[BlueOnyx:04414] Re: can't stop this attack
Gerald Waugh
gwaugh at frontstreetnetworks.com
Thu May 6 15:50:46 -05 2010
On Thu, 2010-05-06 at 21:54 +0300, Dudi Goldenberg wrote:
> > > maillog looks like this
> > >
> > > May 6 11:43:44 ns1 dovecot: pop3-login: Disconnected (auth failed, 1
> > > attempts): user=<Krystal>, method=PLAIN, rip=213.80.73.45,
> > > lip=70.246.22.22
> > > May 6 11:43:44 ns1 dovecot: pop3-login: Disconnected (auth failed, 1
> > > attempts): user=<Patches>, method=PLAIN, rip=213.80.73.45,
> > > lip=70.246.22.28
> > > May 6 11:43:44 ns1 dovecot: pop3-login: Disconnected (auth failed, 1
> > > attempts): user=<Maveric>, method=PLAIN, rip=213.80.73.45,
> > > lip=70.246.22.42
> > > May 6 11:43:45 ns1 dovecot: pop3-login: Disconnected (auth failed, 1
> > > attempts): user=<Merlin>, method=PLAIN, rip=213.80.73.45,
> > > lip=70.246.22.21
> > >
> > > ideas?
> >
> > Why not install fail2ban?
> >
I don't think that will work
the server has about 250 IP address and probably 750 users.
The attack uses a different user name and a different IP
possibly hit the 2nd user in a couple of days
More information about the Blueonyx
mailing list