On Monday 06 April 2009 12:44:42 Kwan Lowe wrote: > On Mon, Apr 6, 2009 at 3:15 AM, Anne Wilson <cannewilson at googlemail.com> wrote: > > I've had umpteen IPs knocking on this door yesterday. The router blocked > > them, so it's not a problem, but why that port? > > It is related to Conflicker virus. I see. I normally have all ports closed and external checkers show the network as stealthed, but I had temporarily opened the IMAP port, which presumably drew the attention of the knockers. It's closed again now, but I will need to open in when I go on holiday as I collect mail from my server. I open the IMAP inward port - I don't think I needed the outward one when I used this before - and I have fail2ban on the server, which stops repeated attempts at guessing the password. As far as I can see it has fully controlled the situation up to now. I'm just hoping that I have enough control in place. Thanks to all who answered. Anne -- New to KDE4? - get help from http://userbase.kde.org Just found a cool new feature? Add it to UserBase -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part. URL: <http://lists.centos.org/pipermail/centos/attachments/20090406/fd64d4a1/attachment-0005.sig>