Go Down

Topic: dang SMTP hackers... (Read 1 time) previous topic - next topic

travis_farmer

i received about 790 alerts from my server, all with this

Code: [Select]
Transcript of session follows.

 Out: 220 tjfserver.ddns.net ESMTP Postfix
 In:  EHLO USER5
 Out: 250-tjfserver.ddns.net
 Out: 250-PIPELINING
 Out: 250-SIZE 10240000
 Out: 250-VRFY
 Out: 250-ETRN
 Out: 250-ENHANCEDSTATUSCODES
 Out: 250-8BITMIME
 Out: 250 DSN
 In:  AUTH LOGIN
 Out: 503 5.5.1 Error: authentication not enabled

Session aborted, reason: lost connection


all from IP: 213.149.137.12

so that's why my internet is bogging down... i am under attack, via brute-force to my SMTP server!
I blacklisted the IP on my firewall, but dang, WTF!  >:(

~Travis

Henry_Best

i received about 790 alerts from my server, all with this

Code: [Select]
Transcript of session follows.

 Out: 220 tjfserver.ddns.net ESMTP Postfix
 In:  EHLO USER5
 Out: 250-tjfserver.ddns.net
 Out: 250-PIPELINING
 Out: 250-SIZE 10240000
 Out: 250-VRFY
 Out: 250-ETRN
 Out: 250-ENHANCEDSTATUSCODES
 Out: 250-8BITMIME
 Out: 250 DSN
 In:  AUTH LOGIN
 Out: 503 5.5.1 Error: authentication not enabled

Session aborted, reason: lost connection


all from IP: 213.149.137.12

so that's why my internet is bogging down... i am under attack, via brute-force to my SMTP server!
I blacklisted the IP on my firewall, but dang, WTF!  >:(

~Travis
That IP appears to belong to Dupnica Optics in Bulgaria.

Robin2

That IP appears to belong to Dupnica Optics in Bulgaria.
Sounds like it needs looking into.

...R
Two or three hours spent thinking and reading documentation solves most programming problems.

Henry_Best

Sounds like it needs looking into.
Len's the guy for that, but Iris may also help.

TKall

Quote
Len's the guy for that, but Iris may also help.
Nothing like a little Humor...

travis_farmer

come on now, lets focus.

~Travis

TKall


msssltd

Surprised you made it this far without the spammers finding your server. 

Have a look into fail2ban

travis_farmer

Surprised you made it this far without the spammers finding your server. 

Have a look into fail2ban

fail2ban just installed :D

~Travis

travis_farmer

this just in from (208.100.26.233):
Code: [Select]
Transcript of session follows.

 Out: 220 tjfserver.ddns.net ESMTP Postfix
 In:  ???
 Out: 502 5.5.2 Error: command not recognized
 In:
 Out: 500 5.5.2 Error: bad syntax
 In:  ?
 Out: 502 5.5.2 Error: command not recognized
 In:
 Out: 500 5.5.2 Error: bad syntax
 In:
 Out: 500 5.5.2 Error: bad syntax

Session aborted, reason: lost connection


i just had to laugh. :D

~Travis

msssltd

If you haven't done so already, enabling the postscreen dnsbl lookup is highly recommended too. 

Henry_Best

Nothing like a little Humor...
Your comments get cornea and cornea.

TKall

Quote
Your comments get cornea and cornea.
You are clearly a pupil of wit and witticism

msssltd

#13
Jan 14, 2018, 10:22 pm Last Edit: Jan 14, 2018, 10:22 pm by msssltd
We need to focus on how to cataract the spammers

Robin2

We need to focus on how to cataract the spammers
A 5 minute delay between posts?

...R
Two or three hours spent thinking and reading documentation solves most programming problems.

Go Up