g_hacker_poison anyone trying to log into any account names listed is blacklisted :-) Paul On May 2, 2011, at 3:02 PM, Lyle Giese wrote: > On 05/02/11 09:53, Case Hugo wrote: >> Several times a week we get this attempt: >> >> Warning, userHIDDEN@s@elkgrove.net tried to login with weak password, >> possibly a hacker, use tellmail test_weak (74.134.89.250) >> >> 9 out of 10 times, they are attempting to hack either 'root' or >> 'windows'. Does anyone know why they would target these two >> (nonexistent) email accounts and how can I block them ahead of time? >> Right now I take their IP and add those the the "deny" list. >> >> TIA >> > > It's quite common for the spammers to have a dictionary of common role ID's for probing email servers. Surgemail does not by default have these other than the postmaster for the primary domain. > > If you go back in time to many of the older Linux and Unix distros, they were filled with them. Along with role accounts that had shell access, then by default many of these accounts then had ssh or telnet access. > > Script kiddies will try these endlessly because they can and their searches usually find a target or two to exploit. > > Lyle >
Last Message | Next Message