cj yother wrote: > Is anyone else experiencing a rise in attempted account access over the > past 24 hours?
Over the past week or so, I've seen very large numbers of password-guessing attempts: other hosts trying to authenticate against SMTP. They seem to try 'admin@', 'info@', 'support@', 'webmaster@' and, in some cases, 'name-of-domain@name-of-domain'. On my box, they get exactly three attempts and then 'fail2ban' knocks them on the head and I don't hear from them again. However, they appear to have an extensive botnet at their disposal, so I see hundreds of attempts a day, from different hosts. I host a number of domains, and the first few attacks were targeted at three that are owned by a slightly controversial humanitarian organization, so I thought it might be a targeted attack. However, they're now hitting other domains as well, so I think it's just the latest installment of Stupid Spammer Tricks. It seems completely pointless, because 'fail2ban' takes care of it so easily (and if you don't have 'fail2ban' installed, this is your cue). Back when I thought it was a targeted attack, I thought about writing to the group to ask if there was a way to configure qmail so that one of their attempts would 'succeed', and then capture whatever messages they were trying to send. However, given that it looks like it's just clueless spammers trying to spam, I'm less interested in knowing what they have in mind. Angus --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
