Don't even get us started on the AUTH Attacks ;)
Course, those (server.com) are coming from all the Content Delivery
Networks.. Thankfully, that bot net is less than 1000 IP(s) strong still.
But the AUTH attacks related to server.com look to be all compromised
servers, and based on the start of the attack, probably based out of
Bangledesh area, most of the IP(s) appear to have the Postgres port
open.. suspect that might have been the attack vector...
Most AUTH attacks aren't from Content Delivery Networks, unless they are
part of a compromise. Currently, the ubiquiti/linksys/cisco plus
compromised windows machines make the bulk of those Auth attacks.
However, traditional methods like 'fail2ban' to block those attacks
won't work too well into the future, with things like Carrier Grade Nat
(one device can poison an IP Address used by thousands).
But back to Digital Ocean, not a network I would want to operate an
email server on, if your neighbouring IP(s) are this bad ;)
On 2019-04-08 8:05 a.m., Michael Rathbun wrote:
On Mon, 8 Apr 2019 07:51:47 -0700, Michael Peddemors <[email protected]>
wrote:
This has gone on now for more than a month, and they aren't even trying
to hide..
50 more IP(s) and domains overnight..
Each of those netblock contributes several IPs conducting the
"EHLO server. com" AUTH LOGIN attacks, now in its second week. I haven't
bothered to gather competetive numbers for the AWS netblocks, but they appear
to be as prolific.
mdr
--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada
This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
_______________________________________________
mailop mailing list
[email protected]
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
