John Hinton wrote:
Log report is reporting a lot of these lately.. following is just a
short snippet from the beginning on one server.
WARNING!!!!
Possible Attack:
Attempt from 104.29.broadband2.iol.cz [83.208.29.104] with:
command=HELO/EHLO, count=3 : 1 Time(s)
Attempt from 106.7.broadband7.iol.cz [88.102.7.106] with:
command=HELO/EHLO, count=3 : 1 Time(s)
Attempt from 106.74.broadband5.iol.cz [88.100.74.106] with:
command=HELO/EHLO, count=3 : 1 Time(s)
Attempt from 126.239.broadband7.iol.cz [88.102.239.126] with:
command=HELO/EHLO, count=3 : 1 Time(s)
Attempt from 144.Red-80-34-151.staticIP.rima-tde.net [80.34.151.144]
with:
command=HELO/EHLO, count=3 : 1 Time(s)
Could anyone expand on what these folks are actually doing? And if I
should be concerned?
To me it looks like something/someone looking for valid email addresses
- perhaps to use in an effort to defeat spam filters. It'd be
interesting to see what sort of conversation takes place between your
server and the attacker, and how close together time wise these are
occuring.
I notice the first 5 warnings are from the Czech Republic, and the last
one is from Spain. Are you getting these from world wide addresses or
just these two countries?
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
