It appears that Patrick via mailop <201901-mai...@planhack.com> said:
>Wow. A fake auth module would seem to invite spam storms. Which for some might
>be handle-able and a good way to learn interactively with botnets?
All mine does is say that the AUTH worked and send the subsequent message on a
Wow. A fake auth module would seem to invite spam storms. Which for some might
be handle-able and a good way to learn interactively with botnets?
Has anyone implemented such a thing? Thanks!
___
mailop mailing list
mailop@mailop.org
It appears that Al Iverson via mailop said:
>I get many of these attempts too, and since I have no need for SMTP
>AUTH at all, I use it all as suggestions of IPs to ban.
I have a fake auth module that pretends to work and sends the message off
to the spam trap. The messages have the IP, user,
On 17/07/2021 21:13, Slavko via mailop wrote:
Please, i want ask others if are these (mostly) Brasil attempts know to
others too or am i "special" target?
I seem to get continuous SMTP stuff. Work is much worse than my
personal server. But we have 10's of domains and due to historical
I get many of these attempts too, and since I have no need for SMTP
AUTH at all, I use it all as suggestions of IPs to ban.
I do it with a very simple script like this: https://pastebin.com/5HtCFY7K
It'd be easy to spruce this up and add some sort of tracking mechanism
or counts or something, but
This particular botnet, (and you can tell this strain by the password
list attempted, and the number of attempts from each IP) appears to come
from at least two(2) actors, one which is a windows malware on older
windows machines, and the other uses the gpon/router compromisd botnets.
On 2021-07-18 at 06:43:51 UTC-0400 (Sun, 18 Jul 2021 12:43:51 +0200)
Slavko via mailop
is rumored to have said:
[...]
The only usable way seems to be GoiIP blocking countries, but i afraid
that it is wrong way.
Why?
If you have no users who need to authenticate from a particular network,
Hi,
Dňa Sun, 18 Jul 2021 06:54:07 +0200 Slavko via mailop
napísal:
> To see from where they come i did simple Python(3) script, which reads
> list of IP from stdin and prints some stats based on GeoLite2 DBs.
> When i feed it with IPs parsed from today dovecot's fail2ban log i
> can see:
Seems
