Hallo para postmaster,
Akhir-2x ini spammer mulai banyak melakukan password attacker.
Minta user-2x Anda ganti passwordnya jika masih menggunakan password
kombinasi dari dibawah ini
Begin forwarded message:
Date: Thu, 31 Jul 2003 13:37:22 -0600
From: Dave Warren <[EMAIL PROTECTED]>
To: "md-beta List Member" <[EMAIL PROTECTED]>
Subject: [md-beta] Strange log entry
Jonathan Merkel wrote:
> I agree this looks like a dictionary attack, first against a
> "webadmaster" account and then "admin". Yeah, MDaemon probably should
> log something. I'll add that to the wish list.
I saw a message on SPAM-L recent that covers this:
-- Begin Quote --
I've managed to capture a packet dump of them attempting to abuse a
couple of other customers. Since all the abuse involved the same
username/password, I was expecting to see a single attempt to use
admin/admin repeated across many IPs. Instead, each attack attempts 276
username/password combinations.
Here are the usernames they are trying:
webmaster, admin, root, test, master, web, www, administrator, backup,
server, data, abc
each with the following passwords:
${username}, ${username}12, ${username}123, 1, 111, 123, 1234, 12345,
123456, 1234567, 12345678, 654321, 54321, 00000000, 88888888, admin,
root, pass, passwd, password, super, [EMAIL PROTECTED]&*
as well as with a blank password.
The scans come from IPs spread out across the whole of 218.70.128.0/19.
Some of the abuse comes from 211.158.88.0/21 (SBL7496) instead
-- End Quote --
--
Dave Warren, [EMAIL PROTECTED]
Alt-N Technologies
Helping The World Communicate!
http://www.altn.com
--
syafril
-------
Syafril Hermansyah<[EMAIL PROTECTED]>
--
--[MDaemon-L]------------------------------------------------
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.
Mohon tidak posting dalam format HTML!
Arsip : <http://mdaemon-l.dutaint.com>
Moderator : <mailto:[EMAIL PROTECTED]>
Henti Langgan : <mailto:[EMAIL PROTECTED]>
Berlangganan : <mailto:[EMAIL PROTECTED]>
Versi Terakhir : MD 6.8.4, LD 2.1.0, WA 2.0.5, MDAV 2.2.1, MDGW 1.0.4
