[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Have I been hacked?

Am Donnerstag, 8. Januar 2015, 14:20:27 schrieb Jerry Stuckle:
> As for the attacks - I've seen a big uptake in the attacks over the last
> couple of weeks.  The worst I've seen is > 100 IP's locked out in one 24
> hour period.  They are coming from all over the world, although since
> there are a lot of proxies (many of them from trojans/viruses installed
> on unsuspecting machines), there's no easy way to tell what the real
> origins are.

Okay, as for the dovecot logs, yes there are more. People try to hack it. Also 
from China some. And there are even people who try more than plaintext:

Jan  5 22:25:40 mondschein dovecot: pop3-login: Disconnected (no auth attempts 
in 5 secs): user=<>, rip=66.240.236.119, lip=[…], TLS: SSL_read() syscall 
failed: Connection reset by peer, TLSv1.2 with cipher DHE-RSA-AES256-GCM-
SHA384 (256/256 bits)
Jan  5 22:25:40 mondschein dovecot: pop3-login: Disconnected (no auth attempts 
in 10 secs): user=<>, rip=66.240.236.119, lip=[…], TLS: Disconnected, TLSv1.2 
with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)

but then don´t even try to authentificate.

So, of course, you need to be careful about passwords with password based 
services.

-- 
Martin 'Helios' Steigerwald - http://www.Lichtvoll.de
GPG: 03B0 0D6C 0040 0710 4AFA  B82F 991B EAAC A599 84C7
Reply to: