Possible hack attempt?

Discussion in 'Technical' started by mtyme, Jun 14, 2007.

  1. mtyme

    mtyme New Member

    I was looking through my email log and saw this..

    The disconnect/lost connection after EHLO portion at the bottom goes on and on probably hundreds of times.

    Should I be concerned about this?

     
  2. edge

    edge HowtoForge Supporter

    It looks like some tool that is looking at your mail server. I have no clue who it is, exept that it's in the Middle east!
    http://213.42.236.38
     
  3. mtyme

    mtyme New Member

    Yeah, emirates.com. Some airline company. But is there something I can or should do about this?

    Also saw this in there, is this normal? I'm new to this so I don't really know what to look for as far as threats or what's normal.

    Jun 14 00:10:30 webserv1 postfix/smtpd[4120]: connect from unknown[208.64.49.132]
    Jun 14 00:10:30 webserv1 postfix/smtpd[4120]: setting up TLS connection from unknown[208.64.49.132]
    Jun 14 00:10:30 webserv1 postfix/smtpd[4120]: TLS connection established from unknown[208.64.49.132]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
    Jun 14 00:10:30 webserv1 postfix/smtpd[4120]: A239C458359: client=unknown[208.64.49.132]
     
  4. bschultz

    bschultz Member

    If you look at the time stamps, they are doing this all in ONE second. That means they are trying to break in...but aren't getting in. You can try fail2ban or denyhosts to clean up some of this stuff, but they will always try.
     
  5. falko

    falko Super Moderator

  6. mtyme

    mtyme New Member

    Thanks guys, is there going to be many differences in the guide if I'm using Ubuntu server? (won't be able to check it out till I get home tonight)
     
  7. falko

    falko Super Moderator

    Ubuntu and Debian are very similar, so this should work on Ubuntu, too. :)
     

Share This Page