So, how to block this kind of ips?
Does fail2ban work? ---- On 星期二, 18 十月 2016 17:45:01 -0700Sebastian Nielsen <sebast...@sebbe.eu> wrote ---- Looks rather like a scanning attack (finding vulnerabilities). I think they are trying to do a SSL type of attack like HEARTBLEED but your server isn't vulnerable. Looks also like they are sending HTTP requests (encapsulated in SSL/TLS) to a mail server, which seems to be a extremely stupid bot scanner. Its clear from the log, the attacker isn't even attemping to authenticate (0 attempts). The attacker hasn't propably not even realized he is connecting to a mail server.
