Hello,
On Thu, Jun 20, 2019 at 08:45:13PM +0100, Brian wrote:
> At least 2000,000, hosts on the internet. You reckon you will be in
> the first tranche of targets?
I don't know about "amongst the first" but there are multiple
services scanning every port of the entire IPv4 space now and
On Fri 21 Jun 2019 at 21:14:42 +1000, Andrew McGlashan wrote:
> On 21/6/19 4:08 pm, Reco wrote:
> > What I'm most interested is here is the time distribution. I.e. has
> > the number of exploitation attempts lowered after the Exim banner
> > change? Stayed the same?
>
> Not a single one since,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 21/6/19 4:08 pm, Reco wrote:
> What I'm most interested is here is the time distribution. I.e. has
> the number of exploitation attempts lowered after the Exim banner
> change? Stayed the same?
Not a single one since, so far.
Although I
Hi.
On Fri, Jun 21, 2019 at 06:36:20AM +1000, Andrew McGlashan wrote:
> On 21/6/19 5:52 am, Reco wrote:
> > Plain old grep is more than enough here. This one:
> >
> > grep 'run{' /var/log/exim4/reject*
> >
> > finds things like these:
> >
> > 2019-06-19 18:54:43 H=(service.com)
On Thu, Jun 20, 2019 at 10:50:08PM +0100, Brian wrote:
So? Looks like a normal day. Announcing exim as version 4.92 (or any
other value) is most unlikely to reduce the number of these attempts.
I'm seeing the same attempts on postfix servers...
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
On 21/6/19 4:49 am, Reco wrote:
>> Thank you, I've changed the banner for now let's hope that
>> lessens the problem.
>
> Please share the results if possible.
>
> On this particular MTA I've counted whopping 4 attempts to exploit
>
On Fri 21 Jun 2019 at 04:15:35 +1000, Andrew McGlashan wrote:
> On 20/6/19 11:57 pm, Brian wrote:
> > On Thu 20 Jun 2019 at 23:26:08 +1000, Andrew McGlashan wrote:
> >
> >> # dpkg-query -l|grep \ exim|awk '{print $2,$3}'|column -t exim4
> >> 4.89-2+deb9u4 exim4-base 4.89-2+deb9u4
Hi.
On Fri, Jun 21, 2019 at 04:40:11AM +1000, Andrew McGlashan wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
>
>
> On 20/6/19 11:45 pm, Reco wrote:
> > Hi.
> >
> > On Thu, Jun 20, 2019 at 11:26:08PM +1000, Andrew McGlashan wrote:
> >> Is there a way to provide version
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 20/6/19 11:45 pm, Reco wrote:
> Hi.
>
> On Thu, Jun 20, 2019 at 11:26:08PM +1000, Andrew McGlashan wrote:
>> Is there a way to provide version of "4.92" easily or some other
>> text to stop the likelihood of outsiders trying to pound on and
>>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 20/6/19 11:57 pm, Brian wrote:
> On Thu 20 Jun 2019 at 23:26:08 +1000, Andrew McGlashan wrote:
>
>> # dpkg-query -l|grep \ exim|awk '{print $2,$3}'|column -t exim4
>> 4.89-2+deb9u4 exim4-base 4.89-2+deb9u4 exim4-config
>>
On Thu 20 Jun 2019 at 23:26:08 +1000, Andrew McGlashan wrote:
> # dpkg-query -l|grep \ exim|awk '{print $2,$3}'|column -t
> exim4 4.89-2+deb9u4
> exim4-base 4.89-2+deb9u4
> exim4-config4.89-2+deb9u4
> exim4-daemon-heavy 4.89-2+deb9u4
> exim4-doc-html 4.89-1
>
On Thu, Jun 20, 2019 at 11:26:08PM +1000, Andrew McGlashan wrote:
> Shodan [1] reports loads of vulnerable [2] servers running pre 4.92
> versions of Exim, those include Debian Exim variants reporting 4.89
> even for fully patched servers.
General answer:
https://www.debian.org/security/faq
Hi.
On Thu, Jun 20, 2019 at 11:26:08PM +1000, Andrew McGlashan wrote:
> Is there a way to provide version of "4.92" easily or some other text
> to stop the likelihood of outsiders trying to pound on and exploit the
> server? Even though they won't be able to do successfully due to up to
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
Shodan [1] reports loads of vulnerable [2] servers running pre 4.92
versions of Exim, those include Debian Exim variants reporting 4.89
even for fully patched servers.
$ telnet mail.example.org 25
Trying ip_add_re_ss...
Connected to
14 matches
Mail list logo
