[CentOS] A new attack
Patrick
centos-list at puzzled.xs4all.nl
Fri Nov 10 15:22:19 UTC 2006
On Fri, 2006-11-10 at 09:45 -0500, John Hinton wrote:
> Log report is reporting a lot of these lately.. following is just a
> short snippet from the beginning on one server.
>
> WARNING!!!!
> Possible Attack:
> Attempt from 104.29.broadband2.iol.cz [83.208.29.104] with:
> command=HELO/EHLO, count=3 : 1 Time(s)
> Attempt from 106.7.broadband7.iol.cz [88.102.7.106] with:
> command=HELO/EHLO, count=3 : 1 Time(s)
> Attempt from 106.74.broadband5.iol.cz [88.100.74.106] with:
> command=HELO/EHLO, count=3 : 1 Time(s)
> Attempt from 126.239.broadband7.iol.cz [88.102.239.126] with:
> command=HELO/EHLO, count=3 : 1 Time(s)
> Attempt from 144.Red-80-34-151.staticIP.rima-tde.net [80.34.151.144]
> with:
> command=HELO/EHLO, count=3 : 1 Time(s)
>
> Could anyone expand on what these folks are actually doing? And if I
> should be concerned?
>
> This is happening on both my CentOS 3 and 4 systems, all running Sendmail.
Not sure but I do know that hosts on the rima-tde.net network always try
to send me tons of spam and rima-tde.net does not act upon any spam
report. My logs show that rima-tde.net and tpnet.pl score top place when
it comes to spam attempts from European hosts. Haven't seen iol.cz in my
logs but I will keep an eye on them too.
Regards,
Patrick
More information about the CentOS
mailing list