Google is your friend:
http://freshmeat.net/projects/blockhosts/
http://www.aczoom.com/cms/blockhosts
http://brneurosci.org/linuxsetup79.html
http://www.aczoom.com/tools/blockhosts/
I was skeptical at first, but it's doing a great job on my end.
Harry
On Aug 8, 2007, at 5:00 PM, George Toft wrote:
Please provide more information.
George Toft, CISSP, MSIS
623-203-1760
Harry Zink wrote:
Install BlockHosts - it takes care of these kind of hack attempts
really fast.
Harry
On Aug 7, 2007, at 6:04 PM, George Toft wrote:
If you offer POP service to the Internet, this is going to happen.
You could add an iptables rule to block everyone, except the IP
address of users on your system, but if their IP address changes,
you get a trouble ticket from a user who can't get their mail.
You will spend lots of time chasing your own users. Not fun.
Make sure your system is patched and built using the QMT
scripts. The firewall is very good. I run yum update weekly to
keep it up to date.
What I do when this happens is look in /var/log/maillog for the
IP address of the offender. Then run whois <IP ADDR> to get the
ISP of the offender. If it is in the US/Canada, I fire off an e-
mail with the logs (/var/log/maillog) to the abuse address and I
use the key words "brute force attack on our mail server" and
"please address this AUP violation with your subscriber." If the
attack is from China, I don't even waste my time.
When I was at a web hosting company, we took these complaints
seriously. Maybe it works, maybe not. I've never had a repeat
attack.
I did have a BF attack from Argentina that went on for hours. I
e-mailed the ISP and it stopped about 15 minutes later.
George Toft, CISSP, MSIS
623-203-1760
Francisco Paco Peralta wrote:
Hello list,
I am looking for a way to minimize the rogue attempts to login
to my system. Any suggestions are welcome.
I get a logwatch report every morning and have been getting the
results. While it doesn't happen every day I would like to
minimize my exposure. See Below:
--------------------- vpopmail Begin ------------------------
No Such User Found:
*@ - 1 Time(s)
0246@ - 1 Time(s)
12345678@ - 1 Time(s)
123456@ - 1 Time(s)
1234@ - 1 Time(s)
123@ - 1 Time(s)
123abc@ - 1 Time(s)
1q2w3e@ - 1 Time(s)
a1b2c3@ - 1 Time(s)
abc123@ - 1 Time(s)
amanda@ - 1 Time(s)
andrew@ - 1 Time(s)
apple@ - 1 Time(s)
asshole@ - 1 Time(s)
bandit@ - 1 Time(s)
baseball@ - 1 Time(s)
beavis@ - 1 Time(s)
buster@ - 1 Time(s)
chris@ - 1 Time(s)
computer@ - 1 Time(s)
cowboys@ - 1 Time(s)
dakota@ - 1 Time(s)
dallas@ - 1 Time(s)
daniel@ - 1 Time(s)
david@ - 1 Time(s)
diamond@ - 1 Time(s)
dragon@ - 1 Time(s)
falcon@ - 1 Time(s)
fiction@ - 1 Time(s)
foobar@ - 1 Time(s)
fred@ - 1 Time(s)
friends@ - 1 Time(s)
george@ - 1 Time(s)
harley@ - 1 Time(s)
hatton@ - 1 Time(s)
hello@ - 1 Time(s)
hockey@ - 1 Time(s)
internet@ - 2 Time(s)
jennifer@ - 1 Time(s)
jessica@ - 1 Time(s)
jordan@ - 2 Time(s)
joshua@ - 1 Time(s)
justin@ - 1 Time(s)
maddock@ - 1 Time(s)
maggie@ - 1 Time(s)
michael@ - 1 Time(s)
michelle@ - 1 Time(s)
mickey@ - 2 Time(s)
mike@ - 1 Time(s)
monday@ - 1 Time(s)
money@ - 1 Time(s)
monkey@ - 1 Time(s)
mustang@ - 1 Time(s)
newpass@ - 1 Time(s)
newuser@ - 1 Time(s)
nicole@ - 1 Time(s)
notused@ - 1 Time(s)
orange@ - 1 Time(s)
pascal@ - 1 Time(s)
passwd@ - 1 Time(s)
password@ - 1 Time(s)
patrick@ - 1 Time(s)
pepper@ - 1 Time(s)
purple@ - 1 Time(s)
qwerty@ - 2 Time(s)
richard@ - 1 Time(s)
robert@ - 1 Time(s)
school@ - 1 Time(s)
sendit@ - 1 Time(s)
shadow@ - 1 Time(s)
silver@ - 1 Time(s)
smokey@ - 1 Time(s)
snoopy@ - 1 Time(s)
soccer@ - 1 Time(s)
sports@ - 1 Time(s)
stupid@ - 1 Time(s)
summer@ - 2 Time(s)
sunshine@ - 1 Time(s)
test@ - 1 Time(s)
thomas@ - 1 Time(s)
undead@ - 1 Time(s)
vikings@ - 1 Time(s)
wheeling@ - 1 Time(s)
**Unmatched Entries**
vchkpw-smtp: invalid user/domain characters "null":xxx.xxx.xxx.xxx
vchkpw-smtp: invalid user/domain characters [EMAIL PROTECTED]:xxx.xxx.xxx.xxx
---------------------- vpopmail End -------------------------
Francisco "Paco" Peralta
--------------------------------------------------------------------
-
QmailToaster hosted by: VR Hosted <http://www.vr.org>
--------------------------------------------------------------------
-
To unsubscribe, e-mail: qmailtoaster-list-
[EMAIL PROTECTED] <mailto:qmailtoaster-list-
[EMAIL PROTECTED]>
For additional commands, e-mail: qmailtoaster-list-
[EMAIL PROTECTED] <mailto:qmailtoaster-list-
[EMAIL PROTECTED]>
---
*/Andrew Young/*
/"Remember your biggest obstacle to success is the absence of
execution."// /
---------------------------------------------------------------------
QmailToaster hosted by: VR Hosted <http://www.vr.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: qmailtoaster-list-
[EMAIL PROTECTED]
---
George E. Nichols
"The universal aptitude for ineptitude makes any human accomplishment
an incredible miracle."
