Article 15867 at 09/08/11 15:57:23 From: xchen (at mark) housleyconsulting.com.au Subject: [coba-e:15867] Block Hacker IP from BQ and BX Server

Index: [Article Count Order] [Thread]

Date:  Tue, 11 Aug 2009 16:54:31 +1000
From:  Xin CHEN <xchen (at mark) housleyconsulting.com.au>
Subject:  [coba-e:15867] Block Hacker IP from BQ and BX Server
To:  coba-e (at mark) bluequartz.org
Message-Id:  <2DAB4EF3-1B30-4A80-9B28-05C1CAC2B271 (at mark) housleyconsulting.com.au>
X-Mail-Count: 15867

Hi All,

We are encountering this being hacked problem these days. All our BQ  
and BX Server are under attack from certain IP.
The Service under attacking is Dovecot.

The following is the messages from MAILLOG file: (Hacker IP:  
65.68.51.61)
Aug 11 15:54:22 s10 dovecot: pop3-login: Aborted login: user=<login>,  
method=PLAIN, rip=65.68.51.61, lip=122.100.2.66
Aug 11 15:54:22 s10 dovecot: pop3-login: Aborted login:  
user=<support>, method=PLAIN, rip=65.68.51.61, lip=122.100.2.67
Aug 11 15:54:22 s10 dovecot: pop3-login: Aborted login: user=<Thomas>,  
method=PLAIN, rip=65.68.51.61, lip=122.100.2.66

I have blocked this IP by using IPTABLES, however, once they changed  
the IP, won't be blocked anymore.

Does anyone have the same issue before? Is there any tool can block  
the IP automatically based on some certain events?

Thanks,
tim