pop3d brute force attack

Discussion in 'General' started by FeraTechInc, Aug 11, 2010.

  1. FeraTechInc

    FeraTechInc ISPConfig Developer

    How can I stop this attack?

    Aug 11 11:22:59 server pop3d: Connection, ip=[::ffff:212.58.8.78]
    Aug 11 11:22:59 server pop3d: Connection, ip=[::ffff:212.58.8.78]
    Aug 11 11:22:59 server pop3d: LOGIN FAILED, user=login, ip=[::ffff:212.58.8.78]
    Aug 11 11:22:59 server pop3d: Connection, ip=[::ffff:212.58.8.78]
    Aug 11 11:22:59 server pop3d: LOGIN FAILED, user=louise, ip=[::ffff:212.58.8.78]
    Aug 11 11:22:59 server pop3d: LOGIN FAILED, user=lloyd, ip=[::ffff:212.58.8.78]
    Aug 11 11:22:59 server pop3d: LOGIN FAILED, user=logan, ip=[::ffff:212.58.8.78]
    Aug 11 11:22:59 server pop3d: LOGOUT, ip=[::ffff:212.58.8.78]
    Aug 11 11:22:59 server pop3d: Disconnected, ip=[::ffff:212.58.8.78]
    Aug 11 11:22:59 fserver pop3d: Connection, ip=[::ffff:212.58.8.78]
     
  2. TechAvenue

    TechAvenue New Member

    use fail2ban
     
  3. FeraTechInc

    FeraTechInc ISPConfig Developer

    Sorry, just figured it out.

    Fail2ban is installed.

    However, the "CourierAuth" section was set to disabled.

    It is enabled, the jerk trying to hack me is banned.
     
: brute force, pop3

Share This Page