Sujet : Re: 83.222.190.50 from Sopot, Bulgaria using braindead hacking software
De : posttousenet (at) *nospam* gmail.com (Post To Usenet)
Groupes : news.admin.net-abuse.emailDate : 29. Aug 2024, 19:16:31
Autres entêtes
Organisation : A noiseless patient Spider
Message-ID : <vaqdtv$2e1q$1@dont-email.me>
References : 1
User-Agent : Mozilla Thunderbird
I don't know what OS your mail server is but try something like
fail2ban if it is a Linux based OS to automatically ban these
credits.
https://github.com/fail2ban/fail2banhttps://gist.github.com/pida42/58c8254475757394a055c85c9ed0ce8ahttps://en.wikipedia.org/wiki/Fail2banIt does great at parsing logs and banning login attempts like that
and is a really good Intrusion Detection System ("IDS").
Hope this helps.
On 8/28/2024 11:46 PM, Randolf Richardson 張文道 wrote:
I'm seeing a lot of hacking attempts from 83.222.190.50 at
a rate of 30 to 200 per second, always using one password
repeatedly on multiple attempts of the same accounts, which
are almost always role accounts (e.g., support@ abuse@ @noc
daemon@ postmaster@ root@), with an occasional non-role
account being attempted (also with the same password).
The only password they're trying to use, and repeatedly
failing with, is: aq!@#
I'm including this above so that it can be included in any
lists of insecure passwords to prevent any accounts that
are permitted to use short passwords from getting abused
by whatever braindead hacking software is being used.
I recommend permanently blocking this IP address, which I
suspect may be running some braindead hacking software.
<SNIP>
83.222.190.50 from Sopot, Bulgaria using braindead hacking software
Re: 83.222.190.50 from Sopot, Bulgaria using braindead hacking software