mac> Are you sure that it is a number of hacked accounts and not a hacked
mac> machine?
mac> Are you sure your mail server has not been turned into a spambot?
I totally agree.
If they would know the passwords, they would do the job much faster
with SMTP.
So I think there is some glith in your IIS setup or in Imail, which
allows to get to the webmail wihtout authorization.

These Spammers are not so stupid to do everythink by hand, if they
could just start Outlook express to do the job.

Which country will be next to be excluded? China? Russia? US?

If you really want to do it, this should be a job for a firewall.

Matti



mac> If they know the passwords they learned them one of three ways, with a
mac> sniffer, which means something on your network is compromised, directly
mac> from the server, which means the server is compromised or if you keep a
mac> lists of passwords locally that access to the list is compromised.

mac> You need to find the hole and change all passwords, if it is really a
mac> password leak.

mac> Roger


mac> David E. Smith wrote:
>> Lately, I've had a rash of attackers from Nigeria, who have acquired 
>> (through whatever means) legitimate logins and passwords for my Imail users. 
>> They log in, send out a couple thousand emails, and log out. There are no 
>> failed logins, so even an over-zealous account lockout policy wouldn't work 
>> in this instance. 
>>
>> They only send to five or ten recipients at a time, so they avoid most of 
>> the rate-limiting features. But through the magic of cut-and-paste, they're 
>> able to get a few thousand messages an hour sent out.
>>
>> All the attackers come from IP space listed on ng.blackholes.us, and I'm 
>> willing to annoy any legitimate users of mine that might be vacationing in 
>> Lagos.
>>
>> Anyone know of a way to apply DNS blacklists to a Web site in IIS, 
>> comparable to mod_dnsbl for Apache?
>>
>> David Smith
>> MVN.net
>>
>>
>> To Unsubscribe: http://imailserver.com/support/discussion_list/
>> List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
>> Knowledge Base/FAQ: http://imailserver.com/support/kb.html
>>
>>   



mac> To Unsubscribe: http://imailserver.com/support/discussion_list/
mac> List Archive:
mac> http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
mac> Knowledge Base/FAQ: http://imailserver.com/support/kb.html



-- 
Matti Haack - Hit Haack IT Service Gmbh
Poltlbauer Weg 4, D-94036 Passau
+49 851 50477-22 Fax: +49 851 50477-29
http://www.haack-it.de



To Unsubscribe: http://imailserver.com/support/discussion_list/
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://imailserver.com/support/kb.html

Reply via email to