So you have this running monitoring the vpopmail service? ACZoom indicates this can be done (in a generic fashion), but I did not see any how-to on implementing it. Can you share how you did it?
Regards, George > Google is your friend: > > http://freshmeat.net/projects/blockhosts/ > > http://www.aczoom.com/cms/blockhosts > > http://brneurosci.org/linuxsetup79.html > > http://www.aczoom.com/tools/blockhosts/ > > I was skeptical at first, but it's doing a great job on my end. > > Harry > > > On Aug 8, 2007, at 5:00 PM, George Toft wrote: > >> Please provide more information. >> >> George Toft, CISSP, MSIS >> 623-203-1760 >> >> >> >> >> Harry Zink wrote: >>> Install BlockHosts - it takes care of these kind of hack attempts >>> really fast. >>> Harry >>> On Aug 7, 2007, at 6:04 PM, George Toft wrote: >>>> If you offer POP service to the Internet, this is going to happen. >>>> >>>> You could add an iptables rule to block everyone, except the IP >>>> address of users on your system, but if their IP address changes, >>>> you get a trouble ticket from a user who can't get their mail. >>>> You will spend lots of time chasing your own users. Not fun. >>>> >>>> Make sure your system is patched and built using the QMT >>>> scripts. The firewall is very good. I run yum update weekly to >>>> keep it up to date. >>>> >>>> What I do when this happens is look in /var/log/maillog for the >>>> IP address of the offender. Then run whois <IP ADDR> to get the >>>> ISP of the offender. If it is in the US/Canada, I fire off an e- >>>> mail with the logs (/var/log/maillog) to the abuse address and I >>>> use the key words "brute force attack on our mail server" and >>>> "please address this AUP violation with your subscriber." If the >>>> attack is from China, I don't even waste my time. >>>> >>>> When I was at a web hosting company, we took these complaints >>>> seriously. Maybe it works, maybe not. I've never had a repeat >>>> attack. >>>> >>>> I did have a BF attack from Argentina that went on for hours. I >>>> e-mailed the ISP and it stopped about 15 minutes later. >>>> >>>> George Toft, CISSP, MSIS >>>> 623-203-1760 >>>> >>>> >>>> >>>> >>>> Francisco Paco Peralta wrote: >>>> >>>>> Hello list, >>>>> I am looking for a way to minimize the rogue attempts to login >>>>> to my system. Any suggestions are welcome. >>>>> I get a logwatch report every morning and have been getting the >>>>> results. While it doesn't happen every day I would like to >>>>> minimize my exposure. See Below: >>>>> --------------------- vpopmail Begin ------------------------ >>>>> No Such User Found: >>>>> *@ - 1 Time(s) >>>>> 0246@ - 1 Time(s) >>>>> 12345678@ - 1 Time(s) >>>>> 123456@ - 1 Time(s) >>>>> 1234@ - 1 Time(s) >>>>> 123@ - 1 Time(s) >>>>> 123abc@ - 1 Time(s) >>>>> 1q2w3e@ - 1 Time(s) >>>>> a1b2c3@ - 1 Time(s) >>>>> abc123@ - 1 Time(s) >>>>> amanda@ - 1 Time(s) >>>>> andrew@ - 1 Time(s) >>>>> apple@ - 1 Time(s) >>>>> asshole@ - 1 Time(s) >>>>> bandit@ - 1 Time(s) >>>>> baseball@ - 1 Time(s) >>>>> beavis@ - 1 Time(s) >>>>> buster@ - 1 Time(s) >>>>> chris@ - 1 Time(s) >>>>> computer@ - 1 Time(s) >>>>> cowboys@ - 1 Time(s) >>>>> dakota@ - 1 Time(s) >>>>> dallas@ - 1 Time(s) >>>>> daniel@ - 1 Time(s) >>>>> david@ - 1 Time(s) >>>>> diamond@ - 1 Time(s) >>>>> dragon@ - 1 Time(s) >>>>> falcon@ - 1 Time(s) >>>>> fiction@ - 1 Time(s) >>>>> foobar@ - 1 Time(s) >>>>> fred@ - 1 Time(s) >>>>> friends@ - 1 Time(s) >>>>> george@ - 1 Time(s) >>>>> harley@ - 1 Time(s) >>>>> hatton@ - 1 Time(s) >>>>> hello@ - 1 Time(s) >>>>> hockey@ - 1 Time(s) >>>>> internet@ - 2 Time(s) >>>>> jennifer@ - 1 Time(s) >>>>> jessica@ - 1 Time(s) >>>>> jordan@ - 2 Time(s) >>>>> joshua@ - 1 Time(s) >>>>> justin@ - 1 Time(s) >>>>> maddock@ - 1 Time(s) >>>>> maggie@ - 1 Time(s) >>>>> michael@ - 1 Time(s) >>>>> michelle@ - 1 Time(s) >>>>> mickey@ - 2 Time(s) >>>>> mike@ - 1 Time(s) >>>>> monday@ - 1 Time(s) >>>>> money@ - 1 Time(s) >>>>> monkey@ - 1 Time(s) >>>>> mustang@ - 1 Time(s) >>>>> newpass@ - 1 Time(s) >>>>> newuser@ - 1 Time(s) >>>>> nicole@ - 1 Time(s) >>>>> notused@ - 1 Time(s) >>>>> orange@ - 1 Time(s) >>>>> pascal@ - 1 Time(s) >>>>> passwd@ - 1 Time(s) >>>>> password@ - 1 Time(s) >>>>> patrick@ - 1 Time(s) >>>>> pepper@ - 1 Time(s) >>>>> purple@ - 1 Time(s) >>>>> qwerty@ - 2 Time(s) >>>>> richard@ - 1 Time(s) >>>>> robert@ - 1 Time(s) >>>>> school@ - 1 Time(s) >>>>> sendit@ - 1 Time(s) >>>>> shadow@ - 1 Time(s) >>>>> silver@ - 1 Time(s) >>>>> smokey@ - 1 Time(s) >>>>> snoopy@ - 1 Time(s) >>>>> soccer@ - 1 Time(s) >>>>> sports@ - 1 Time(s) >>>>> stupid@ - 1 Time(s) >>>>> summer@ - 2 Time(s) >>>>> sunshine@ - 1 Time(s) >>>>> test@ - 1 Time(s) >>>>> thomas@ - 1 Time(s) >>>>> undead@ - 1 Time(s) >>>>> vikings@ - 1 Time(s) >>>>> wheeling@ - 1 Time(s) >>>>> **Unmatched Entries** >>>>> vchkpw-smtp: invalid user/domain characters "null":xxx.xxx.xxx.xxx >>>>> vchkpw-smtp: invalid user/domain characters [EMAIL >>>>> PROTECTED]:xxx.xxx.xxx.xxx >>>>> ---------------------- vpopmail End ------------------------- >>>>> Francisco "Paco" Peralta >>>> >>>> >>>> -------------------------------------------------------------------- >>>> - >>>> QmailToaster hosted by: VR Hosted <http://www.vr.org> >>>> -------------------------------------------------------------------- >>>> - >>>> To unsubscribe, e-mail: qmailtoaster-list- >>>> [EMAIL PROTECTED] <mailto:qmailtoaster-list- >>>> [EMAIL PROTECTED]> >>>> For additional commands, e-mail: qmailtoaster-list- >>>> [EMAIL PROTECTED] <mailto:qmailtoaster-list- >>>> [EMAIL PROTECTED]> >>>> >>> --- >>> */Andrew Young/* >>> /"Remember your biggest obstacle to success is the absence of >>> execution."// / >> >> --------------------------------------------------------------------- >> QmailToaster hosted by: VR Hosted <http://www.vr.org> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: qmailtoaster-list- >> [EMAIL PROTECTED] >> > > --- > George E. Nichols > "The universal aptitude for ineptitude makes any human accomplishment > an incredible miracle." > > > --------------------------------------------------------------------- QmailToaster hosted by: VR Hosted <http://www.vr.org> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
