Jump to content

Mail Server Attack

Judahnator
Go to solution Solved by Blade of Grass,

I would suggest setting up Fail2Ban to automatically ban IP addresses after too many failed attempts.

Other than that, there's really nothing you can do, my Web servers get attacked all the time, so I setup Fail2Ban to permanently ban after a certain amount of temporary bans.

Im not really sure where this goes, but here is good enough.

 

A few days ago i noticed more network traffic going to my web server than usual. Then when looking at logs and the auto-banned IP's, i noticed that there was an ongoing dictionary attack.

 

The attacker was mostly hitting on common usernames like Alex, Elena, John, Sam, etc. They were also using a wide range of IP's, so banning one didnt stop the attack.

Right now there are about 6IP's banned, and the attack has slowed. How would i go about completely blocking this? I know good old-fashioned strong passwords are the best defense, but id rather not have to deal with this at all.

 

 

Any thoughts?

 

 

Thanks

 

~Judah

~Judah

Link to comment
Share on other sites

Link to post
Share on other sites

Im not really sure where this goes, but here is good enough.

 

A few days ago i noticed more network traffic going to my web server than usual. Then when looking at logs and the auto-banned IP's, i noticed that there was an ongoing dictionary attack.

 

The attacker was mostly hitting on common usernames like Alex, Elena, John, Sam, etc. They were also using a wide range of IP's, so banning one didnt stop the attack.

Right now there are about 6IP's banned, and the attack has slowed. How would i go about completely blocking this? I know good old-fashioned strong passwords are the best defense, but id rather not have to deal with this at all.

 

 

Any thoughts?

 

 

Thanks

 

~Judah

block SMTP traffic, lols.

 

iptables -A INPUT -s 0.0.0.0 --dport 25 -j DROP

PEWDIEPIE DONT CROSS THAT BRIDGE

 

 

Link to comment
Share on other sites

Link to post
Share on other sites

He's good... Dont worry about me im just commenting. Ta ta~

(NOW)War Horse:

CPU: AMD FX-6300 | Motherboard: MSI 970A-G43 | RAM: Corsair Vengeance Dual Channel 8GB 1600Mhz | GPU: MSI R7790 | Case: Dazumba D-Vito 903 | HDD 1 & 2: Seagate 1TB and Seagate 500GB | PSU: Corsair CX600
(WAS)Old Coop:
CPU: Intel C2D E7500 | Motherboard: Gigabyte G31M-ES2L | RAM: V-Gen 4GB Dual Channel | GPU: Galaxy GT210 | Case: Power-Up ??? | HDD: Seagate 500GB | PSU: Power-up 500W

MyAnimeList Profile | Heaven Society | HEIL THE MIGHTY AND POWERFUL LINUS | My Blog 'Unfinished Pieces' | Code of Conduct

Link to comment
Share on other sites

Link to post
Share on other sites

block SMTP traffic, lols.

 

iptables -A INPUT -s 0.0.0.0 --dport 25 -j DROP

you could also make a script with bash and grep to filter name headers on the email for alex, samatha etc..

PEWDIEPIE DONT CROSS THAT BRIDGE

 

 

Link to comment
Share on other sites

Link to post
Share on other sites

I would suggest setting up Fail2Ban to automatically ban IP addresses after too many failed attempts.

Other than that, there's really nothing you can do, my Web servers get attacked all the time, so I setup Fail2Ban to permanently ban after a certain amount of temporary bans.

15" MBP TB

AMD 5800X | Gigabyte Aorus Master | EVGA 2060 KO Ultra | Define 7 || Blade Server: Intel 3570k | GD65 | Corsair C70 | 13TB

Link to comment
Share on other sites

Link to post
Share on other sites

I would suggest setting up Fail2Ban to automatically ban IP addresses after too many failed attempts.

Other than that, there's really nothing you can do, my Web servers get attacked all the time, so I setup Fail2Ban to permanently ban after a certain amount of temporary bans.

 

Thanks, ill definitely give it a try

~Judah

Link to comment
Share on other sites

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×