Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Technical
Reload this Page Possible hack attempt?
Register FAQ Members List Social Groups Calendar Search Today's Posts Mark Forums Read

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 14th June 2007, 16:05
mtyme mtyme is offline
Junior Member
  
Join Date: Jun 2007
Posts: 10
Thanks: 2
Thanked 0 Times in 0 Posts
Default Possible hack attempt?
I was looking through my email log and saw this..

The disconnect/lost connection after EHLO portion at the bottom goes on and on probably hundreds of times.

Should I be concerned about this?

Quote:
Jun 14 07:48:31 webserv1 postfix/smtpd[12268]: connect from unknown[213.42.236.38]
Jun 14 07:48:31 webserv1 postfix/smtpd[12268]: warning: Connection concurrency limit exceeded: 51 from unknown[213.42.236.38] for service smtp
Jun 14 07:48:31 webserv1 postfix/smtpd[12268]: disconnect from unknown[213.42.236.38]
Jun 14 07:48:31 webserv1 postfix/smtpd[12270]: connect from unknown[213.42.236.38]
Jun 14 07:48:31 webserv1 postfix/smtpd[12270]: warning: Connection concurrency limit exceeded: 51 from unknown[213.42.236.38] for service smtp
Jun 14 07:48:31 webserv1 postfix/smtpd[12270]: disconnect from unknown[213.42.236.38]
Jun 14 07:48:31 webserv1 postfix/smtpd[12269]: connect from unknown[213.42.236.38]
Jun 14 07:48:31 webserv1 postfix/smtpd[12269]: warning: Connection concurrency limit exceeded: 51 from unknown[213.42.236.38] for service smtp
Jun 14 07:48:31 webserv1 postfix/smtpd[12269]: disconnect from unknown[213.42.236.38]
Jun 14 07:48:31 webserv1 postfix/smtpd[12267]: connect from unknown[213.42.236.38]
Jun 14 07:48:31 webserv1 postfix/smtpd[12267]: warning: Connection concurrency limit exceeded: 51 from unknown[213.42.236.38] for service smtp
Jun 14 07:48:31 webserv1 postfix/smtpd[12267]: disconnect from unknown[213.42.236.38]
Jun 14 07:48:31 webserv1 postfix/smtpd[12268]: connect from unknown[213.42.236.38]
Jun 14 07:48:31 webserv1 postfix/smtpd[12268]: warning: Connection concurrency limit exceeded: 51 from unknown[213.42.236.38] for service smtp
Jun 14 07:48:31 webserv1 postfix/smtpd[12268]: disconnect from unknown[213.42.236.38]
Jun 14 07:48:31 webserv1 postfix/smtpd[12270]: connect from unknown[213.42.236.38]
Jun 14 07:48:31 webserv1 postfix/smtpd[12270]: warning: Connection concurrency limit exceeded: 51 from unknown[213.42.236.38] for service smtp
Jun 14 07:48:31 webserv1 postfix/smtpd[12270]: disconnect from unknown[213.42.236.38]
Jun 14 07:48:31 webserv1 postfix/smtpd[12215]: lost connection after EHLO from unknown[213.42.236.38]
Jun 14 07:48:31 webserv1 postfix/smtpd[12215]: disconnect from unknown[213.42.236.38]
Jun 14 07:48:31 webserv1 postfix/smtpd[12269]: connect from unknown[213.42.236.38]
Jun 14 07:48:31 webserv1 postfix/smtpd[12269]: lost connection after CONNECT from unknown[213.42.236.38]
Jun 14 07:48:31 webserv1 postfix/smtpd[12269]: disconnect from unknown[213.42.236.38]
Jun 14 07:48:31 webserv1 postfix/smtpd[12267]: connect from unknown[213.42.236.38]
Jun 14 07:48:31 webserv1 postfix/smtpd[12267]: lost connection after CONNECT from unknown[213.42.236.38]
Jun 14 07:48:31 webserv1 postfix/smtpd[12267]: disconnect from unknown[213.42.236.38]
Jun 14 07:48:31 webserv1 postfix/smtpd[12268]: connect from unknown[213.42.236.38]
Jun 14 07:48:31 webserv1 postfix/smtpd[12268]: lost connection after CONNECT from unknown[213.42.236.38]
Jun 14 07:48:31 webserv1 postfix/smtpd[12268]: disconnect from unknown[213.42.236.38]
Jun 14 07:48:31 webserv1 postfix/smtpd[12219]: lost connection after EHLO from unknown[213.42.236.38]
Reply With Quote
Sponsored Links
  #2  
Old 14th June 2007, 17:53
edge edge is offline
Moderator
  
Join Date: Dec 2005
Location: The Netherlands
Posts: 2,010
Thanks: 254
Thanked 134 Times in 120 Posts
Default
It looks like some tool that is looking at your mail server. I have no clue who it is, exept that it's in the Middle east!
http://213.42.236.38
__________________
Never execute code written on a Friday or a Monday.
Reply With Quote
  #3  
Old 14th June 2007, 18:23
mtyme mtyme is offline
Junior Member
  
Join Date: Jun 2007
Posts: 10
Thanks: 2
Thanked 0 Times in 0 Posts
Default
Yeah, emirates.com. Some airline company. But is there something I can or should do about this?

Also saw this in there, is this normal? I'm new to this so I don't really know what to look for as far as threats or what's normal.

Jun 14 00:10:30 webserv1 postfix/smtpd[4120]: connect from unknown[208.64.49.132]
Jun 14 00:10:30 webserv1 postfix/smtpd[4120]: setting up TLS connection from unknown[208.64.49.132]
Jun 14 00:10:30 webserv1 postfix/smtpd[4120]: TLS connection established from unknown[208.64.49.132]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
Jun 14 00:10:30 webserv1 postfix/smtpd[4120]: A239C458359: client=unknown[208.64.49.132]
Reply With Quote
  #4  
Old 14th June 2007, 18:27
bschultz bschultz is offline
Senior Member
  
Join Date: Jul 2006
Posts: 220
Thanks: 11
Thanked 10 Times in 10 Posts
Default
If you look at the time stamps, they are doing this all in ONE second. That means they are trying to break in...but aren't getting in. You can try fail2ban or denyhosts to clean up some of this stuff, but they will always try.
Reply With Quote
The Following User Says Thank You to bschultz For This Useful Post:
mtyme (15th June 2007)
  #5  
Old 15th June 2007, 14:30
falko falko is offline
Super Moderator
  
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,665
Thanks: 1,896
Thanked 2,592 Times in 2,443 Posts
Default
http://www.howtoforge.com/fail2ban_debian_etch
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
The Following User Says Thank You to falko For This Useful Post:
mtyme (15th June 2007)
  #6  
Old 15th June 2007, 16:06
mtyme mtyme is offline
Junior Member
  
Join Date: Jun 2007
Posts: 10
Thanks: 2
Thanked 0 Times in 0 Posts
Default
Thanks guys, is there going to be many differences in the guide if I'm using Ubuntu server? (won't be able to check it out till I get home tonight)
Reply With Quote
  #7  
Old 16th June 2007, 14:17
falko falko is offline
Super Moderator
  
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,665
Thanks: 1,896
Thanked 2,592 Times in 2,443 Posts
 
Default
Ubuntu and Debian are very similar, so this should work on Ubuntu, too.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Hack: change Database prefix to domain name nilsk Tips/Tricks/Mods 7 8th March 2009 14:21
Hack attempts Andee63 General 12 29th March 2007 19:33
ispconfig server hack hans2512 General 3 15th March 2007 11:50
Constant Error: "[client 127.0.0.1] Attempt to serve directory: /var/www/html/" bpmee Server Operation 2 11th December 2006 16:15
Prevent BREAKIN ATTEMPT! IKShadow Installation/Configuration 6 22nd November 2006 22:15


All times are GMT +2. The time now is 10:17.

Contact Us - HowtoForge - Linux Howtos and Tutorials - Archive - Top

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2013, vBulletin Solutions, Inc.