[dundee] This guy really wants to send some e-mail

Sean McRobbie lug at seany.us
Mon Jul 6 16:28:15 UTC 2009


Sounds like a drone part of a botnet - happens all the time, especially on SSH servers. Unfortunately we've seen them succeed a few times when a customer chooses a weak password.

I would suggest installing a brute force detector in order to automatically add IPs who fail after X attempts to /etc/hosts.deny or even iptables. The former works easier for us because it doesn't get in the way of your other firewall rules.

Regards,
Sean McRobbie

----- Original Message -----
From: "Kris Davidson" <davidson.kris at gmail.com>
To: "LUG" <dundee at mailman.lug.org.uk>
Sent: Monday, 6 July, 2009 16:57:56 GMT +00:00 GMT Britain, Ireland, Portugal
Subject: Re: [dundee] This guy really wants to send some e-mail

Thats a small extraction BTW, hes been trying for the past 2 days. At
some point I figure he has to give up.

2009/7/6 Kris Davidson <davidson.kris at gmail.com>:
> I don't know why, I just find his persistence funny:
>
> http://www.krisdavidson.org/mail_logs.txt
>
> I should probably blacklist and report it, but I want to see what he does.
>
> Kris
>

_______________________________________________
dundee GNU/Linux Users Group mailing list
dundee at lists.lug.org.uk  http://dundee.lug.org.uk
https://mailman.lug.org.uk/mailman/listinfo/dundee
Chat on IRC, #tlug on dundee.lug.org.uk



More information about the dundee mailing list