Article 15875 at 09/08/12 06:27:49 From: midintertech (at mark) hotmail.com Subject: [coba-e:15875] Re: Block Hacker IP from BQ and BX Server

Index: [Article Count Order] [Thread]
Date:  Tue, 11 Aug 2009 16:27:47 -0500
From:  Tom W <midintertech (at mark) hotmail.com>
Subject:  [coba-e:15875] Re: Block Hacker IP from BQ and BX Server
To:  "coba-e (at mark) bluequartz.org" <coba-e (at mark) bluequartz.org>
Message-Id:  <BAY107-W37D982B60B4D59B0F65A59D1070 (at mark) phx.gbl>
In-Reply-To:  <2DAB4EF3-1B30-4A80-9B28-05C1CAC2B271 (at mark) housleyconsulting.com.au>
References:  <2DAB4EF3-1B30-4A80-9B28-05C1CAC2B271 (at mark) housleyconsulting.com.au>
X-Mail-Count: 15875

> Date: Tue, 11 Aug 2009 16:54:31 +1000> From: xchen (at mark) housleyconsulting.com.au> Subject: [coba-e:15867] Block Hacker IP from BQ and BX Server> To: coba-e (at mark) bluequartz.org> > Hi All,> > We are encountering this being hacked problem these days. All our BQ  > and BX Server are under attack from certain IP.> The Service under attacking is Dovecot.> > The following is the messages from MAILLOG file: (Hacker IP:  > 65.68.51.61)> Aug 11 15:54:22 s10 dovecot: pop3-login: Aborted login: user=<login>,=  > method=PLAIN, rip=65.68.51.61, lip=122.100.2.66> Aug 11 15:54:22 s10 dovecot: pop3-login: Aborted login:  > user=<support>, method=PLAIN, rip=65.68.51.61, lip=122.100.=2.67> Aug 11 15:54:22 s10 dovecot: pop3-login: Aborted login: user=<Thomas>=,  > method=PLAIN, rip=65.68.51.61, lip=122.100.2.66> > I have blocked this IP by using IPTABLES, however, once they changed = > the IP, won't be blocked anymore.> > Does anyone have the same issue before? Is there any tool can block  > the IP automatically based on some certain events?> > Thanks,> tim> We have been using dfix.sh for quite awhile and it seems towork pretty good for this also. We have also played withdeny.hosts and fail2ban when we needed to block other types of services. But if you just need something for dovecotdfix works pretty good, I think it watchs/blocks a few othertype attacks also. Good Luck!_________________________________________________________________Get free photo software from Windows Livehttp://www.windowslive.com/online/photos?ocid=PID23393::T:WLMTAGL:ON:WL:e=n-US:SI_PH_software:082009=
	15875_2.html (attatchment)(tag is disabled)