[BlueOnyx:09069] Re: has to be a better way
Ken - Precision Web Hosting, Inc
kenlists at precisionweb.net
Thu Nov 17 14:11:41 -05 2011
----- Original Message -----
From: <cwallace at wcnet.org>
To: <blueonyx at mail.blueonyx.it>
Sent: Thursday, November 17, 2011 10:52 AM
Subject: [BlueOnyx:09068] has to be a better way
>i keep getting ppl tryin to hack my blueonyx server.
> examples:
> dovecot: pop3-login: Disconnected (auth failed, 1 attempts):
> user=<aaron at go2ccc.net>, method=PLAIN, rip=86.122.172.81,
> lip=192.168.1.10: 2 Time(s)
> dovecot: pop3-login: Disconnected (auth failed, 1 attempts):
> user=<abby at go2ccc.net>, method=PLAIN, rip=86.122.172.81,
> lip=192.168.1.10: 2 Time(s)
>
> Refused Connections:
> Service dovecot:
> 65.67.57.241: 916 Time(s)
> 74.39.186.2: 1018 Time(s)
> 86.122.172.81: 426 Time(s)
> this is getting to be real bad and need to come up with a better solution
> then iptables because it seems to slow the server down now with all the
> ips i have in my block list
> here is an example ip table command i use:
> /sbin/iptables -A INPUT -s 65.67.57.241 -j DROP
>
> pam doesnt seem to stop the flooding and when they get where it aproching
> 9000 times it brings blueonyx to a halt.
> thanks in advance for any recomendation.
>
If the IP addresses you are adding are from some ISP, then when the hacker
reconnects, he will probably get a new IP.
For example 74.39.186.2 is just Frontiernet IP.
http://www.dnsstuff.com/tools/ipall/?ip=74.39.186.2
So, you don't need to keep the old IPs in there forever.
----
Ken Marcus
Precision Web Hosting, Inc.
http://www.precisionweb.net
More information about the Blueonyx
mailing list