Install BlockHosts - it takes care of these kind of hack attempts
really fast.
Harry
On Aug 7, 2007, at 6:04 PM, George Toft wrote:
If you offer POP service to the Internet, this is going to happen.
You could add an iptables rule to block everyone, except the IP
address of users on your system, but if their IP address changes,
you get a trouble ticket from a user who can't get their mail. You
will spend lots of time chasing your own users. Not fun.
Make sure your system is patched and built using the QMT scripts.
The firewall is very good. I run yum update weekly to keep it up
to date.
What I do when this happens is look in /var/log/maillog for the IP
address of the offender. Then run whois <IP ADDR> to get the ISP
of the offender. If it is in the US/Canada, I fire off an e-mail
with the logs (/var/log/maillog) to the abuse address and I use the
key words "brute force attack on our mail server" and "please
address this AUP violation with your subscriber." If the attack is
from China, I don't even waste my time.
When I was at a web hosting company, we took these complaints
seriously. Maybe it works, maybe not. I've never had a repeat
attack.
I did have a BF attack from Argentina that went on for hours. I e-
mailed the ISP and it stopped about 15 minutes later.
George Toft, CISSP, MSIS
623-203-1760
Francisco Paco Peralta wrote:
Hello list,
I am looking for a way to minimize the rogue attempts to login to
my system. Any suggestions are welcome.
I get a logwatch report every morning and have been getting the
results. While it doesn't happen every day I would like to
minimize my exposure. See Below:
--------------------- vpopmail Begin ------------------------
No Such User Found:
*@ - 1 Time(s)
0246@ - 1 Time(s)
12345678@ - 1 Time(s)
123456@ - 1 Time(s)
1234@ - 1 Time(s)
123@ - 1 Time(s)
123abc@ - 1 Time(s)
1q2w3e@ - 1 Time(s)
a1b2c3@ - 1 Time(s)
abc123@ - 1 Time(s)
amanda@ - 1 Time(s)
andrew@ - 1 Time(s)
apple@ - 1 Time(s)
asshole@ - 1 Time(s)
bandit@ - 1 Time(s)
baseball@ - 1 Time(s)
beavis@ - 1 Time(s)
buster@ - 1 Time(s)
chris@ - 1 Time(s)
computer@ - 1 Time(s)
cowboys@ - 1 Time(s)
dakota@ - 1 Time(s)
dallas@ - 1 Time(s)
daniel@ - 1 Time(s)
david@ - 1 Time(s)
diamond@ - 1 Time(s)
dragon@ - 1 Time(s)
falcon@ - 1 Time(s)
fiction@ - 1 Time(s)
foobar@ - 1 Time(s)
fred@ - 1 Time(s)
friends@ - 1 Time(s)
george@ - 1 Time(s)
harley@ - 1 Time(s)
hatton@ - 1 Time(s)
hello@ - 1 Time(s)
hockey@ - 1 Time(s)
internet@ - 2 Time(s)
jennifer@ - 1 Time(s)
jessica@ - 1 Time(s)
jordan@ - 2 Time(s)
joshua@ - 1 Time(s)
justin@ - 1 Time(s)
maddock@ - 1 Time(s)
maggie@ - 1 Time(s)
michael@ - 1 Time(s)
michelle@ - 1 Time(s)
mickey@ - 2 Time(s)
mike@ - 1 Time(s)
monday@ - 1 Time(s)
money@ - 1 Time(s)
monkey@ - 1 Time(s)
mustang@ - 1 Time(s)
newpass@ - 1 Time(s)
newuser@ - 1 Time(s)
nicole@ - 1 Time(s)
notused@ - 1 Time(s)
orange@ - 1 Time(s)
pascal@ - 1 Time(s)
passwd@ - 1 Time(s)
password@ - 1 Time(s)
patrick@ - 1 Time(s)
pepper@ - 1 Time(s)
purple@ - 1 Time(s)
qwerty@ - 2 Time(s)
richard@ - 1 Time(s)
robert@ - 1 Time(s)
school@ - 1 Time(s)
sendit@ - 1 Time(s)
shadow@ - 1 Time(s)
silver@ - 1 Time(s)
smokey@ - 1 Time(s)
snoopy@ - 1 Time(s)
soccer@ - 1 Time(s)
sports@ - 1 Time(s)
stupid@ - 1 Time(s)
summer@ - 2 Time(s)
sunshine@ - 1 Time(s)
test@ - 1 Time(s)
thomas@ - 1 Time(s)
undead@ - 1 Time(s)
vikings@ - 1 Time(s)
wheeling@ - 1 Time(s)
**Unmatched Entries**
vchkpw-smtp: invalid user/domain characters "null":xxx.xxx.xxx.xxx
vchkpw-smtp: invalid user/domain characters [EMAIL PROTECTED]:xxx.xxx.xxx.xxx
---------------------- vpopmail End -------------------------
Francisco "Paco" Peralta
---------------------------------------------------------------------
QmailToaster hosted by: VR Hosted <http://www.vr.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: qmailtoaster-list-
[EMAIL PROTECTED]
---
Andrew Young
"Remember your biggest obstacle to success is the absence of execution."
