Sujet : Re: 83.222.190.50 from Sopot, Bulgaria using braindead hacking software
De : noc (at) *nospam* inter-corporate.com (Randolf Richardson 張文道)
Groupes : news.admin.net-abuse.emailDate : 30. Aug 2024, 04:44:18
Autres entêtes
Organisation : Inter-Corporate Computer & Network Services, Inc. -- Simplifying complexity
Message-ID : <20240829204418.b677db1df683b122cdc107bc@inter-corporate.com>
References : 1 2
User-Agent : Sylpheed 3.7.0 (GTK+ 2.24.33; x86_64-pc-linux-gnu)
On Thu, 29 Aug 2024 12:16:31 -0600
Post To Usenet <
posttousenet@gmail.com> wrote:
I don't know what OS your mail server is but try something like
fail2ban if it is a Linux based OS to automatically ban these
credits.
I'm running Debian Linux, and I also recommend fail2ban.
https://github.com/fail2ban/fail2ban
https://gist.github.com/pida42/58c8254475757394a055c85c9ed0ce8a
https://en.wikipedia.org/wiki/Fail2ban
It does great at parsing logs and banning login attempts like that
and is a really good Intrusion Detection System ("IDS").
Hope this helps.
Thank you. Your recommendation is a good one, although I'm not
asking for advice -- I already have intrusion detection (and
other aspects of security) taken care of. My posting about
this is as was common over ~15 years ago here in NANAE, in the
hopes that this information may be helpful to others as part of
community participation (plus some other reasons that need not
be mentioned).
On 8/28/2024 11:46 PM, Randolf Richardson 張文道 wrote:
I'm seeing a lot of hacking attempts from 83.222.190.50 at
a rate of 30 to 200 per second, always using one password
repeatedly on multiple attempts of the same accounts, which
are almost always role accounts (e.g., support@ abuse@ @noc
daemon@ postmaster@ root@), with an occasional non-role
account being attempted (also with the same password).
The only password they're trying to use, and repeatedly
failing with, is: aq!@#
I'm including this above so that it can be included in any
lists of insecure passwords to prevent any accounts that
are permitted to use short passwords from getting abused
by whatever braindead hacking software is being used.
I recommend permanently blocking this IP address, which I
suspect may be running some braindead hacking software.
<SNIP>
-- Randolf Richardson 張文道, CNA - noc@inter-corporate.comInter-Corporate Computer & Network Services, Inc.Beautiful British Columbia, Canadahttps://www.inter-corporate.com/