[BlueOnyx:08409] Re: Server Security
Eiji Hamano
bluequartz at hypersys.ne.jp
Fri Sep 9 00:45:02 -05 2011
>I am seeing the following message quite often in my Logwatch reports:
>
> dovecot: pop3-login: Disconnected (auth failed, 1 attempts):
> user=<adrian>, method=PLAIN, rip=203.72.50.53, lip=65.39.71.132: 1 Time(s)
>
> dovecot: pop3-login: Disconnected (auth failed, 1 attempts):
> user=<advanced>, method=PLAIN, rip=203.72.50.53, lip=65.39.71.130: 1
> Time(s)
>
> ------------------------------------------------------------------------------------------------
>
> I see two ip addresses listed.
> The 69.39.71.13x is a recurring attempt -- almost daily now.
> Is there a way to block, or blacklist either ip address?
> OR is there a setting I need to check?
>
> Don
Hi
IP 203.72.50.53 (Taiwan Academic Network's IP ) is attacking to
69.39.71.13x.
If attacking from IP ( like as 203.72.50.53 ) is only one,
enter command "/sbin/iptables -A INPUT -s 203.72.50.53 -j DROP" by ssh.
If attacking from IP is not one, no way to preventing them completely.
However, strongly I recommend you a free DFix which make it to minimum.
Let's go http://www.compassnetworks.com.au/index.php?page=newlinq
You must install NewLinQ first at your BX or BQ.
After you installed NewLinQ, click "ther paty software",
then you can see "compassnet free Bundles".
Click "DFix 1.x.x", then it will fix your problem dramatically.
Eiji Hamano
More information about the Blueonyx
mailing list