200[.]216 22
51 01-Nov-2024 12:41:51 BLOCKED 51[.]68[.]197[.]220 27413 TCP 192[.]168[.]200[.]216 22
52 01-Nov-2024 12:44:00 BLOCKED 51[.]68[.]197[.]220 355 TCP 202[.]91[.]161[.]181 22
53 01-Nov-2024 12:50:35 BLOCKED 51[.]68[.]197[.]220 28953 TCP 202[.]91[.]161[.]185 22
54 01-Nov-2024 12:50:53 BLOCKED 51[.]68[.]197[.]220 46927 TCP 192[.]168[.]200[.]216 22
55 01-Nov-2024 12:52:00 BLOCKED 51[.]68[.]197[.]220 45122 TCP 202[.]91[.]161[.]185 22
56 01-Nov-2024 12:55:04 BLOCKED 51[.]68[.]197[.]220 4184 TCP 202[.]91[.]161[.]181 22
57 01-Nov-2024 12:55:15 BLOCKED 51[.]68[.]197[.]220 33245 TCP 202[.]91[.]161[.]185 22
58 01-Nov-2024 12:57:38 BLOCKED 51[.]68[.]197[.]220 50897 TCP 192[.]168[.]200[.]216 22
59 01-Nov-2024 12:58:58 BLOCKED 51[.]68[.]197[.]220 35903 TCP 202[.]91[.]161[.]132 22
60 01-Nov-2024 12:59:35 BLOCKED 51[.]68[.]197[.]220 16158 TCP 192[.]168[.]200[.]216 22
61 01-Nov-2024 13:01:40 BLOCKED 51[.]68[.]197[.]220 18404 TCP 202[.]91[.]161[.]181 22
62 01-Nov-2024 13:04:12 BLOCKED 51[.]68[.]197[.]220 32885 TCP 202[.]91[.]161[.]181 22
63 01-Nov-2024 13:05:50 BLOCKED 51[.]68[.]197[.]220 6316 TCP 202[.]91[.]161[.]132 22

We believe that by working together to resolve this matter swiftly, we can help safeguard the integrity of our networks and prevent any further issues. If you require any additional information or support from our end to facilitate your investigation, please don&#39;t hesitate to reach out.
Your prompt attention to this matter would be greatly appreciated. We value your expertise and cooperation in resolving this situation effectively. Thank you for your time and consideration.
For any corrections/updates, kindly email email-removed@provider[.]com&lt;/pre&gt;&lt;/body&gt;&lt;/html&gt;

-- end of the technical details --

Your should investigate and fix this problem, as it constitutes a violation to our terms of service.

Please answer to this e-mail indicating which measures you've taken to stop the abusive behaviour.

Cordially,

The OVHcloud Trust & Safety team.
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org tor-relays Info Page
_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
tor-relays Info Page

_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

LOL - “for good measure”.

Yes, responding to automatic fail2ban e-mails is “for good measure” and very intelligent.

Sorry, got no words regarding this except I hope your provider gets their shit together and that these attacks stop.

All the best,
-GH

···

On Monday, November 4th, 2024 at 1:52 PM, Richard Menedetter via tor-relays tor-relays@lists.torproject.org wrote:

Hi

I just receive a very similar abuse message.

I answered my server hosters abuse people, i guess that should be that. (hopefully)

We have received an abuse report concerning your product vxxxxxxxxxxxxxxx - RS 1000 G11 12M today. Additional information can be found at the end of this message.
Please inspect the reported abuse and inform us within 48 hours what the cause of the report is. If you do not reply or if further abuse reports should arrive, we will deactivate your product, to prevent further damages.
Please note that we have to follow up with every abuse message for good measure. If the reason for the report is not understandable or if you are not the initiator, we still need a response from you.
You can find the abuse report at the end of this message.

========== Abusemeldung / Abuse report ==========
Greetings Fellow Sys Ad/s I hope this message finds you well. I’m reaching out to you today regarding a matter of potential concern involving one or more IP addresses associated with your system Our network security logs have recently detected unusual activity originating from these IP addresses. While we understand that such incidents can sometimes occur innocently, it’s crucial to investigate and address them promptly to ensure the security of all networks involved To assist you in understanding the situation, we have provided the relevant log data below, with timestamps adjusted to our GMT +8 timezone: DateTime Action AttackClass SourceIP Srcport Protocol DestinationIP DestPort

CU, Ricsi

Gesendet: Sonntag, 3. November 2024 um 05:10
Von: “Keifer Bly” keifer.bly@gmail.com
An: tor-relays@lists.torproject.org
Betreff: [tor-relays] Fwd: [Abuse #KMLTFQPGVQ] Abusive use of your service vps-3e661acc.vps.ovh.net

Just got this note, I run a middle relay on ovh. Why would this suddenly happen? Thanks. Relay is usdeserveprivacy

–Keifer

---------- Forwarded message ---------
From: <ticket+KMLTFQPGVQ.ca83@abuse.ovh.net>
Date: Sat, Nov 2, 2024, 9:07 PM
Subject: [Abuse #KMLTFQPGVQ] Abusive use of your service vps-3e661acc.vps.ovh.net
To: <keifer.bly@gmail.com>

Hello,

An abusive behaviour (Intrusion) originating from your VPS vps-3e661acc[.]vps[.]ovh[.]net has been reported to or noticed by our Abuse Team.

Technical details showing the aforementioned problem follow :

– start of the technical details –

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii"></head>
<body><pre>
Greetings Fellow Sys Ad/s

I hope this message finds you well. I'm reaching out to you today regarding a matter of potential concern involving one or more IP addresses associated with your system
Our network security logs have recently detected unusual activity originating from these IP addresses. While we understand that such incidents can sometimes occur innocently, it's crucial to investigate and address them promptly to ensure the security of all networks involved

To assist you in understanding the situation, we have provided the relevant log data below, with timestamps adjusted to our GMT &#43;8 timezone:

DateTime Action AttackClass SourceIP Srcport Protocol DestinationIP DestPort
0 01-Nov-2024 05:07:55 DENIED 51[.]68[.]197[.]220 44959 TCP 202[.]91[.]161[.]97 22
1 01-Nov-2024 05:24:37 DENIED 51[.]68[.]197[.]220 58734 TCP 202[.]91[.]161[.]98 22
2 01-Nov-2024 08:48:23 BLOCKED 51[.]68[.]197[.]220 8551 TCP 202[.]91[.]161[.]132 22
3 01-Nov-2024 08:53:27 BLOCKED 51[.]68[.]197[.]220 2419 TCP 202[.]91[.]161[.]169 22
4 01-Nov-2024 08:58:05 BLOCKED 51[.]68[.]197[.]220 5917 TCP 192[.]168[.]200[.]216 22
5 01-Nov-2024 08:59:24 BLOCKED 51[.]68[.]197[.]220 56858 TCP 202[.]91[.]161[.]132 22
6 01-Nov-2024 09:04:23 BLOCKED 51[.]68[.]197[.]220 32161 TCP 202[.]91[.]161[.]169 22
7 01-Nov-2024 09:17:30 BLOCKED 51[.]68[.]197[.]220 33472 TCP 202[.]91[.]161[.]132 22
8 01-Nov-2024 09:18:02 BLOCKED 51[.]68[.]197[.]220 11282 TCP 202[.]91[.]161[.]132 22
9 01-Nov-2024 09:19:00 BLOCKED 51[.]68[.]197[.]220 3727 TCP 202[.]91[.]161[.]132 22
10 01-Nov-2024 09:20:31 BLOCKED 51[.]68[.]197[.]220 4388 TCP 202[.]91[.]161[.]169 22
11 01-Nov-2024 09:25:57 BLOCKED 51[.]68[.]197[.]220 6898 TCP 202[.]91[.]161[.]165 22
12 01-Nov-2024 09:32:06 BLOCKED 51[.]68[.]197[.]220 18202 TCP 202[.]91[.]161[.]132 22
13 01-Nov-2024 09:39:40 BLOCKED 51[.]68[.]197[.]220 51142 TCP 202[.]91[.]161[.]132 22
14 01-Nov-2024 09:45:32 BLOCKED 51[.]68[.]197[.]220 46914 TCP 192[.]168[.]200[.]216 22
15 01-Nov-2024 10:40:48 BLOCKED 51[.]68[.]197[.]220 60991 TCP 192[.]168[.]200[.]216 22
16 01-Nov-2024 10:42:58 BLOCKED 51[.]68[.]197[.]220 42833 TCP 202[.]91[.]161[.]132 22
17 01-Nov-2024 10:47:13 BLOCKED 51[.]68[.]197[.]220 38382 TCP 202[.]91[.]161[.]132 22
18 01-Nov-2024 10:47:23 BLOCKED 51[.]68[.]197[.]220 30596 TCP 192[.]168[.]200[.]216 22
19 01-Nov-2024 10:47:46 BLOCKED 51[.]68[.]197[.]220 56767 TCP 202[.]91[.]161[.]185 22
20 01-Nov-2024 10:52:10 BLOCKED 51[.]68[.]197[.]220 8983 TCP 202[.]91[.]161[.]132 22
21 01-Nov-2024 10:55:04 BLOCKED 51[.]68[.]197[.]220 55684 TCP 192[.]168[.]200[.]216 22
22 01-Nov-2024 10:57:43 BLOCKED 51[.]68[.]197[.]220 37003 TCP 202[.]91[.]161[.]185 22
23 01-Nov-2024 10:58:43 BLOCKED 51[.]68[.]197[.]220 10524 TCP 192[.]168[.]200[.]216 22
24 01-Nov-2024 11:01:06 BLOCKED 51[.]68[.]197[.]220 6384 TCP 202[.]91[.]161[.]132 22
25 01-Nov-2024 11:03:46 BLOCKED 51[.]68[.]197[.]220 6779 TCP 202[.]91[.]161[.]185 22
26 01-Nov-2024 11:06:05 BLOCKED 51[.]68[.]197[.]220 23062 TCP 192[.]168[.]200[.]216 22
27 01-Nov-2024 11:58:01 BLOCKED 51[.]68[.]197[.]220 33174 TCP 202[.]91[.]161[.]132 22
28 01-Nov-2024 11:58:05 BLOCKED 51[.]68[.]197[.]220 29422 TCP 202[.]91[.]161[.]132 22
29 01-Nov-2024 11:58:26 BLOCKED 51[.]68[.]197[.]220 53504 TCP 202[.]91[.]161[.]185 22
30 01-Nov-2024 12:00:03 BLOCKED 51[.]68[.]197[.]220 5898 TCP 192[.]168[.]200[.]216 22
31 01-Nov-2024 12:00:20 BLOCKED 51[.]68[.]197[.]220 38324 TCP 202[.]91[.]161[.]185 22
32 01-Nov-2024 12:00:30 BLOCKED 51[.]68[.]197[.]220 6362 TCP 202[.]91[.]161[.]132 22
33 01-Nov-2024 12:03:11 BLOCKED 51[.]68[.]197[.]220 38581 TCP 202[.]91[.]161[.]132 22
34 01-Nov-2024 12:05:37 BLOCKED 51[.]68[.]197[.]220 43932 TCP 202[.]91[.]161[.]132 22
35 01-Nov-2024 12:07:27 BLOCKED 51[.]68[.]197[.]220 5141 TCP 202[.]91[.]161[.]185 22
36 01-Nov-2024 12:08:42 BLOCKED 51[.]68[.]197[.]220 56161 TCP 202[.]91[.]161[.]132 22
37 01-Nov-2024 12:12:26 BLOCKED 51[.]68[.]197[.]220 6269 TCP 202[.]91[.]161[.]132 22
38 01-Nov-2024 12:14:33 BLOCKED 51[.]68[.]197[.]220 164 TCP 192[.]168[.]200[.]216 22
39 01-Nov-2024 12:15:48 BLOCKED 51[.]68[.]197[.]220 25787 TCP 202[.]91[.]161[.]185 22
40 01-Nov-2024 12:16:39 BLOCKED 51[.]68[.]197[.]220 9188 TCP 202[.]91[.]161[.]185 22
41 01-Nov-2024 12:16:58 BLOCKED 51[.]68[.]197[.]220 32317 TCP 202[.]91[.]161[.]132 22
42 01-Nov-2024 12:22:28 BLOCKED 51[.]68[.]197[.]220 21955 TCP 202[.]91[.]161[.]185 22
43 01-Nov-2024 12:29:50 BLOCKED 51[.]68[.]197[.]220 33563 TCP 202[.]91[.]161[.]185 22
44 01-Nov-2024 12:32:18 BLOCKED 51[.]68[.]197[.]220 48519 TCP 202[.]91[.]161[.]132 22
45 01-Nov-2024 12:33:24 BLOCKED 51[.]68[.]197[.]220 42914 TCP 202[.]91[.]161[.]132 22
46 01-Nov-2024 12:34:07 BLOCKED 51[.]68[.]197[.]220 11296 TCP 202[.]91[.]161[.]185 22
47 01-Nov-2024 12:36:43 BLOCKED 51[.]68[.]197[.]220 6522 TCP 202[.]91[.]161[.]132 22
48 01-Nov-2024 12:37:55 BLOCKED 51[.]68[.]197[.]220 57962 TCP 202[.]91[.]161[.]185 22
49 01-Nov-2024 12:37:56 BLOCKED 51[.]68[.]197[.]220 53189 TCP 202[.]91[.]161[.]132 22
50 01-Nov-2024 12:39:29 BLOCKED 51[.]68[.]197[.]220 7411 TCP 192[.]168[.]200[.]216 22
51 01-Nov-2024 12:41:51 BLOCKED 51[.]68[.]197[.]220 27413 TCP 192[.]168[.]200[.]216 22
52 01-Nov-2024 12:44:00 BLOCKED 51[.]68[.]197[.]220 355 TCP 202[.]91[.]161[.]181 22
53 01-Nov-2024 12:50:35 BLOCKED 51[.]68[.]197[.]220 28953 TCP 202[.]91[.]161[.]185 22
54 01-Nov-2024 12:50:53 BLOCKED 51[.]68[.]197[.]220 46927 TCP 192[.]168[.]200[.]216 22
55 01-Nov-2024 12:52:00 BLOCKED 51[.]68[.]197[.]220 45122 TCP 202[.]91[.]161[.]185 22
56 01-Nov-2024 12:55:04 BLOCKED 51[.]68[.]197[.]220 4184 TCP 202[.]91[.]161[.]181 22
57 01-Nov-2024 12:55:15 BLOCKED 51[.]68[.]197[.]220 33245 TCP 202[.]91[.]161[.]185 22
58 01-Nov-2024 12:57:38 BLOCKED 51[.]68[.]197[.]220 50897 TCP 192[.]168[.]200[.]216 22
59 01-Nov-2024 12:58:58 BLOCKED 51[.]68[.]197[.]220 35903 TCP 202[.]91[.]161[.]132 22
60 01-Nov-2024 12:59:35 BLOCKED 51[.]68[.]197[.]220 16158 TCP 192[.]168[.]200[.]216 22
61 01-Nov-2024 13:01:40 BLOCKED 51[.]68[.]197[.]220 18404 TCP 202[.]91[.]161[.]181 22
62 01-Nov-2024 13:04:12 BLOCKED 51[.]68[.]197[.]220 32885 TCP 202[.]91[.]161[.]181 22
63 01-Nov-2024 13:05:50 BLOCKED 51[.]68[.]197[.]220 6316 TCP 202[.]91[.]161[.]132 22

We believe that by working together to resolve this matter swiftly, we can help safeguard the integrity of our networks and prevent any further issues. If you require any additional information or support from our end to facilitate your investigation, please don't hesitate to reach out.
Your prompt attention to this matter would be greatly appreciated. We value your expertise and cooperation in resolving this situation effectively. Thank you for your time and consideration.
For any corrections/updates, kindly email email-removed@provider[.]com</pre></body></html>

– end of the technical details –

Your should investigate and fix this problem, as it constitutes a violation to our terms of service.

Please answer to this e-mail indicating which measures you’ve taken to stop the abusive behaviour.

Cordially,

The OVHcloud Trust & Safety team.
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


tor-relays mailing list
tor-relays@lists.torproject.org
Info | tor-relays@lists.torproject.org - torproject.org

Also, please consider using a provider that is not overcrowded with Tor nodes already like OVH.

I can recommend Wedos.cz, they offer KVM VM’s with truly unlimited bandwidth (100MbE) for around 7€ a month, (DDoS protection up to 10GbE included), and are not any of the “14 eyes” countries since they are based in Czechia.

https://wedos.cz/en/

Exits should use a restricted exit config, or only allow 80, 443 and 853 altogether, Guards and Bridges are no problem at all.

All the best,
-GH

···

On Tuesday, November 5th, 2024 at 8:28 AM, George Hartley via tor-relays tor-relays@lists.torproject.org wrote:

LOL - “for good measure”.

Yes, responding to automatic fail2ban e-mails is “for good measure” and very intelligent.

Sorry, got no words regarding this except I hope your provider gets their shit together and that these attacks stop.

All the best,
-GH

On Monday, November 4th, 2024 at 1:52 PM, Richard Menedetter via tor-relays tor-relays@lists.torproject.org wrote:

Hi

I just receive a very similar abuse message.

I answered my server hosters abuse people, i guess that should be that. (hopefully)

We have received an abuse report concerning your product vxxxxxxxxxxxxxxx - RS 1000 G11 12M today. Additional information can be found at the end of this message.
Please inspect the reported abuse and inform us within 48 hours what the cause of the report is. If you do not reply or if further abuse reports should arrive, we will deactivate your product, to prevent further damages.
Please note that we have to follow up with every abuse message for good measure. If the reason for the report is not understandable or if you are not the initiator, we still need a response from you.
You can find the abuse report at the end of this message.

========== Abusemeldung / Abuse report ==========
Greetings Fellow Sys Ad/s I hope this message finds you well. I’m reaching out to you today regarding a matter of potential concern involving one or more IP addresses associated with your system Our network security logs have recently detected unusual activity originating from these IP addresses. While we understand that such incidents can sometimes occur innocently, it’s crucial to investigate and address them promptly to ensure the security of all networks involved To assist you in understanding the situation, we have provided the relevant log data below, with timestamps adjusted to our GMT +8 timezone: DateTime Action AttackClass SourceIP Srcport Protocol DestinationIP DestPort

CU, Ricsi

Gesendet: Sonntag, 3. November 2024 um 05:10
Von: “Keifer Bly” keifer.bly@gmail.com
An: tor-relays@lists.torproject.org
Betreff: [tor-relays] Fwd: [Abuse #KMLTFQPGVQ] Abusive use of your service vps-3e661acc.vps.ovh.net

Just got this note, I run a middle relay on ovh. Why would this suddenly happen? Thanks. Relay is usdeserveprivacy

–Keifer

---------- Forwarded message ---------
From: <ticket+KMLTFQPGVQ.ca83@abuse.ovh.net>
Date: Sat, Nov 2, 2024, 9:07 PM
Subject: [Abuse #KMLTFQPGVQ] Abusive use of your service vps-3e661acc.vps.ovh.net
To: <keifer.bly@gmail.com>

Hello,

An abusive behaviour (Intrusion) originating from your VPS vps-3e661acc[.]vps[.]ovh[.]net has been reported to or noticed by our Abuse Team.

Technical details showing the aforementioned problem follow :

– start of the technical details –

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii"></head>
<body><pre>
Greetings Fellow Sys Ad/s

I hope this message finds you well. I'm reaching out to you today regarding a matter of potential concern involving one or more IP addresses associated with your system
Our network security logs have recently detected unusual activity originating from these IP addresses. While we understand that such incidents can sometimes occur innocently, it's crucial to investigate and address them promptly to ensure the security of all networks involved

To assist you in understanding the situation, we have provided the relevant log data below, with timestamps adjusted to our GMT &#43;8 timezone:

DateTime Action AttackClass SourceIP Srcport Protocol DestinationIP DestPort
0 01-Nov-2024 05:07:55 DENIED 51[.]68[.]197[.]220 44959 TCP 202[.]91[.]161[.]97 22
1 01-Nov-2024 05:24:37 DENIED 51[.]68[.]197[.]220 58734 TCP 202[.]91[.]161[.]98 22
2 01-Nov-2024 08:48:23 BLOCKED 51[.]68[.]197[.]220 8551 TCP 202[.]91[.]161[.]132 22
3 01-Nov-2024 08:53:27 BLOCKED 51[.]68[.]197[.]220 2419 TCP 202[.]91[.]161[.]169 22
4 01-Nov-2024 08:58:05 BLOCKED 51[.]68[.]197[.]220 5917 TCP 192[.]168[.]200[.]216 22
5 01-Nov-2024 08:59:24 BLOCKED 51[.]68[.]197[.]220 56858 TCP 202[.]91[.]161[.]132 22
6 01-Nov-2024 09:04:23 BLOCKED 51[.]68[.]197[.]220 32161 TCP 202[.]91[.]161[.]169 22
7 01-Nov-2024 09:17:30 BLOCKED 51[.]68[.]197[.]220 33472 TCP 202[.]91[.]161[.]132 22
8 01-Nov-2024 09:18:02 BLOCKED 51[.]68[.]197[.]220 11282 TCP 202[.]91[.]161[.]132 22
9 01-Nov-2024 09:19:00 BLOCKED 51[.]68[.]197[.]220 3727 TCP 202[.]91[.]161[.]132 22
10 01-Nov-2024 09:20:31 BLOCKED 51[.]68[.]197[.]220 4388 TCP 202[.]91[.]161[.]169 22
11 01-Nov-2024 09:25:57 BLOCKED 51[.]68[.]197[.]220 6898 TCP 202[.]91[.]161[.]165 22
12 01-Nov-2024 09:32:06 BLOCKED 51[.]68[.]197[.]220 18202 TCP 202[.]91[.]161[.]132 22
13 01-Nov-2024 09:39:40 BLOCKED 51[.]68[.]197[.]220 51142 TCP 202[.]91[.]161[.]132 22
14 01-Nov-2024 09:45:32 BLOCKED 51[.]68[.]197[.]220 46914 TCP 192[.]168[.]200[.]216 22
15 01-Nov-2024 10:40:48 BLOCKED 51[.]68[.]197[.]220 60991 TCP 192[.]168[.]200[.]216 22
16 01-Nov-2024 10:42:58 BLOCKED 51[.]68[.]197[.]220 42833 TCP 202[.]91[.]161[.]132 22
17 01-Nov-2024 10:47:13 BLOCKED 51[.]68[.]197[.]220 38382 TCP 202[.]91[.]161[.]132 22
18 01-Nov-2024 10:47:23 BLOCKED 51[.]68[.]197[.]220 30596 TCP 192[.]168[.]200[.]216 22
19 01-Nov-2024 10:47:46 BLOCKED 51[.]68[.]197[.]220 56767 TCP 202[.]91[.]161[.]185 22
20 01-Nov-2024 10:52:10 BLOCKED 51[.]68[.]197[.]220 8983 TCP 202[.]91[.]161[.]132 22
21 01-Nov-2024 10:55:04 BLOCKED 51[.]68[.]197[.]220 55684 TCP 192[.]168[.]200[.]216 22
22 01-Nov-2024 10:57:43 BLOCKED 51[.]68[.]197[.]220 37003 TCP 202[.]91[.]161[.]185 22
23 01-Nov-2024 10:58:43 BLOCKED 51[.]68[.]197[.]220 10524 TCP 192[.]168[.]200[.]216 22
24 01-Nov-2024 11:01:06 BLOCKED 51[.]68[.]197[.]220 6384 TCP 202[.]91[.]161[.]132 22
25 01-Nov-2024 11:03:46 BLOCKED 51[.]68[.]197[.]220 6779 TCP 202[.]91[.]161[.]185 22
26 01-Nov-2024 11:06:05 BLOCKED 51[.]68[.]197[.]220 23062 TCP 192[.]168[.]200[.]216 22
27 01-Nov-2024 11:58:01 BLOCKED 51[.]68[.]197[.]220 33174 TCP 202[.]91[.]161[.]132 22
28 01-Nov-2024 11:58:05 BLOCKED 51[.]68[.]197[.]220 29422 TCP 202[.]91[.]161[.]132 22
29 01-Nov-2024 11:58:26 BLOCKED 51[.]68[.]197[.]220 53504 TCP 202[.]91[.]161[.]185 22
30 01-Nov-2024 12:00:03 BLOCKED 51[.]68[.]197[.]220 5898 TCP 192[.]168[.]200[.]216 22
31 01-Nov-2024 12:00:20 BLOCKED 51[.]68[.]197[.]220 38324 TCP 202[.]91[.]161[.]185 22
32 01-Nov-2024 12:00:30 BLOCKED 51[.]68[.]197[.]220 6362 TCP 202[.]91[.]161[.]132 22
33 01-Nov-2024 12:03:11 BLOCKED 51[.]68[.]197[.]220 38581 TCP 202[.]91[.]161[.]132 22
34 01-Nov-2024 12:05:37 BLOCKED 51[.]68[.]197[.]220 43932 TCP 202[.]91[.]161[.]132 22
35 01-Nov-2024 12:07:27 BLOCKED 51[.]68[.]197[.]220 5141 TCP 202[.]91[.]161[.]185 22
36 01-Nov-2024 12:08:42 BLOCKED 51[.]68[.]197[.]220 56161 TCP 202[.]91[.]161[.]132 22
37 01-Nov-2024 12:12:26 BLOCKED 51[.]68[.]197[.]220 6269 TCP 202[.]91[.]161[.]132 22
38 01-Nov-2024 12:14:33 BLOCKED 51[.]68[.]197[.]220 164 TCP 192[.]168[.]200[.]216 22
39 01-Nov-2024 12:15:48 BLOCKED 51[.]68[.]197[.]220 25787 TCP 202[.]91[.]161[.]185 22
40 01-Nov-2024 12:16:39 BLOCKED 51[.]68[.]197[.]220 9188 TCP 202[.]91[.]161[.]185 22
41 01-Nov-2024 12:16:58 BLOCKED 51[.]68[.]197[.]220 32317 TCP 202[.]91[.]161[.]132 22
42 01-Nov-2024 12:22:28 BLOCKED 51[.]68[.]197[.]220 21955 TCP 202[.]91[.]161[.]185 22
43 01-Nov-2024 12:29:50 BLOCKED 51[.]68[.]197[.]220 33563 TCP 202[.]91[.]161[.]185 22
44 01-Nov-2024 12:32:18 BLOCKED 51[.]68[.]197[.]220 48519 TCP 202[.]91[.]161[.]132 22
45 01-Nov-2024 12:33:24 BLOCKED 51[.]68[.]197[.]220 42914 TCP 202[.]91[.]161[.]132 22
46 01-Nov-2024 12:34:07 BLOCKED 51[.]68[.]197[.]220 11296 TCP 202[.]91[.]161[.]185 22
47 01-Nov-2024 12:36:43 BLOCKED 51[.]68[.]197[.]220 6522 TCP 202[.]91[.]161[.]132 22
48 01-Nov-2024 12:37:55 BLOCKED 51[.]68[.]197[.]220 57962 TCP 202[.]91[.]161[.]185 22
49 01-Nov-2024 12:37:56 BLOCKED 51[.]68[.]197[.]220 53189 TCP 202[.]91[.]161[.]132 22
50 01-Nov-2024 12:39:29 BLOCKED 51[.]68[.]197[.]220 7411 TCP 192[.]168[.]200[.]216 22
51 01-Nov-2024 12:41:51 BLOCKED 51[.]68[.]197[.]220 27413 TCP 192[.]168[.]200[.]216 22
52 01-Nov-2024 12:44:00 BLOCKED 51[.]68[.]197[.]220 355 TCP 202[.]91[.]161[.]181 22
53 01-Nov-2024 12:50:35 BLOCKED 51[.]68[.]197[.]220 28953 TCP 202[.]91[.]161[.]185 22
54 01-Nov-2024 12:50:53 BLOCKED 51[.]68[.]197[.]220 46927 TCP 192[.]168[.]200[.]216 22
55 01-Nov-2024 12:52:00 BLOCKED 51[.]68[.]197[.]220 45122 TCP 202[.]91[.]161[.]185 22
56 01-Nov-2024 12:55:04 BLOCKED 51[.]68[.]197[.]220 4184 TCP 202[.]91[.]161[.]181 22
57 01-Nov-2024 12:55:15 BLOCKED 51[.]68[.]197[.]220 33245 TCP 202[.]91[.]161[.]185 22
58 01-Nov-2024 12:57:38 BLOCKED 51[.]68[.]197[.]220 50897 TCP 192[.]168[.]200[.]216 22
59 01-Nov-2024 12:58:58 BLOCKED 51[.]68[.]197[.]220 35903 TCP 202[.]91[.]161[.]132 22
60 01-Nov-2024 12:59:35 BLOCKED 51[.]68[.]197[.]220 16158 TCP 192[.]168[.]200[.]216 22
61 01-Nov-2024 13:01:40 BLOCKED 51[.]68[.]197[.]220 18404 TCP 202[.]91[.]161[.]181 22
62 01-Nov-2024 13:04:12 BLOCKED 51[.]68[.]197[.]220 32885 TCP 202[.]91[.]161[.]181 22
63 01-Nov-2024 13:05:50 BLOCKED 51[.]68[.]197[.]220 6316 TCP 202[.]91[.]161[.]132 22

We believe that by working together to resolve this matter swiftly, we can help safeguard the integrity of our networks and prevent any further issues. If you require any additional information or support from our end to facilitate your investigation, please don't hesitate to reach out.
Your prompt attention to this matter would be greatly appreciated. We value your expertise and cooperation in resolving this situation effectively. Thank you for your time and consideration.
For any corrections/updates, kindly email email-removed@provider[.]com</pre></body></html>

– end of the technical details –

Your should investigate and fix this problem, as it constitutes a violation to our terms of service.

Please answer to this e-mail indicating which measures you’ve taken to stop the abusive behaviour.

Cordially,

The OVHcloud Trust & Safety team.
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


tor-relays mailing list
tor-relays@lists.torproject.org
Info | tor-relays@lists.torproject.org - torproject.org

They block access to their web site to Tor users. This doesn't bode well
for how Tor friendly they are. Their chatbot also claims tor is not
allowed:

   "Running Tor relays on a VPS from WEDOS is generally not allowed
    due to the potential misuse of such services for attacks"

Too bad becasue the price you quotes is attractive.

···

On 2024-11-05 16:32, George Hartley via tor-relays wrote:

Also, please consider using a provider that is not overcrowded with
Tor nodes already like OVH.

I can recommend Wedos.cz ... WEDOS | WEDOS.com

_______________________________________________
tor-relays mailing list -- tor-relays@lists.torproject.org
To unsubscribe send an email to tor-relays-leave@lists.torproject.org

Ok. But is it something to worry about?

–Keifer

···

On Tue, Nov 5, 2024, 6:52 AM George Hartley via tor-relays <tor-relays@lists.torproject.org> wrote:

LOL - “for good measure”.

Yes, responding to automatic fail2ban e-mails is “for good measure” and very intelligent.

Sorry, got no words regarding this except I hope your provider gets their shit together and that these attacks stop.

All the best,
-GH

On Monday, November 4th, 2024 at 1:52 PM, Richard Menedetter via tor-relays <tor-relays@lists.torproject.org> wrote:

Hi

I just receive a very similar abuse message.

I answered my server hosters abuse people, i guess that should be that. (hopefully)

We have received an abuse report concerning your product vxxxxxxxxxxxxxxx - RS 1000 G11 12M today. Additional information can be found at the end of this message.
Please inspect the reported abuse and inform us within 48 hours what the cause of the report is. If you do not reply or if further abuse reports should arrive, we will deactivate your product, to prevent further damages.
Please note that we have to follow up with every abuse message for good measure. If the reason for the report is not understandable or if you are not the initiator, we still need a response from you.
You can find the abuse report at the end of this message.

========== Abusemeldung / Abuse report ==========
Greetings Fellow Sys Ad/s I hope this message finds you well. I’m reaching out to you today regarding a matter of potential concern involving one or more IP addresses associated with your system Our network security logs have recently detected unusual activity originating from these IP addresses. While we understand that such incidents can sometimes occur innocently, it’s crucial to investigate and address them promptly to ensure the security of all networks involved To assist you in understanding the situation, we have provided the relevant log data below, with timestamps adjusted to our GMT +8 timezone: DateTime Action AttackClass SourceIP Srcport Protocol DestinationIP DestPort

CU, Ricsi

Gesendet: Sonntag, 3. November 2024 um 05:10
Von: “Keifer Bly” <keifer.bly@gmail.com>
An: tor-relays@lists.torproject.org
Betreff: [tor-relays] Fwd: [Abuse #KMLTFQPGVQ] Abusive use of your service vps-3e661acc.vps.ovh.net

Just got this note, I run a middle relay on ovh. Why would this suddenly happen? Thanks. Relay is usdeserveprivacy

–Keifer

---------- Forwarded message ---------
From: <ticket+KMLTFQPGVQ.ca83@abuse.ovh.net>
Date: Sat, Nov 2, 2024, 9:07 PM
Subject: [Abuse #KMLTFQPGVQ] Abusive use of your service vps-3e661acc.vps.ovh.net
To: <keifer.bly@gmail.com>

Hello,

An abusive behaviour (Intrusion) originating from your VPS vps-3e661acc[.]vps[.]ovh[.]net has been reported to or noticed by our Abuse Team.

Technical details showing the aforementioned problem follow :

– start of the technical details –

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii"></head>
<body><pre>
Greetings Fellow Sys Ad/s

I hope this message finds you well. I'm reaching out to you today regarding a matter of potential concern involving one or more IP addresses associated with your system
Our network security logs have recently detected unusual activity originating from these IP addresses. While we understand that such incidents can sometimes occur innocently, it's crucial to investigate and address them promptly to ensure the security of all networks involved

To assist you in understanding the situation, we have provided the relevant log data below, with timestamps adjusted to our GMT &#43;8 timezone:

DateTime Action AttackClass SourceIP Srcport Protocol DestinationIP DestPort
0 01-Nov-2024 05:07:55 DENIED 51[.]68[.]197[.]220 44959 TCP 202[.]91[.]161[.]97 22
1 01-Nov-2024 05:24:37 DENIED 51[.]68[.]197[.]220 58734 TCP 202[.]91[.]161[.]98 22
2 01-Nov-2024 08:48:23 BLOCKED 51[.]68[.]197[.]220 8551 TCP 202[.]91[.]161[.]132 22
3 01-Nov-2024 08:53:27 BLOCKED 51[.]68[.]197[.]220 2419 TCP 202[.]91[.]161[.]169 22
4 01-Nov-2024 08:58:05 BLOCKED 51[.]68[.]197[.]220 5917 TCP 192[.]168[.]200[.]216 22
5 01-Nov-2024 08:59:24 BLOCKED 51[.]68[.]197[.]220 56858 TCP 202[.]91[.]161[.]132 22
6 01-Nov-2024 09:04:23 BLOCKED 51[.]68[.]197[.]220 32161 TCP 202[.]91[.]161[.]169 22
7 01-Nov-2024 09:17:30 BLOCKED 51[.]68[.]197[.]220 33472 TCP 202[.]91[.]161[.]132 22
8 01-Nov-2024 09:18:02 BLOCKED 51[.]68[.]197[.]220 11282 TCP 202[.]91[.]161[.]132 22
9 01-Nov-2024 09:19:00 BLOCKED 51[.]68[.]197[.]220 3727 TCP 202[.]91[.]161[.]132 22
10 01-Nov-2024 09:20:31 BLOCKED 51[.]68[.]197[.]220 4388 TCP 202[.]91[.]161[.]169 22
11 01-Nov-2024 09:25:57 BLOCKED 51[.]68[.]197[.]220 6898 TCP 202[.]91[.]161[.]165 22
12 01-Nov-2024 09:32:06 BLOCKED 51[.]68[.]197[.]220 18202 TCP 202[.]91[.]161[.]132 22
13 01-Nov-2024 09:39:40 BLOCKED 51[.]68[.]197[.]220 51142 TCP 202[.]91[.]161[.]132 22
14 01-Nov-2024 09:45:32 BLOCKED 51[.]68[.]197[.]220 46914 TCP 192[.]168[.]200[.]216 22
15 01-Nov-2024 10:40:48 BLOCKED 51[.]68[.]197[.]220 60991 TCP 192[.]168[.]200[.]216 22
16 01-Nov-2024 10:42:58 BLOCKED 51[.]68[.]197[.]220 42833 TCP 202[.]91[.]161[.]132 22
17 01-Nov-2024 10:47:13 BLOCKED 51[.]68[.]197[.]220 38382 TCP 202[.]91[.]161[.]132 22
18 01-Nov-2024 10:47:23 BLOCKED 51[.]68[.]197[.]220 30596 TCP 192[.]168[.]200[.]216 22
19 01-Nov-2024 10:47:46 BLOCKED 51[.]68[.]197[.]220 56767 TCP 202[.]91[.]161[.]185 22
20 01-Nov-2024 10:52:10 BLOCKED 51[.]68[.]197[.]220 8983 TCP 202[.]91[.]161[.]132 22
21 01-Nov-2024 10:55:04 BLOCKED 51[.]68[.]197[.]220 55684 TCP 192[.]168[.]200[.]216 22
22 01-Nov-2024 10:57:43 BLOCKED 51[.]68[.]197[.]220 37003 TCP 202[.]91[.]161[.]185 22
23 01-Nov-2024 10:58:43 BLOCKED 51[.]68[.]197[.]220 10524 TCP 192[.]168[.]200[.]216 22
24 01-Nov-2024 11:01:06 BLOCKED 51[.]68[.]197[.]220 6384 TCP 202[.]91[.]161[.]132 22
25 01-Nov-2024 11:03:46 BLOCKED 51[.]68[.]197[.]220 6779 TCP 202[.]91[.]161[.]185 22
26 01-Nov-2024 11:06:05 BLOCKED 51[.]68[.]197[.]220 23062 TCP 192[.]168[.]200[.]216 22
27 01-Nov-2024 11:58:01 BLOCKED 51[.]68[.]197[.]220 33174 TCP 202[.]91[.]161[.]132 22
28 01-Nov-2024 11:58:05 BLOCKED 51[.]68[.]197[.]220 29422 TCP 202[.]91[.]161[.]132 22
29 01-Nov-2024 11:58:26 BLOCKED 51[.]68[.]197[.]220 53504 TCP 202[.]91[.]161[.]185 22
30 01-Nov-2024 12:00:03 BLOCKED 51[.]68[.]197[.]220 5898 TCP 192[.]168[.]200[.]216 22
31 01-Nov-2024 12:00:20 BLOCKED 51[.]68[.]197[.]220 38324 TCP 202[.]91[.]161[.]185 22
32 01-Nov-2024 12:00:30 BLOCKED 51[.]68[.]197[.]220 6362 TCP 202[.]91[.]161[.]132 22
33 01-Nov-2024 12:03:11 BLOCKED 51[.]68[.]197[.]220 38581 TCP 202[.]91[.]161[.]132 22
34 01-Nov-2024 12:05:37 BLOCKED 51[.]68[.]197[.]220 43932 TCP 202[.]91[.]161[.]132 22
35 01-Nov-2024 12:07:27 BLOCKED 51[.]68[.]197[.]220 5141 TCP 202[.]91[.]161[.]185 22
36 01-Nov-2024 12:08:42 BLOCKED 51[.]68[.]197[.]220 56161 TCP 202[.]91[.]161[.]132 22
37 01-Nov-2024 12:12:26 BLOCKED 51[.]68[.]197[.]220 6269 TCP 202[.]91[.]161[.]132 22
38 01-Nov-2024 12:14:33 BLOCKED 51[.]68[.]197[.]220 164 TCP 192[.]168[.]200[.]216 22
39 01-Nov-2024 12:15:48 BLOCKED 51[.]68[.]197[.]220 25787 TCP 202[.]91[.]161[.]185 22
40 01-Nov-2024 12:16:39 BLOCKED 51[.]68[.]197[.]220 9188 TCP 202[.]91[.]161[.]185 22
41 01-Nov-2024 12:16:58 BLOCKED 51[.]68[.]197[.]220 32317 TCP 202[.]91[.]161[.]132 22
42 01-Nov-2024 12:22:28 BLOCKED 51[.]68[.]197[.]220 21955 TCP 202[.]91[.]161[.]185 22
43 01-Nov-2024 12:29:50 BLOCKED 51[.]68[.]197[.]220 33563 TCP 202[.]91[.]161[.]185 22
44 01-Nov-2024 12:32:18 BLOCKED 51[.]68[.]197[.]220 48519 TCP 202[.]91[.]161[.]132 22
45 01-Nov-2024 12:33:24 BLOCKED 51[.]68[.]197[.]220 42914 TCP 202[.]91[.]161[.]132 22
46 01-Nov-2024 12:34:07 BLOCKED 51[.]68[.]197[.]220 11296 TCP 202[.]91[.]161[.]185 22
47 01-Nov-2024 12:36:43 BLOCKED 51[.]68[.]197[.]220 6522 TCP 202[.]91[.]161[.]132 22
48 01-Nov-2024 12:37:55 BLOCKED 51[.]68[.]197[.]220 57962 TCP 202[.]91[.]161[.]185 22
49 01-Nov-2024 12:37:56 BLOCKED 51[.]68[.]197[.]220 53189 TCP 202[.]91[.]161[.]132 22
50 01-Nov-2024 12:39:29 BLOCKED 51[.]68[.]197[.]220 7411 TCP 192[.]168[.]200[.]216 22
51 01-Nov-2024 12:41:51 BLOCKED 51[.]68[.]197[.]220 27413 TCP 192[.]168[.]200[.]216 22
52 01-Nov-2024 12:44:00 BLOCKED 51[.]68[.]197[.]220 355 TCP 202[.]91[.]161[.]181 22
53 01-Nov-2024 12:50:35 BLOCKED 51[.]68[.]197[.]220 28953 TCP 202[.]91[.]161[.]185 22
54 01-Nov-2024 12:50:53 BLOCKED 51[.]68[.]197[.]220 46927 TCP 192[.]168[.]200[.]216 22
55 01-Nov-2024 12:52:00 BLOCKED 51[.]68[.]197[.]220 45122 TCP 202[.]91[.]161[.]185 22
56 01-Nov-2024 12:55:04 BLOCKED 51[.]68[.]197[.]220 4184 TCP 202[.]91[.]161[.]181 22
57 01-Nov-2024 12:55:15 BLOCKED 51[.]68[.]197[.]220 33245 TCP 202[.]91[.]161[.]185 22
58 01-Nov-2024 12:57:38 BLOCKED 51[.]68[.]197[.]220 50897 TCP 192[.]168[.]200[.]216 22
59 01-Nov-2024 12:58:58 BLOCKED 51[.]68[.]197[.]220 35903 TCP 202[.]91[.]161[.]132 22
60 01-Nov-2024 12:59:35 BLOCKED 51[.]68[.]197[.]220 16158 TCP 192[.]168[.]200[.]216 22
61 01-Nov-2024 13:01:40 BLOCKED 51[.]68[.]197[.]220 18404 TCP 202[.]91[.]161[.]181 22
62 01-Nov-2024 13:04:12 BLOCKED 51[.]68[.]197[.]220 32885 TCP 202[.]91[.]161[.]181 22
63 01-Nov-2024 13:05:50 BLOCKED 51[.]68[.]197[.]220 6316 TCP 202[.]91[.]161[.]132 22

We believe that by working together to resolve this matter swiftly, we can help safeguard the integrity of our networks and prevent any further issues. If you require any additional information or support from our end to facilitate your investigation, please don't hesitate to reach out.
Your prompt attention to this matter would be greatly appreciated. We value your expertise and cooperation in resolving this situation effectively. Thank you for your time and consideration.
For any corrections/updates, kindly email email-removed@provider[.]com</pre></body></html>

– end of the technical details –

Your should investigate and fix this problem, as it constitutes a violation to our terms of service.

Please answer to this e-mail indicating which measures you’ve taken to stop the abusive behaviour.

Cordially,

The OVHcloud Trust & Safety team.
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


tor-relays mailing list – tor-relays@lists.torproject.org
To unsubscribe send an email to tor-relays-leave@lists.torproject.org