Ol� pessoal,
Estou com um problema aqui esse semana que n�o sei como fa�o para
resolver.
N�s logs do meus servidor de e-mail (postfix) est� aparecendo as
mensagens abaixo, como vcs podem ver e como se um usu�rio estivesse fazendo
um ataque de for�a bruta para descobrir os usu�rio validos em meu sistema.
Como fa�o para resolver isso ? tem alguma forma de denunciar esse cara para
algum lugar ? Como pode ser obserado na 1� linha eu tenho o IP dele.
O q devemos fazer nesse caso ? Valeu pessoal
Marco Aur�lio
Jul 30 09:01:34 terra postfix/smtpd[24055]: C2F72428CC:
client=200-168-39-61.dsl.telesp.net.br[200.168.39.61]
Jul 30 09:04:26 terra postfix/local[28063]: 8CAAD428E9:
to=<[EMAIL PROTECTED]>, relay=local, delay=23, status=bounced (unknown
user: "rvwl")
Jul 30 09:04:26 terra postfix/local[28142]: 8CAAD428E9:
to=<[EMAIL PROTECTED]>, relay=local, delay=23, status=bounced (unknown
user: "rvz3")
Jul 30 09:04:26 terra postfix/local[28121]: 8CAAD428E9:
to=<[EMAIL PROTECTED]>, relay=local, delay=23, status=bounced (unknown
user: "rvxu")
Jul 30 09:04:26 terra postfix/local[28170]: 8CAAD428E9:
to=<[EMAIL PROTECTED]>, relay=local, delay=23, status=bounced (unknown
user: "rwfreak")
Jul 30 09:04:26 terra postfix/local[28126]: 8CAAD428E9:
to=<[EMAIL PROTECTED]>, relay=local, delay=23, status=bounced (unknown
user: "rweb.mg")
Jul 30 09:04:26 terra postfix/local[28081]: 8CAAD428E9:
to=<[EMAIL PROTECTED]>, relay=local, delay=23, status=bounced (unknown
user: "rwgj")
Jul 30 09:04:26 terra postfix/local[28168]: 9142C428ED:
to=<[EMAIL PROTECTED]>, relay=local, delay=22, status=bounced (unknown
user: "rweisz")
Jul 30 09:04:26 terra postfix/local[28065]: 8CAAD428E9:
to=<[EMAIL PROTECTED]>, relay=local, delay=23, status=bounced (unknown
user: "rvwf")
Jul 30 09:04:27 terra postfix/local[28163]: 9142C428ED:
to=<[EMAIL PROTECTED]>, relay=local, delay=23, status=bounced (unknown
user: "rwickert1")
Jul 30 09:04:27 terra postfix/cleanup[28022]: 1A25E428CC:
message-id=<[EMAIL PROTECTED]>
Jul 30 09:04:27 terra postfix/qmgr[7292]: 1A25E428CC: from=<>, size=23258,
nrcpt=1 (queue active)
Jul 30 09:04:27 terra postfix/local[28132]: 1A25E428CC:
to=<[EMAIL PROTECTED]>, relay=local, delay=0, status=bounced
(unknown user: "hisp_kgbv_k_d_r")
Jul 30 09:04:27 terra postfix/local[28166]: 8CAAD428E9:
to=<[EMAIL PROTECTED]>, relay=local, delay=23, status=bounced (unknown
user: "rvwo")
Jul 30 09:04:27 terra postfix/local[28124]: 8CAAD428E9:
to=<[EMAIL PROTECTED]>, relay=local, delay=23, status=bounced (unknown
user: "rvxf")
Jul 30 09:04:27 terra postfix/cleanup[27441]: 350B0428CC:
message-id=<[EMAIL PROTECTED]>
Jul 30 09:04:27 terra postfix/qmgr[7292]: 350B0428CC: from=<>, size=23296,
nrcpt=1 (queue active)
Jul 30 09:04:27 terra postfix/local[28163]: 350B0428CC:
to=<[EMAIL PROTECTED]>, relay=local, delay=0, status=bounced
(unknown user: "jjpg_zwlb_q_i_c")
Jul 30 09:04:39 terra postfix/smtpd[28019]: connect from
200-163-004-207.bsace7013.dsl.brasiltelecom.net.br[200.163.4.207]
Jul 30 09:04:39 terra postfix/smtpd[28019]: D35E6428CC:
client=200-163-004-207.bsace7013.dsl.brasiltelecom.net.br[200.163.4.207]
Jul 30 09:04:42 terra postfix/cleanup[28022]: D35E6428CC:
message-id=<[EMAIL PROTECTED]>
Jul 30 09:04:44 terra postfix/smtpd[24055]: CF02D428E0:
client=200-168-39-61.dsl.telesp.net.br[200.168.39.61]
Jul 30 09:04:44 terra postfix/smtpd[24061]: D650B428E9:
client=200-168-39-61.dsl.telesp.net.br[200.168.39.61]
Jul 30 09:04:44 terra postfix/smtpd[24052]: DADB3428ED:
client=200-168-39-61.dsl.telesp.net.br[200.168.39.61]
Jul 30 09:04:44 terra postfix/smtpd[23835]: E0112428EE:
client=200-168-39-61.dsl.telesp.net.br[200.168.39.61]
Jul 30 09:04:45 terra postfix/smtpd[24051]: EA4C0428FB:
client=200-168-39-61.dsl.telesp.net.br[200.168.39.61]
---------------------------------------------------------------------------
Esta lista � patrocinada pela Conectiva S.A. Visite http://www.conectiva.com.br
Arquivo: http://bazar2.conectiva.com.br/mailman/listinfo/linux-br
Regras de utiliza��o da lista: http://linux-br.conectiva.com.br
FAQ: http://www.zago.eti.br/menu.html
