Yes please do provide more info. Thanks Q
-----Original Message----- From: George Toft [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 08, 2007 8:00 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Unwanted Login Attempts Please provide more information. George Toft, CISSP, MSIS 623-203-1760 Harry Zink wrote: > Install BlockHosts - it takes care of these kind of hack attempts really > fast. > > Harry > > > On Aug 7, 2007, at 6:04 PM, George Toft wrote: > >> If you offer POP service to the Internet, this is going to happen. >> >> You could add an iptables rule to block everyone, except the IP >> address of users on your system, but if their IP address changes, you >> get a trouble ticket from a user who can't get their mail. You will >> spend lots of time chasing your own users. Not fun. >> >> Make sure your system is patched and built using the QMT scripts. The >> firewall is very good. I run yum update weekly to keep it up to date. >> >> What I do when this happens is look in /var/log/maillog for the IP >> address of the offender. Then run whois <IP ADDR> to get the ISP of >> the offender. If it is in the US/Canada, I fire off an e-mail with >> the logs (/var/log/maillog) to the abuse address and I use the key >> words "brute force attack on our mail server" and "please address this >> AUP violation with your subscriber." If the attack is from China, I >> don't even waste my time. >> >> When I was at a web hosting company, we took these complaints >> seriously. Maybe it works, maybe not. I've never had a repeat attack. >> >> I did have a BF attack from Argentina that went on for hours. I >> e-mailed the ISP and it stopped about 15 minutes later. >> >> George Toft, CISSP, MSIS >> 623-203-1760 >> >> >> >> >> Francisco Paco Peralta wrote: >> >>> Hello list, >>> I am looking for a way to minimize the rogue attempts to login to my >>> system. Any suggestions are welcome. >>> I get a logwatch report every morning and have been getting the >>> results. While it doesn't happen every day I would like to minimize >>> my exposure. See Below: >>> --------------------- vpopmail Begin ------------------------ >>> No Such User Found: >>> *@ - 1 Time(s) >>> 0246@ - 1 Time(s) >>> 12345678@ - 1 Time(s) >>> 123456@ - 1 Time(s) >>> 1234@ - 1 Time(s) >>> 123@ - 1 Time(s) >>> 123abc@ - 1 Time(s) >>> 1q2w3e@ - 1 Time(s) >>> a1b2c3@ - 1 Time(s) >>> abc123@ - 1 Time(s) >>> amanda@ - 1 Time(s) >>> andrew@ - 1 Time(s) >>> apple@ - 1 Time(s) >>> asshole@ - 1 Time(s) >>> bandit@ - 1 Time(s) >>> baseball@ - 1 Time(s) >>> beavis@ - 1 Time(s) >>> buster@ - 1 Time(s) >>> chris@ - 1 Time(s) >>> computer@ - 1 Time(s) >>> cowboys@ - 1 Time(s) >>> dakota@ - 1 Time(s) >>> dallas@ - 1 Time(s) >>> daniel@ - 1 Time(s) >>> david@ - 1 Time(s) >>> diamond@ - 1 Time(s) >>> dragon@ - 1 Time(s) >>> falcon@ - 1 Time(s) >>> fiction@ - 1 Time(s) >>> foobar@ - 1 Time(s) >>> fred@ - 1 Time(s) >>> friends@ - 1 Time(s) >>> george@ - 1 Time(s) >>> harley@ - 1 Time(s) >>> hatton@ - 1 Time(s) >>> hello@ - 1 Time(s) >>> hockey@ - 1 Time(s) >>> internet@ - 2 Time(s) >>> jennifer@ - 1 Time(s) >>> jessica@ - 1 Time(s) >>> jordan@ - 2 Time(s) >>> joshua@ - 1 Time(s) >>> justin@ - 1 Time(s) >>> maddock@ - 1 Time(s) >>> maggie@ - 1 Time(s) >>> michael@ - 1 Time(s) >>> michelle@ - 1 Time(s) >>> mickey@ - 2 Time(s) >>> mike@ - 1 Time(s) >>> monday@ - 1 Time(s) >>> money@ - 1 Time(s) >>> monkey@ - 1 Time(s) >>> mustang@ - 1 Time(s) >>> newpass@ - 1 Time(s) >>> newuser@ - 1 Time(s) >>> nicole@ - 1 Time(s) >>> notused@ - 1 Time(s) >>> orange@ - 1 Time(s) >>> pascal@ - 1 Time(s) >>> passwd@ - 1 Time(s) >>> password@ - 1 Time(s) >>> patrick@ - 1 Time(s) >>> pepper@ - 1 Time(s) >>> purple@ - 1 Time(s) >>> qwerty@ - 2 Time(s) >>> richard@ - 1 Time(s) >>> robert@ - 1 Time(s) >>> school@ - 1 Time(s) >>> sendit@ - 1 Time(s) >>> shadow@ - 1 Time(s) >>> silver@ - 1 Time(s) >>> smokey@ - 1 Time(s) >>> snoopy@ - 1 Time(s) >>> soccer@ - 1 Time(s) >>> sports@ - 1 Time(s) >>> stupid@ - 1 Time(s) >>> summer@ - 2 Time(s) >>> sunshine@ - 1 Time(s) >>> test@ - 1 Time(s) >>> thomas@ - 1 Time(s) >>> undead@ - 1 Time(s) >>> vikings@ - 1 Time(s) >>> wheeling@ - 1 Time(s) >>> **Unmatched Entries** >>> vchkpw-smtp: invalid user/domain characters "null":xxx.xxx.xxx.xxx >>> vchkpw-smtp: invalid user/domain characters [EMAIL >>> PROTECTED]:xxx.xxx.xxx.xxx >>> ---------------------- vpopmail End ------------------------- >>> Francisco "Paco" Peralta >> >> >> --------------------------------------------------------------------- >> QmailToaster hosted by: VR Hosted <http://www.vr.org> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> <mailto:[EMAIL PROTECTED]> >> For additional commands, e-mail: >> [EMAIL PROTECTED] >> <mailto:[EMAIL PROTECTED]> >> > > --- > */Andrew Young/* > /"Remember your biggest obstacle to success is the absence of > execution."// / > > --------------------------------------------------------------------- QmailToaster hosted by: VR Hosted <http://www.vr.org> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- QmailToaster hosted by: VR Hosted <http://www.vr.org> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
