Hmmm.. That's the same 2 netblocks of several in Romania we've been
having not only attacks on our mail servers but also FTP.
I have been wondering if it's the locals or if it's what we've been
seeing a lot lately of compromised computers being used by other
individuals to try and cover their tracks.
You're not alone. IPTables is your friend ;-) ACL's in the router work
On 09/17/2012 10:38 PM, Lyle Giese wrote:
> Had an account here get hacked. Nothing really new or unusual about
> that. The account had been dormant for a while and I just deleted it. I
> got notices from AOL feedback and the size of the outbound mail queue(I
> have a script to monitor the size of the queue) and that's how I found
> the issue.
> During the post investigation, I found two subnets(!) were sending
> directed POP3 queries and knew when they hit the blacklist threshold of
> Surgemail. I think they are still playing with the time out. But they
> would back off for a few minutes and try again.
> The unusual part was they were trying full email addresses instead of
> just user names as most script kiddies would do. These ip addresses
> started poking less than 24 hrs before they gained access to that one
> I have taken the unusual step of blocking them in our cisco router so
> they can not access TCP port 110 on our mail servers.
> Guess my next project is to data mine ip address from the mail logs for
> password failures and find the frequent violators now.
> Lyle Giese
> LCR Computer Services, Inc.
EAS Enterprises LLC
World Class Web and Email Hosting Solutions
IPv6 ready today for your needs of tomorrow!
Ask us about dual-stacking your site
Last Message | Next Message
Site Map |
Contact Netwin |
POP3 Mail Server |
Linux Webmail |
UnInstall instructions for all products
Copyright © 2017 Netwin Ltd. All rights reserved.