On Fri, 2006-11-10 at 09:45 -0500, John Hinton wrote:
Log report is reporting a lot of these lately.. following is just a short snippet from the beginning on one server.
WARNING!!!! Possible Attack: Attempt from 104.29.broadband2.iol.cz [83.208.29.104] with: command=HELO/EHLO, count=3 : 1 Time(s) Attempt from 106.7.broadband7.iol.cz [88.102.7.106] with: command=HELO/EHLO, count=3 : 1 Time(s) Attempt from 106.74.broadband5.iol.cz [88.100.74.106] with: command=HELO/EHLO, count=3 : 1 Time(s) Attempt from 126.239.broadband7.iol.cz [88.102.239.126] with: command=HELO/EHLO, count=3 : 1 Time(s) Attempt from 144.Red-80-34-151.staticIP.rima-tde.net [80.34.151.144] with: command=HELO/EHLO, count=3 : 1 Time(s)
Could anyone expand on what these folks are actually doing? And if I should be concerned?
This is happening on both my CentOS 3 and 4 systems, all running Sendmail.
Not sure but I do know that hosts on the rima-tde.net network always try to send me tons of spam and rima-tde.net does not act upon any spam report. My logs show that rima-tde.net and tpnet.pl score top place when it comes to spam attempts from European hosts. Haven't seen iol.cz in my logs but I will keep an eye on them too.
Regards, Patrick