This morning, I got another notification email from my Firewall that someone is trying to bruteforcing one of my email.
If you come to this page by searching the IP listed here, it’s from China, and as always, add them to your blocked lists.
Time:    Sun Apr 3 00:35:20 2011 +0700
IP:Â Â Â Â Â 183.46.30.125 (CN/China/-)
Failures: 5 (smtpauth)
Interval: 300 seconds
Blocked:Â Permanent Block
Log entries:
2011-04-03 00:35:09 dovecot_login authenticator failed for (px168) [183.46.30.125]: 535 Incorrect authentication data (set_id=webmaster)
2011-04-03 00:35:11 dovecot_login authenticator failed for (px168) [183.46.30.125]: 535 Incorrect authentication data (set_id=webmaster)
2011-04-03 00:35:13 dovecot_login authenticator failed for (px168) [183.46.30.125]: 535 Incorrect authentication data (set_id=webmaster)
2011-04-03 00:35:14 dovecot_login authenticator failed for (px168) [183.46.30.125]: 535 Incorrect authentication data (set_id=webmaster)
2011-04-03 00:35:16 dovecot_login authenticator failed for (px168) [183.46.30.125]: 535 Incorrect authentication data (set_id=webmaster)
Article Source : http://blog.erawanarifnugroho.com/2011/04/02/hacking-attempt-from-china.html
Hello.
What kind of firewall do you use? What I have done is manually checking on auth.log. I’m using Debian 5. 🙂
Hello,
I am using CSF ( Config Server Firewall ) from the http://www.configserver.com.
For alternative, maybe you can use the APF (Advanced Policy Firewall) from the http://www.rfxn.com
🙂
My current website is hosted using WHM/Cpanel so the CSF is working as Plugins.
But if your website / server is not using Control Panel, you still can use it.
Just run the command from the shell / SSH, and manually edit the deny.conf in the /etc/csf directory