What user names did they start with? For the G_Hacker_Poison :-)
> They do work on POP3. Doesn't stop the attacker from trying however.
> All attempts were being blocked properly by SurgeMail and all attempts
> were logged.
> I will note that all these attempts were for unqualified user names. In
> other words, noHIDDEN@n.name in them. So the attacker got absolutely
> nothing. I have no accounts in the main domain except the postmaster(with
> a complex password).
> This was coming from a hosted server, and not a dynamic home ip address. I
> was pleasently surprised that the hosting company did in fact respond
> relatively quickly.
> However this attack was generating several hundred attempts per hour and
> had been on-going for about 5 hrs when I blackholed him in IP tables. And
> they were only up to D in the alphabet with the names being attempted.
> Lyle Giese
> LCR Computer Services, Inc.
> On 12/21/2011 1:52 PM, Ed wrote:
>> I always thought that the failed password [count] options that I know
>> work on SMTP would work on POP3 but it appears not. Sure would be nice
>> if the settings worked for all protocols. X [small number like 4] bad
>> SMTP guesses and it just drops the connections.
>> On 12/21/2011 02:46 PM, Lyle Giese wrote:
>>> On 12/21/2011 11:17 AM, Lyle Giese wrote:
>>>> we have been under a concerted long term POP3 password attack from
>>>> I have a host in front of our Surgemail servers running IPTables and am
>>>> dropping all packets from this host. I have not had time to look into
>>>> this, but it looks like a hosting company of some sort.
>>>> Lyle Giese
>>>> LCR Computer Services, Inc.
>>> Just a quick followup, I have not looked to see if the attacker is gone,
>>> but the ISP (Continuum Data Centers, LLC) has already responding and it
>>> working on the issue from their end.
>>> This POP3 brute force password attack was running for about 6 hrs before
>>> I noticed and adjusted the IPTables to cut him off.
Last Message | Next Message
Site Map |
Contact Netwin |
POP3 Mail Server |
Linux Webmail |
UnInstall instructions for all products
Copyright © 2017 Netwin Ltd. All rights reserved.