Found this...
http://www.aczoom.com/cms/faq/blockhosts#q_293 On 8/8/07, Kyle Quillen <[EMAIL PROTECTED]> wrote: > > Yes please do provide more info. > > Thanks > Q > > > -----Original Message----- > From: George Toft [mailto:[EMAIL PROTECTED] > Sent: Wednesday, August 08, 2007 8:00 PM > To: [email protected] > Subject: Re: [qmailtoaster] Unwanted Login Attempts > > Please provide more information. > > George Toft, CISSP, MSIS > 623-203-1760 > > > > > Harry Zink wrote: > > Install BlockHosts - it takes care of these kind of hack attempts really > > fast. > > > > Harry > > > > > > On Aug 7, 2007, at 6:04 PM, George Toft wrote: > > > >> If you offer POP service to the Internet, this is going to happen. > >> > >> You could add an iptables rule to block everyone, except the IP > >> address of users on your system, but if their IP address changes, you > >> get a trouble ticket from a user who can't get their mail. You will > >> spend lots of time chasing your own users. Not fun. > >> > >> Make sure your system is patched and built using the QMT scripts. The > >> firewall is very good. I run yum update weekly to keep it up to date. > >> > >> What I do when this happens is look in /var/log/maillog for the IP > >> address of the offender. Then run whois <IP ADDR> to get the ISP of > >> the offender. If it is in the US/Canada, I fire off an e-mail with > >> the logs (/var/log/maillog) to the abuse address and I use the key > >> words "brute force attack on our mail server" and "please address this > >> AUP violation with your subscriber." If the attack is from China, I > >> don't even waste my time. > >> > >> When I was at a web hosting company, we took these complaints > >> seriously. Maybe it works, maybe not. I've never had a repeat attack. > >> > >> I did have a BF attack from Argentina that went on for hours. I > >> e-mailed the ISP and it stopped about 15 minutes later. > >> > >> George Toft, CISSP, MSIS > >> 623-203-1760 > >> > >> > >> > >> > >> Francisco Paco Peralta wrote: > >> > >>> Hello list, > >>> I am looking for a way to minimize the rogue attempts to login to my > >>> system. Any suggestions are welcome. > >>> I get a logwatch report every morning and have been getting the > >>> results. While it doesn't happen every day I would like to minimize > >>> my exposure. See Below: > >>> --------------------- vpopmail Begin ------------------------ > >>> No Such User Found: > >>> *@ - 1 Time(s) > >>> 0246@ - 1 Time(s) > >>> 12345678@ - 1 Time(s) > >>> 123456@ - 1 Time(s) > >>> 1234@ - 1 Time(s) > >>> 123@ - 1 Time(s) > >>> 123abc@ - 1 Time(s) > >>> 1q2w3e@ - 1 Time(s) > >>> a1b2c3@ - 1 Time(s) > >>> abc123@ - 1 Time(s) > >>> amanda@ - 1 Time(s) > >>> andrew@ - 1 Time(s) > >>> apple@ - 1 Time(s) > >>> asshole@ - 1 Time(s) > >>> bandit@ - 1 Time(s) > >>> baseball@ - 1 Time(s) > >>> beavis@ - 1 Time(s) > >>> buster@ - 1 Time(s) > >>> chris@ - 1 Time(s) > >>> computer@ - 1 Time(s) > >>> cowboys@ - 1 Time(s) > >>> dakota@ - 1 Time(s) > >>> dallas@ - 1 Time(s) > >>> daniel@ - 1 Time(s) > >>> david@ - 1 Time(s) > >>> diamond@ - 1 Time(s) > >>> dragon@ - 1 Time(s) > >>> falcon@ - 1 Time(s) > >>> fiction@ - 1 Time(s) > >>> foobar@ - 1 Time(s) > >>> fred@ - 1 Time(s) > >>> friends@ - 1 Time(s) > >>> george@ - 1 Time(s) > >>> harley@ - 1 Time(s) > >>> hatton@ - 1 Time(s) > >>> hello@ - 1 Time(s) > >>> hockey@ - 1 Time(s) > >>> internet@ - 2 Time(s) > >>> jennifer@ - 1 Time(s) > >>> jessica@ - 1 Time(s) > >>> jordan@ - 2 Time(s) > >>> joshua@ - 1 Time(s) > >>> justin@ - 1 Time(s) > >>> maddock@ - 1 Time(s) > >>> maggie@ - 1 Time(s) > >>> michael@ - 1 Time(s) > >>> michelle@ - 1 Time(s) > >>> mickey@ - 2 Time(s) > >>> mike@ - 1 Time(s) > >>> monday@ - 1 Time(s) > >>> money@ - 1 Time(s) > >>> monkey@ - 1 Time(s) > >>> mustang@ - 1 Time(s) > >>> newpass@ - 1 Time(s) > >>> newuser@ - 1 Time(s) > >>> nicole@ - 1 Time(s) > >>> notused@ - 1 Time(s) > >>> orange@ - 1 Time(s) > >>> pascal@ - 1 Time(s) > >>> passwd@ - 1 Time(s) > >>> password@ - 1 Time(s) > >>> patrick@ - 1 Time(s) > >>> pepper@ - 1 Time(s) > >>> purple@ - 1 Time(s) > >>> qwerty@ - 2 Time(s) > >>> richard@ - 1 Time(s) > >>> robert@ - 1 Time(s) > >>> school@ - 1 Time(s) > >>> sendit@ - 1 Time(s) > >>> shadow@ - 1 Time(s) > >>> silver@ - 1 Time(s) > >>> smokey@ - 1 Time(s) > >>> snoopy@ - 1 Time(s) > >>> soccer@ - 1 Time(s) > >>> sports@ - 1 Time(s) > >>> stupid@ - 1 Time(s) > >>> summer@ - 2 Time(s) > >>> sunshine@ - 1 Time(s) > >>> test@ - 1 Time(s) > >>> thomas@ - 1 Time(s) > >>> undead@ - 1 Time(s) > >>> vikings@ - 1 Time(s) > >>> wheeling@ - 1 Time(s) > >>> **Unmatched Entries** > >>> vchkpw-smtp: invalid user/domain characters "null":xxx.xxx.xxx.xxx > >>> vchkpw-smtp: invalid user/domain characters [EMAIL > >>> PROTECTED]:xxx.xxx.xxx.xxx > >>> ---------------------- vpopmail End ------------------------- > >>> Francisco "Paco" Peralta > >> > >> > >> --------------------------------------------------------------------- > >> QmailToaster hosted by: VR Hosted <http://www.vr.org> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: [EMAIL PROTECTED] > >> <mailto:[EMAIL PROTECTED]> > >> For additional commands, e-mail: > >> [EMAIL PROTECTED] > >> <mailto:[EMAIL PROTECTED]> > >> > > > > --- > > */Andrew Young/* > > /"Remember your biggest obstacle to success is the absence of > > execution."// / > > > > > > --------------------------------------------------------------------- > QmailToaster hosted by: VR Hosted <http://www.vr.org> > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > --------------------------------------------------------------------- > QmailToaster hosted by: VR Hosted <http://www.vr.org> > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
