Hetzner abuse complaints on port 22

I host a family of four non-exit Tor relays on Hetzner (https://metrics.torproject.org/rs.html#details/9BA9334DA769A7C96D464F9EA38A970088B6FECB). Each one of them got an abuse report today of port 22 scanning/DoS.

Those relay servers are hardened (login via SSH keys only, firewalls are configured) and my Hetzner credentials are solid (strong pw with 2FA), I do not believe that the Hetzner user account nor the server itself is compromised (unless there is a vuln in Tor).

I host a bunch of other servers in Hetzner as well and only those which are running tor-relays are getting these abuse complaints, so it's 100% related to running Tor relay.

Here is an example from the abuse report:

DateTime Action AttackClass SourceIP Srcport Protocol DestinationIP DestPort 0 28-Oct-2024 19:37:57 DENIED 65.21.54.19 10234 TCP 202.91.162.193 22 1 28-Oct-2024 19:39:44 DENIED 65.21.54.19 61753 TCP 202.91.162.102 22 2 28-Oct-2024 19:40:34 BLOCKED attempted-recon 65.21.54.19 0 202.91.162.47 22 3 28-Oct-2024 19:41:56 BLOCKED attempted-recon 65.21.54.19 0 202.91.162.47 22

In every abuse complain the plaintiff is watchdogcyberdefense.com.

After reading these issues... tpo/tpa/team#41840 (closed) tpo/network-health/analysis#85 (closed)

I decided to shutdown my relays servers for now, in order to not lose my Hetzner servers/account. I'm waiting to see what needs to be done.