SurgeMail Archive: Re: [SurgeMail List] password crack attempts

Subject:	Re: [SurgeMail List] password crack attempts
From:	Paul M. Beck
Date:	01-Nov-2010
Thanks Lyle, Looks like my login failed log rolled over at 20:30 so the records aren't in there. I'll have to do some searching - was being lazy and relying on the web interface :-) On Nov 1, 2010, at 7:08 AM, Lyle Giese wrote: > Paul M. Beck wrote: >> Once again someone's trying to crack passwords on our server. >> Not a problem because surgemail has caught it. >> However searching 10000 records still doesn't give the offending IP >> address. >> Does anyone know how can I find this out all I have are records like >> these... >> Are there some tellmail commands to list locked out IP addresses? >> >> 2010-10-31 20:30:44.00:-230068224: -ERR Login incorrect oracle - too >> many attempts try later (g_bad_login_allow or g_bad_login_ip_ignore) >> 2010-10-31 20:30:44.00:-244846592: -ERR Login incorrect backup - too >> many attempts try later (g_bad_login_allow or g_bad_login_ip_ignore) >> 2010-10-31 20:30:44.00:-229683200: -ERR Login incorrect backup - too >> many attempts try later (g_bad_login_allow or g_bad_login_ip_ignore) >> 2010-10-31 20:30:44.00:-231608320: -ERR Login incorrect sybase - too >> many attempts try later (g_bad_login_allow or g_bad_login_ip_ignore) >> >> Paul >> > Look for this: > > Login failures for 2010-11-01 > 2010-11-01 00:08:43.00:303794512: pop: User: xxxxxx Domain: > xxxxxx.com, IP: ::ffff:98.253.35.189, -ERRHIDDEN@xxx.com password > wrong or not a valid user > 2010-11-01 00:18:25.00:314349904: pop: User: xxxxxx Domain: > xxxxxx.com, IP: ::ffff:98.253.35.189, -ERRHIDDEN@xxx.com password > wrong or not a valid user > > 2010-11-01 01:43:49.00:314349904: -ERR User: xxxxxx Domain: > chemcomfg.com, Too many login attempts, try again later. Setting > g_bad_login ip=::ffff:98.253.35.189 > > > I don't think there is a file that holds those. But I could be wrong > on > that. I would search for the password failures instead. Don't know > what > platform you are on, but in *nix, learning how to use grep from a > command line is a very useful tool. > > Lyle Giese > LCR Computer Services, Inc. > >

Last Message | Next Message


Search website: