Please provide more information.
George Toft, CISSP, MSIS
623-203-1760
Harry Zink wrote:
Install BlockHosts - it takes care of these kind of hack attempts really
fast.
Harry
On Aug 7, 2007, at 6:04 PM, George Toft wrote:
If you offer POP service to the Internet, this is going to happen.
You could add an iptables rule to block everyone, except the IP
address of users on your system, but if their IP address changes, you
get a trouble ticket from a user who can't get their mail. You will
spend lots of time chasing your own users. Not fun.
Make sure your system is patched and built using the QMT scripts. The
firewall is very good. I run yum update weekly to keep it up to date.
What I do when this happens is look in /var/log/maillog for the IP
address of the offender. Then run whois <IP ADDR> to get the ISP of
the offender. If it is in the US/Canada, I fire off an e-mail with
the logs (/var/log/maillog) to the abuse address and I use the key
words "brute force attack on our mail server" and "please address this
AUP violation with your subscriber." If the attack is from China, I
don't even waste my time.
When I was at a web hosting company, we took these complaints
seriously. Maybe it works, maybe not. I've never had a repeat attack.
I did have a BF attack from Argentina that went on for hours. I
e-mailed the ISP and it stopped about 15 minutes later.
George Toft, CISSP, MSIS
623-203-1760
Francisco Paco Peralta wrote:
Hello list,
I am looking for a way to minimize the rogue attempts to login to my
system. Any suggestions are welcome.
I get a logwatch report every morning and have been getting the
results. While it doesn't happen every day I would like to minimize
my exposure. See Below:
--------------------- vpopmail Begin ------------------------
No Such User Found:
*@ - 1 Time(s)
0246@ - 1 Time(s)
12345678@ - 1 Time(s)
123456@ - 1 Time(s)
1234@ - 1 Time(s)
123@ - 1 Time(s)
123abc@ - 1 Time(s)
1q2w3e@ - 1 Time(s)
a1b2c3@ - 1 Time(s)
abc123@ - 1 Time(s)
amanda@ - 1 Time(s)
andrew@ - 1 Time(s)
apple@ - 1 Time(s)
asshole@ - 1 Time(s)
bandit@ - 1 Time(s)
baseball@ - 1 Time(s)
beavis@ - 1 Time(s)
buster@ - 1 Time(s)
chris@ - 1 Time(s)
computer@ - 1 Time(s)
cowboys@ - 1 Time(s)
dakota@ - 1 Time(s)
dallas@ - 1 Time(s)
daniel@ - 1 Time(s)
david@ - 1 Time(s)
diamond@ - 1 Time(s)
dragon@ - 1 Time(s)
falcon@ - 1 Time(s)
fiction@ - 1 Time(s)
foobar@ - 1 Time(s)
fred@ - 1 Time(s)
friends@ - 1 Time(s)
george@ - 1 Time(s)
harley@ - 1 Time(s)
hatton@ - 1 Time(s)
hello@ - 1 Time(s)
hockey@ - 1 Time(s)
internet@ - 2 Time(s)
jennifer@ - 1 Time(s)
jessica@ - 1 Time(s)
jordan@ - 2 Time(s)
joshua@ - 1 Time(s)
justin@ - 1 Time(s)
maddock@ - 1 Time(s)
maggie@ - 1 Time(s)
michael@ - 1 Time(s)
michelle@ - 1 Time(s)
mickey@ - 2 Time(s)
mike@ - 1 Time(s)
monday@ - 1 Time(s)
money@ - 1 Time(s)
monkey@ - 1 Time(s)
mustang@ - 1 Time(s)
newpass@ - 1 Time(s)
newuser@ - 1 Time(s)
nicole@ - 1 Time(s)
notused@ - 1 Time(s)
orange@ - 1 Time(s)
pascal@ - 1 Time(s)
passwd@ - 1 Time(s)
password@ - 1 Time(s)
patrick@ - 1 Time(s)
pepper@ - 1 Time(s)
purple@ - 1 Time(s)
qwerty@ - 2 Time(s)
richard@ - 1 Time(s)
robert@ - 1 Time(s)
school@ - 1 Time(s)
sendit@ - 1 Time(s)
shadow@ - 1 Time(s)
silver@ - 1 Time(s)
smokey@ - 1 Time(s)
snoopy@ - 1 Time(s)
soccer@ - 1 Time(s)
sports@ - 1 Time(s)
stupid@ - 1 Time(s)
summer@ - 2 Time(s)
sunshine@ - 1 Time(s)
test@ - 1 Time(s)
thomas@ - 1 Time(s)
undead@ - 1 Time(s)
vikings@ - 1 Time(s)
wheeling@ - 1 Time(s)
**Unmatched Entries**
vchkpw-smtp: invalid user/domain characters "null":xxx.xxx.xxx.xxx
vchkpw-smtp: invalid user/domain characters [EMAIL PROTECTED]:xxx.xxx.xxx.xxx
---------------------- vpopmail End -------------------------
Francisco "Paco" Peralta
---------------------------------------------------------------------
QmailToaster hosted by: VR Hosted <http://www.vr.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>
---
*/Andrew Young/*
/"Remember your biggest obstacle to success is the absence of
execution."// /
---------------------------------------------------------------------
QmailToaster hosted by: VR Hosted <http://www.vr.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
