SurgeMail Archive: Spam:*******, Re: [SurgeMail List] Hackers at it again

Subject:	Spam:*******, Re: [SurgeMail List] Hackers at it again
From:	Lyle Giese
Date:	16-Apr-2013
On 04/09/13 14:49, Ed wrote: > Hi List, > > We've been tracking a pattern of late. The brute force password > attacks have changed. > > Like the current bot-net mentality they use to spam via hacked > accounts, they have the same technology to do password guesses that > pretty much circumvent a number of the current brute force tools most > of us have now. > > They use a coordinated bot-net and space the guesses out by 0.5 - 1.0 > hours per guess per IP. They have been doing this across a pretty > good spectrum of IP's ... > > The absolute best defense against this type of attack is to insure > strong passwords on all your SMTP/IMAP/POP accounts, monitor the > tellmail lockout_show listings which are absolute gold, and take > action as appropriate. > > -- Ed > ----------------------------------------------------------- > EAS Enterprises LLC > World Class Web and Email Hosting Solutions > IPv6 ready today for your needs of tomorrow! > Ask us about dual-stacking your site > www.easent.net > You mean like this(I like iptables): Login failures for 2013-04-15 2013-04-15 00:45:35.00:-1491805872: pop: User: admin Domain: woodstockilchamber.com, IP: ::ffff:37.9.53.64, HIDDEN@in@woodstockilchamber.com password wrong or not a valid user 2013-04-15 00:45:37.00:-1491805872: pop: User: admin Domain: woodstockilchamber.com, IP: ::ffff:37.9.53.64, HIDDEN@in@woodstockilchamber.com password wrong or not a valid user 2013-04-15 00:45:38.00:-1491805872: pop: User: admin Domain: woodstockilchamber.com, IP: ::ffff:37.9.53.64, HIDDEN@in@woodstockilchamber.com password wrong or not a valid user 2013-04-15 00:45:40.00:-1491805872: pop: User: admin Domain: woodstockilchamber.com, IP: ::ffff:37.9.53.64, HIDDEN@in@woodstockilchamber.com password wrong or not a valid user 2013-04-15 00:45:41.00:-1491805872: pop: User: admin Domain: woodstockilchamber.com, IP: ::ffff:37.9.53.64, HIDDEN@in@woodstockilchamber.com password wrong or not a valid user 2013-04-15 00:45:43.00:-1491805872: -ERR admin Too many 5>=5(G_BAD_LOGIN_ALLOW), set g_bad_login_ip_ignore ::ffff:37.9.53.64 retry in 5 minutes ip=::ffff:37.9.53.64 2013-04-15 00:45:45.00:-1491805872: -ERR chamber Too many 5>=5(G_BAD_LOGIN_ALLOW), set g_bad_login_ip_ignore ::ffff:37.9.53.64 retry in 5 minutes ip=::ffff:37.9.53.64 2013-04-15 00:45:46.00:-1491805872: -ERR chamber Too many 5>=5(G_BAD_LOGIN_ALLOW), set g_bad_login_ip_ignore ::ffff:37.9.53.64 retry in 5 minutes ip=::ffff:37.9.53.64 2013-04-15 00:45:48.00:-1491805872: -ERR chamber Too many 5>=5(G_BAD_LOGIN_ALLOW), set g_bad_login_ip_ignore ::ffff:37.9.53.64 retry in 5 minutes ip=::ffff:37.9.53.64 2013-04-15 00:45:49.00:-1491805872: -ERR chamber Too many 5>=5(G_BAD_LOGIN_ALLOW), set g_bad_login_ip_ignore ::ffff:37.9.53.64 retry in 5 minutes ip=::ffff:37.9.53.64 2013-04-15 00:45:51.00:-1491805872: -ERR chamber Too many 5>=5(G_BAD_LOGIN_ALLOW), set g_bad_login_ip_ignore ::ffff:37.9.53.64 retry in 5 minutes ip=::ffff:37.9.53.64 2013-04-15 00:45:52.00:-1491805872: -ERR chamber Too many 5>=5(G_BAD_LOGIN_ALLOW), set g_bad_login_ip_ignore ::ffff:37.9.53.64 retry in 5 minutes ip=::ffff:37.9.53.64 2013-04-15 02:00:23.00:-1476814512: pop: User: admin Domain: lantanaatlantis.com, IP: ::ffff:37.9.53.64, HIDDEN@in@lantanaatlantis.com password wrong or not a valid user 2013-04-15 02:00:25.00:-1476814512: pop: User: admin Domain: lantanaatlantis.com, IP: ::ffff:37.9.53.64, HIDDEN@in@lantanaatlantis.com password wrong or not a valid user 2013-04-15 02:00:26.00:-1476814512: pop: User: admin Domain: lantanaatlantis.com, IP: ::ffff:37.9.53.64, HIDDEN@in@lantanaatlantis.com password wrong or not a valid user 2013-04-15 02:00:28.00:-1476814512: pop: User: admin Domain: lantanaatlantis.com, IP: ::ffff:37.9.53.64, HIDDEN@in@lantanaatlantis.com password wrong or not a valid user 2013-04-15 02:00:29.00:-1476814512: pop: User: admin Domain: lantanaatlantis.com, IP: ::ffff:37.9.53.64, HIDDEN@in@lantanaatlantis.com password wrong or not a valid user 2013-04-15 05:47:33.00:-1491805872: pop: User: admin Domain: opendoorswithkim.com, IP: ::ffff:37.9.53.64, HIDDEN@in@opendoorswithkim.com password wrong or not a valid user 2013-04-15 05:47:36.00:-1476814512: pop: User: admin Domain: opendoorswithkim.com, IP: ::ffff:37.9.53.64, HIDDEN@in@opendoorswithkim.com password wrong or not a valid user 2013-04-15 05:47:39.00:-1476814512: pop: User: admin Domain: opendoorswithkim.com, IP: ::ffff:37.9.53.64, HIDDEN@in@opendoorswithkim.com password wrong or not a valid user 2013-04-15 05:47:42.00:-1476814512: pop: User: admin Domain: opendoorswithkim.com, IP: ::ffff:37.9.53.64, HIDDEN@in@opendoorswithkim.com password wrong or not a valid user 2013-04-15 05:47:44.00:-1476814512: pop: User: admin Domain: opendoorswithkim.com, IP: ::ffff:37.9.53.64, HIDDEN@in@opendoorswithkim.com password wrong or not a valid user 2013-04-15 05:47:47.00:-1476814512: -ERR admin Too many 5>=5(G_BAD_LOGIN_ALLOW), set g_bad_login_ip_ignore ::ffff:37.9.53.64 retry in 5 minutes ip=::ffff:37.9.53.64 2013-04-15 08:58:13.00:-1382008496: pop: User: admin Domain: trubeautyconcepts.com, IP: ::ffff:37.9.53.64, HIDDEN@in@trubeautyconcepts.com password wrong or not a valid user 2013-04-15 08:58:15.00:-1382008496: pop: User: admin Domain: trubeautyconcepts.com, IP: ::ffff:37.9.53.64, HIDDEN@in@trubeautyconcepts.com password wrong or not a valid user 2013-04-15 08:58:17.00:-1476814512: pop: User: admin Domain: trubeautyconcepts.com, IP: ::ffff:37.9.53.64, HIDDEN@in@trubeautyconcepts.com password wrong or not a valid user 2013-04-15 08:58:19.00:-1476814512: pop: User: admin Domain: trubeautyconcepts.com, IP: ::ffff:37.9.53.64, HIDDEN@in@trubeautyconcepts.com password wrong or not a valid user 2013-04-15 08:58:25.00:-1476814512: pop: User: admin Domain: trubeautyconcepts.com, IP: ::ffff:37.9.53.64, HIDDEN@in@trubeautyconcepts.com password wrong or not a valid user 2013-04-15 08:58:27.00:-1476814512: -ERR admin Too many 5>=5(G_BAD_LOGIN_ALLOW), set g_bad_login_ip_ignore ::ffff:37.9.53.64 retry in 5 minutes ip=::ffff:37.9.53.64 2013-04-15 08:58:32.00:-1476814512: -ERR trubeautyconcepts Too many 5>=5(G_BAD_LOGIN_ALLOW), set g_bad_login_ip_ignore ::ffff:37.9.53.64 retry in 5 minutes ip=::ffff:37.9.53.64 2013-04-15 08:58:34.00:-1390147248: -ERR trubeautyconcepts Too many 5>=5(G_BAD_LOGIN_ALLOW), set g_bad_login_ip_ignore ::ffff:37.9.53.64 retry in 5 minutes ip=::ffff:37.9.53.64

Last Message | Next Message


Search website: