F2b can't do anything against this type of attack as the IP's rarely repeat.
If you want a bit of security through obscurity, turn off authentication
on port 25 and configure your users to use SMPTS (tcp:465) or STARTTLS
(tcp:587). There is much less bot traffic on those ports.
Nick
On 11/02/2018 15:17, chaouche yacine via Fail2ban-users wrote:
Dear list,
I was surprised to find this in one of my script's live output :
Feb 11 16:01:16 [email protected] 104.131.92.159:
Feb 11 16:01:19 [email protected] 81.91.92.176:
Feb 11 16:01:21 [email protected] 213.136.88.68:
Feb 11 16:01:25 [email protected] 132.148.21.197:
Feb 11 16:01:28 [email protected] 91.121.136.82:
Feb 11 16:01:31 [email protected] 70.32.72.249:
Feb 11 16:01:33 [email protected] 88.198.177.200:
Feb 11 16:01:37 [email protected] 132.148.22.72:
Feb 11 16:01:40 [email protected] 185.14.28.209:
Feb 11 16:01:47 [email protected] 185.14.28.209:
Feb 11 16:01:50 [email protected] 31.186.8.165:
Feb 11 16:01:52 [email protected] 176.31.171.249:
Feb 11 16:01:55 [email protected] 174.142.254.4:
Feb 11 16:01:58 [email protected] 173.249.5.133:
Feb 11 16:02:04 [email protected] 103.1.239.204:
Feb 11 16:02:10 [email protected] 115.146.127.53:
Feb 11 16:02:13 [email protected] 80.87.200.146:
Feb 11 16:02:17 [email protected] 50.62.82.236:
Feb 11 16:02:20 [email protected] 158.222.0.202:
Feb 11 16:02:24 [email protected] 89.219.33.110:
Feb 11 16:02:26 [email protected] 37.59.8.29:
Feb 11 16:02:28 [email protected] 85.25.213.84:
Feb 11 16:02:31 [email protected] 185.95.85.159:
Feb 11 16:02:33 [email protected] 146.185.160.102:
Feb 11 16:02:35 [email protected] 94.23.93.101:
Feb 11 16:02:38 [email protected] 104.236.206.7:
Feb 11 16:02:41 [email protected] 194.150.118.6:
Feb 11 16:02:44 [email protected] 212.109.221.24:
Feb 11 16:02:46 [email protected] 146.185.157.149:
Feb 11 16:02:48 [email protected] 62.75.202.128:
Feb 11 16:02:51 [email protected] 193.203.206.3:
Feb 11 16:02:55 [email protected] 208.107.4.149:
Feb 11 16:02:57 [email protected] 173.212.252.117:
Feb 11 16:03:01 [email protected] 38.109.217.143:
Feb 11 16:03:04 [email protected] 5.2.209.70:
Feb 11 16:03:10 [email protected] 101.99.65.25:
Feb 11 16:03:12 [email protected] 91.121.85.220:
Feb 11 16:03:15 [email protected] 83.220.174.125:
Feb 11 16:03:19 [email protected] 173.203.58.135:
Feb 11 16:03:21 [email protected] 144.76.60.149:
Feb 11 16:03:24 [email protected] 37.46.131.252:
Feb 11 16:03:30 [email protected] 221.132.35.142:
Feb 11 16:03:32 [email protected] 46.4.122.252:
Feb 11 16:03:36 [email protected] 64.91.251.84:
Feb 11 16:03:39 [email protected] 94.181.191.195:
Feb 11 16:03:42 [email protected] 216.27.29.7:
Feb 11 16:03:44 [email protected] 176.31.182.14:
Feb 11 16:03:48 [email protected] 47.22.0.41:
Feb 11 16:03:50 [email protected] 188.166.112.173:
Feb 11 16:03:53 [email protected] 62.109.23.50:
Feb 11 16:03:59 [email protected] 210.211.118.171:
Feb 11 16:04:02 [email protected] 176.57.209.53:
Feb 11 16:04:04 [email protected] 37.97.198.103:
Feb 11 16:04:10 [email protected] 221.132.35.142:
Feb 11 16:04:16 [email protected] 163.44.206.185:
Feb 11 16:04:19 [email protected] 184.173.181.142:
Feb 11 16:04:24 [email protected] 198.12.149.197:
Feb 11 16:04:27 [email protected] 213.159.208.254:
Feb 11 16:04:30 [email protected] 198.50.145.221:
Feb 11 16:04:36 [email protected] 190.13.128.146:
Feb 11 16:04:41 [email protected] 139.196.229.151:
Feb 11 16:04:43 [email protected] 176.9.122.132:
It was generated in realtime by ychaouche/mailcop
<https://github.com/ychaouche/mailcop>
ychaouche/mailcop
mailcop - Watches your mail server
<https://github.com/ychaouche/mailcop>
As you can see there are multiple IPs involved, it seems to be some
kind of distributed attack. Is there any way I can protect my server
against this ?
Yassine.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
