> Date: Tue, 11 Aug 2009 16:54:31 +1000
> From: xchen (at mark) housleyconsulting.com.au
> Subject: [coba-e:15867] Block Hacker IP from BQ and BX Server
> To: coba-e (at mark) bluequartz.org
>
> Hi All,
>
> We are encountering this being hacked problem these days. All our BQ
> and BX Server are under attack from certain IP.
> The Service under attacking is Dovecot.
>
> The following is the messages from MAILLOG file: (Hacker IP:
> 65.68.51.61)
> Aug 11 15:54:22 s10 dovecot: pop3-login: Aborted login: user=,
> method=PLAIN, rip=65.68.51.61, lip=122.100.2.66
> Aug 11 15:54:22 s10 dovecot: pop3-login: Aborted login:
> user=, method=PLAIN, rip=65.68.51.61, lip=122.100.2.67
> Aug 11 15:54:22 s10 dovecot: pop3-login: Aborted login: user=,
> method=PLAIN, rip=65.68.51.61, lip=122.100.2.66
>
> I have blocked this IP by using IPTABLES, however, once they changed
> the IP, won't be blocked anymore.
>
> Does anyone have the same issue before? Is there any tool can block
> the IP automatically based on some certain events?
>
> Thanks,
> tim
>
Uggg.... try this again without the stupid auto htmail rich
text format so its readable...sry
We have been using dfix.sh for quite awhile and it seems to
work pretty good for this also. We have also played with
deny.hosts and fail2ban when we needed to block other
types of services. But if you just need something for dovecot
dfix works pretty good, I think it watchs/blocks a few other
type attacks also. Good Luck!
http://www.gregkuhnert.com/public:bq:dfix
http://denyhosts.sourceforge.net/
_________________________________________________________________
Express your personality in color! Preview and select themes for HotmailŪ.
http://www.windowslive-hotmail.com/LearnMore/personalize.aspx?ocid=PID23391::T:WLMTAGL:ON:WL:en-US:WM_HYGN_express:082009