Re: 83.222.190.50 from Sopot, Bulgaria using braindead hacking software

Liste des GroupesRevenir à nan email 
Sujet : Re: 83.222.190.50 from Sopot, Bulgaria using braindead hacking software
De : noc (at) *nospam* inter-corporate.com (Randolf Richardson 張文道)
Groupes : news.admin.net-abuse.email
Date : 30. Aug 2024, 04:44:18
Autres entêtes
Organisation : Inter-Corporate Computer & Network Services, Inc. -- Simplifying complexity
Message-ID : <20240829204418.b677db1df683b122cdc107bc@inter-corporate.com>
References : 1 2
User-Agent : Sylpheed 3.7.0 (GTK+ 2.24.33; x86_64-pc-linux-gnu)
On Thu, 29 Aug 2024 12:16:31 -0600
Post To Usenet <posttousenet@gmail.com> wrote:

I don't know what OS your mail server is but try something like
fail2ban if it is a Linux based OS to automatically ban these
credits.

I'm running Debian Linux, and I also recommend fail2ban.

https://github.com/fail2ban/fail2ban
 
https://gist.github.com/pida42/58c8254475757394a055c85c9ed0ce8a
 
https://en.wikipedia.org/wiki/Fail2ban
 
 
It does great at parsing logs and banning login attempts like that
and is a really good Intrusion Detection System ("IDS").
 
Hope this helps.

Thank you.  Your recommendation is a good one, although I'm not
asking for advice -- I already have intrusion detection (and
other aspects of security) taken care of.  My posting about
this is as was common over ~15 years ago here in NANAE, in the
hopes that this information may be helpful to others as part of
community participation (plus some other reasons that need not
be mentioned).

On 8/28/2024 11:46 PM, Randolf Richardson 張文道 wrote:
I'm seeing a lot of hacking attempts from 83.222.190.50 at
a rate of 30 to 200 per second, always using one password
repeatedly on multiple attempts of the same accounts, which
are almost always role accounts (e.g., support@ abuse@ @noc
daemon@ postmaster@ root@), with an occasional non-role
account being attempted (also with the same password).
 
The only password they're trying to use, and repeatedly
failing with, is:  aq!@#
 
I'm including this above so that it can be included in any
lists of insecure passwords to prevent any accounts that
are permitted to use short passwords from getting abused
by whatever braindead hacking software is being used.
 
I recommend permanently blocking this IP address, which I
suspect may be running some braindead hacking software.
 
  <SNIP>
 


--
Randolf Richardson 張文道, CNA - noc@inter-corporate.com
Inter-Corporate Computer & Network Services, Inc.
Beautiful British Columbia, Canada
https://www.inter-corporate.com/

Date Sujet#  Auteur
29 Aug 24 * 83.222.190.50 from Sopot, Bulgaria using braindead hacking software5Randolf Richardson 張文道
29 Aug 24 +* Re: 83.222.190.50 from Sopot, Bulgaria using braindead hacking software2Edward McGuire
30 Aug 24 i`- Re: 83.222.190.50 from Sopot, Bulgaria using braindead hacking software1Randolf Richardson 張文道
29 Aug 24 `* Re: 83.222.190.50 from Sopot, Bulgaria using braindead hacking software2Post To Usenet
30 Aug 24  `- Re: 83.222.190.50 from Sopot, Bulgaria using braindead hacking software1Randolf Richardson 張文道

Haut de la page

Les messages affichés proviennent d'usenet.

NewsPortal