[CentOS] pop3 attack
centos at celestial.com
Wed Dec 10 17:16:58 UTC 2008
On Wed, Dec 10, 2008, James Pifer wrote:
>On Tue, 2008-12-09 at 16:26 -0500, James Pifer wrote:
>> Thanks to all. For now I've stopped it using iptables. I tried stopping
>> it at my router without success, yet another reason to replace it! I
>> will also report it to abuse at covad.net.
>My issues have gotten worse. Apparently over the last few days my ip
>address has gotten blacklisted. No idea why. Even though I have a
>commercial class cable modem service, my ip is residential because it
>comes to my house. But I've been running my mail server for several
>years and never had an issue.
Your IP address, 188.8.131.52, is listed on zen.spamhaus.org, and
you can probably go to their web site to see why it's listed.
I have see quite a few cases where spam is sent from webmail
accounts (mostly squirrelmail) by crackers who get access via
weak passwords found by imap/pop probes as you described.
It's been my experience in the 15 years we have been doing
support for regional ISPs that well over 50% of their user's
passwords are easily cracked, and that getting the users to use
good passwords is difficult to say the least.
INTERNET: bill at celestial.com Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way
Voice: (206) 236-1676 Mercer Island, WA 98040-0820
Fax: (206) 232-9186
Never blame a legislative body for not doing something. When they do
nothing, that don't hurt anybody. When they do something is when they
become dangerous. -- Will Rogers
More information about the CentOS