Lyle Giese HIDDEN@crcomputer.info> wrote:
>
Hi
See my logfile, is that what you want ?
Then block the IP-address instead of the accountname for a lot of hours (i have 96 hours) after 2 or 3 bad login attempts. Use G_HACK_DETECT
It will not stop the attackers but they will have to change IPaddress after every time the IP is blocked. And that takes effort & time (see logfile below). In the end there is seems to be no fun anymore, to much work.
In my case the attacks dropped down to "sometimes"  with only 2 login attampts (after which the ip is blocked), instead of previous 6 full hours of attacks every night !
Offcourse they are now trying  to get in via different methods,so make sure youre firewall is closed. 

MAIL.ERR

07 03:16:26.75:Err:3108: Warning, userHIDDEN@xxx.xx 85.195.123.242 tried to login with weak password (password), possibly a hacker, use tellmail test_weak (disable this warning with G_HACK_DETECT_DISABLE)
07 03:16:27.84:Err:3108: Warning, userHIDDEN@xx.xx 85.195.123.242 tried to login with weak password (password), possibly a hacker, use tellmail test_weak (disable this warning with G_HACK_DETECT_DISABLE)
07 05:50:32.45:Err:3176: Warning, userHIDDEN@xxx.xx 60.191.187.230 tried to login with weak password (password), possibly a hacker, use tellmail test_weak (disable this warning with G_HACK_DETECT_DISABLE)
07 05:50:34.55:Err:3176: Warning, userHIDDEN@xx.xx 60.191.187.230 tried to login with weak password (password), possibly a hacker, use tellmail test_weak (disable this warning with G_HACK_DETECT_DISABLE)

09 18:51:21.18:Err:3336: Warning, userHIDDEN@xxx.xx 41.138.67.164 tried to login with weak password (password), possibly a hacker, use tellmail test_weak (disable this warning with G_HACK_DETECT_DISABLE)
09 18:51:22.60:Err:3336: Warning, userHIDDEN@xx.xx 41.138.67.164 tried to login with weak password (password), possibly a hacker, use tellmail test_weak (disable this warning with G_HACK_DETECT_DISABLE)