On 05/02/11 09:53, Case Hugo wrote:
> Several times a week we get this attempt:
> Warning, userHIDDEN@firstname.lastname@example.org tried to login with weak password,
> possibly a hacker, use tellmail test_weak (188.8.131.52)
> 9 out of 10 times, they are attempting to hack either 'root' or
> 'windows'. Does anyone know why they would target these two
> (nonexistent) email accounts and how can I block them ahead of time?
> Right now I take their IP and add those the the "deny" list.
It's quite common for the spammers to have a dictionary of common role
ID's for probing email servers. Surgemail does not by default have
these other than the postmaster for the primary domain.
If you go back in time to many of the older Linux and Unix distros, they
were filled with them. Along with role accounts that had shell access,
then by default many of these accounts then had ssh or telnet access.
Script kiddies will try these endlessly because they can and their
searches usually find a target or two to exploit.
Last Message | Next Message
Site Map |
Contact Netwin |
POP3 Mail Server |
Linux Webmail |
UnInstall instructions for all products
Copyright © 2017 Netwin Ltd. All rights reserved.