cj yother wrote:
> Is anyone else experiencing a rise in attempted account access over the
> past 24 hours?

Over the past week or so, I've seen very large numbers of
password-guessing attempts: other hosts trying to authenticate against
SMTP. They seem to try 'admin@', 'info@', 'support@', 'webmaster@' and, in
some cases, 'name-of-domain@name-of-domain'.

On my box, they get exactly three attempts and then 'fail2ban' knocks them
on the head and I don't hear from them again. However, they appear to have
an extensive botnet at their disposal, so I see hundreds of attempts a
day, from different hosts.

I host a number of domains, and the first few attacks were targeted at
three that are owned by a slightly controversial humanitarian
organization, so I thought it might be a targeted attack. However, they're
now hitting other domains as well, so I think it's just the latest
installment of Stupid Spammer Tricks.

It seems completely pointless, because 'fail2ban' takes care of it so
easily (and if you don't have 'fail2ban' installed, this is your cue).

Back when I thought it was a targeted attack, I thought about writing to
the group to ask if there was a way to configure qmail so that one of
their attempts would 'succeed', and then capture whatever messages they
were trying to send. However, given that it looks like it's just clueless
spammers trying to spam, I'm less interested in knowing what they have in
mind.

Angus


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to