Hi ASSP-User list,
After checking my Maillogs today I had an Idea to catch them without blowing up
the triplet list. But sorry, it is to difficult for me to explain it in english
- even in german it is hard enough - sorry non-german List-members - probably
someone will translate it.
Z. Zt. scheinen die Spammer auszutesten wieviele Triplets mein Server speichern
kann - schaut mal bitte auf die Frequenz mit der die einhämmern. Da ist mir
eingefallen, das man das natürlich auch gegen sie verwenden kann. So eine Kombi
aus Tripletlist und Penaltybox auf Adressenbasis.
Die Idee ist in etwa so: ein neues Triplet wird verglichen mit den vorhandenen,
ob die Absender-Adresse schon vorgekommen ist, wird eine gefunden, dann wird
das in einer neuen Liste gespeichert, mit einem conter, der zählt von wieviel
IP-Adressen das gekommen ist (und diese Speichert?).
Wird dann eine bestimmte anzahl (variable) überschritten, dann ist das
verwenden der Absenderadresse ein killerkriterium für eine (variable)
Zeitspanne.
Die Absender IPs ab da kommen direkt in die Penaltybox mit einem hohen score -
oder besser gleich in die extreme-Black (die ich auch für die
denySMTPConnectionsFrom verwende) - denn es können ja nur willige drohnen von
BOT-Netzen sein.
Unten hab ich einen Auszugs meines Logs von heute dran - und die Listen sind
gekürzt!! Es sieht noch viel übler aus - und ist grenzwertig nah an einer
DDOS-Attacke, normalerweise ist mein Logfile so 5 MB/Tag - jetzt schon 8.
-> Neue Übermittlung - die ursprüngliche Nachricht war zu Lang - ich hab das
Protokoll gekürzt (2 x) - als Beispiel reicht das
so wie im Beispiel geht das bei mir heut den ganzen Tag.
_____
Oct-18-07 14:07:51 id-9271c9869 91.6.14.168 <[EMAIL PROTECTED]> is disconnected
Oct-18-07 14:07:55 id-9274c1639 213.39.183.252 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:07:55 id-9275c7218 80.85.54.241 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:07:58 id-9277c1974 85.27.101.249 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:08:00 id-9280c1677 81.25.228.252 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:08:01 id-9280c17067 88.245.33.118 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:08:03 id-9283c11177 82.18.195.183 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:08:08 id-9287c2390 88.24.125.57 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:08:08 id-9288c1128 86.101.27.71 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:08:12 id-9291c1000 88.226.69.87 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:08:24 id-9304c16554 91.55.89.250 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:08:25 id-9304c5391 85.103.253.189 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:08:27 id-9307c6871 88.238.138.125 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:08:30 id-9308c8397 189.48.41.29 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:08:31 id-9311c17581 89.58.159.230 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:08:32 id-9311c5262 83.4.255.65 <[EMAIL PROTECTED]> is disconnected
Oct-18-07 14:08:32 id-9311c2427 88.236.119.243 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:08:39 id-9319c3080 83.186.138.231 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:08:43 id-9322c2880 82.79.40.5 <[EMAIL PROTECTED]> is disconnected
Oct-18-07 14:08:51 id-9331c5643 91.6.55.112 <[EMAIL PROTECTED]> is disconnected
Oct-18-07 14:08:51 id-9331c11351 80.15.177.9 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:08:52 id-9332c7542 83.208.171.74 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:08:54 id-9334c10472 88.230.175.53 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:08:54 id-9334c7041 79.120.19.28 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:08:59 id-9338c3888 201.19.112.129 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:09:02 id-9342c6039 78.113.3.197 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:09:03 id-9343c282 81.36.10.203 <[EMAIL PROTECTED]> is disconnected
Oct-18-07 14:09:04 id-9344c5257 88.139.174.143 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:09:04 id-9344c11535 78.56.83.175 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:09:05 id-9345c3070 88.209.196.108 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:09:07 id-9347c2164 122.27.77.31 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:09:09 id-9349c7295 80.99.13.116 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:09:09 id-9349c15392 219.121.243.253 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:09:11 id-9350c7614 84.229.109.69 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:09:13 id-9353c11430 82.159.54.10 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:09:14 id-9353c15075 81.1.87.107 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:09:14 id-9353c6397 62.59.173.117 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:09:16 id-9356c14996 87.100.53.30 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:09:18 id-9358c11509 88.136.5.215 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:09:19 id-9359c4620 88.226.3.126 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:09:20 id-9360c8619 90.193.195.122 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:09:20 id-9360c10444 212.58.117.29 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:09:20 id-9360c10949 85.75.151.19 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:09:22 id-9362c1116 71.172.200.127 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:09:23 id-9362c3852 222.232.134.88 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:09:25 id-9364c13078 91.144.129.120 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:09:26 id-9366c5542 77.183.89.34 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:09:26 id-9366c8505 89.2.67.220 <[EMAIL PROTECTED]> is disconnected
Oct-18-07 14:09:27 id-9367c6784 213.96.118.223 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:09:29 id-9368c6044 83.53.202.83 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:09:31 id-9371c17541 88.242.31.157 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:09:31 id-9371c4885 81.201.70.81 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:09:40 id-9379c2050 62.34.247.81 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:09:42 id-9381c9953 88.245.128.211 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:09:43 id-9383c1569 75.137.108.135 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:09:43 id-9383c16982 86.124.235.45 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:09:44 id-9383c13501 82.79.52.249 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:09:44 id-9384c16184 80.138.57.245 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:09:45 id-9385c10344 213.16.241.76 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:09:46 id-9385c6900 125.200.204.249 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:09:47 id-9386c13896 189.16.236.1 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:09:56 id-9396c8500 86.196.33.132 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:10:01 id-9398c5004 210.1.85.132 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:10:01 id-9398c723 82.61.190.208 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:10:01 id-9401c13023 79.182.15.120 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:10:02 id-9401c10265 85.10.62.73 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:10:03 id-9401c15140 117.5.77.16 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:10:08 id-9407c4035 86.105.65.178 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:10:10 id-9409c3739 221.146.200.17 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:10:13 id-9413c14004 88.231.102.54 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:10:15 id-9415c1782 89.110.62.58 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:10:16 id-9415c10732 200.217.232.2 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:10:20 id-9419c9761 88.227.104.64 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:10:20 id-9420c13448 89.179.162.85 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:10:21 id-9421c4850 80.24.238.87 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:10:25 id-9424c3735 122.125.134.41 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:10:26 id-9426c1977 189.13.22.52 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:10:27 id-9426c11246 78.163.105.138 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:10:29 id-9427c12944 82.167.28.152 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:10:32 id-9431c15421 85.237.185.139 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:10:32 id-9431c13374 219.121.243.253 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:10:34 id-9433c13842 91.91.225.141 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:10:36 id-9435c10022 218.165.73.90 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:10:40 id-9440c12946 222.225.144.140 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:10:42 id-9441c15523 219.104.83.31 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:10:42 id-9441c6759 201.9.25.29 <[EMAIL PROTECTED]> is disconnected
Oct-18-07 14:10:42 id-9442c11091 88.245.138.236 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:10:42 id-9442c15193 77.39.5.156 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:10:45 id-9445c2681 78.57.124.228 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:10:45 id-9445c5175 87.17.31.226 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:10:46 id-9445c14248 83.13.134.138 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:10:46 id-9445c2062 222.120.34.227 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:10:48 id-9447c5418 88.243.10.150 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:10:48 id-9448c7368 85.160.201.108 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:10:48 id-9448c8669 88.249.86.133 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:10:50 id-9449c2622 24.232.142.188 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:10:50 id-9450c15890 88.224.184.114 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:10:51 id-9451c774 201.0.27.17 <[EMAIL PROTECTED]> is disconnected
Oct-18-07 14:10:52 id-9451c15063 82.21.146.77 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:10:53 id-9452c9019 85.97.103.77 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:10:53 id-9452c10690 189.12.116.41 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:10:55 id-9454c1772 121.189.160.172 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:10:55 id-9454c793 77.123.56.225 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:10:55 id-9455c7167 88.255.61.245 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:11:01 id-9459c2487 89.20.99.82 <[EMAIL PROTECTED]> is disconnected
Oct-18-07 14:11:01 id-9461c11472 88.235.13.209 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:11:02 id-9462c7798 89.80.159.248 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:11:03 id-9463c6187 85.98.190.40 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:11:05 id-9465c12486 78.94.8.46 <[EMAIL PROTECTED]> is disconnected
Oct-18-07 14:11:06 id-9466c12053 77.248.218.216 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:11:07 id-9464c11299 83.20.107.51 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:11:08 id-9467c14022 77.41.40.240 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:11:08 id-9467c14795 213.144.122.230 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:11:08 id-9464c7567 60.49.80.44 <[EMAIL PROTECTED]> is disconnected
Oct-18-07 14:11:09 id-9468c13310 117.7.136.52 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:11:10 id-9469c1550 200.129.150.5 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:11:10 id-9470c3360 201.9.191.104 <[EMAIL PROTECTED]> is
disconnected
Oct-18-07 14:11:10 id-9470c10115 79.6.6.170 <[EMAIL PROTECTED]> is disconnected
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Assp-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-user
