[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Massiv dictionary attacks from <rackspace.com>

you can use fail2ban program or block the ip by iptables manually.
I'm suggestion fail2ban. it's a login attempt counter.

On Tue, 2012-08-14 at 13:43 +0200, Michelle Konzack wrote:
Hello Colleges and *,

since Sunday 19:47 CEST 18 of my servers are under heavy attack.

Currently I have counted over  18  million  login  attempts  (dictionary
attack) with a list of 1005 names an started with IP <>.

--[ '/var/log/mail.log' ]-----------------------------------------------
Aug 12 19:47:32 vserver04 imapd: Connection, ip=[::ffff:]
Aug 12 19:47:53 vserver04 imapd: Connection, ip=[::ffff:]

I have encountered this problem tody, whil I saw, the logsize increased
by the factor 200!  Mean, my daily mail.log are arround 1.8 GByte!

Also since yesterday, I get similar attacks by 3 other IPs from the USA.

Does someone have encountered similar things?

Note:  I try to reach (a personaly known) FBI filed officer
       from New York since I work a PMC.

Thanks, Greetings and nice Day/Evening
    Michelle Konzack

Yurdum Yazılım

Reply to: