[CentOS] pop3 attack

Bill Campbell centos at celestial.com
Wed Dec 10 17:16:58 UTC 2008


On Wed, Dec 10, 2008, James Pifer wrote:
>On Tue, 2008-12-09 at 16:26 -0500, James Pifer wrote:
>> Thanks to all. For now I've stopped it using iptables. I tried stopping
>> it at my router without success, yet another reason to replace it! I
>> will also report it to abuse at covad.net. 
>> 
>
>My issues have gotten worse. Apparently over the last few days my ip
>address has gotten blacklisted. No idea why. Even though I have a
>commercial class cable modem service, my ip is residential because it
>comes to my house. But I've been running my mail server for several
>years and never had an issue. 

Your IP address, 70.62.90.185, is listed on zen.spamhaus.org, and
you can probably go to their web site to see why it's listed.

I have see quite a few cases where spam is sent from webmail
accounts (mostly squirrelmail) by crackers who get access via
weak passwords found by imap/pop probes as you described.

It's been my experience in the 15 years we have been doing
support for regional ISPs that well over 50% of their user's
passwords are easily cracked, and that getting the users to use
good passwords is difficult to say the least.

Bill
-- 
INTERNET:   bill at celestial.com  Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/  PO Box 820; 6641 E. Mercer Way
Voice:          (206) 236-1676  Mercer Island, WA 98040-0820
Fax:            (206) 232-9186

Never blame a legislative body for not doing something.  When they do
nothing, that don't hurt anybody.  When they do something is when they
become dangerous. -- Will Rogers


More information about the CentOS mailing list