OT: IMAP under attack

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




Hello and sorry for the OT.

One of the server I manage, has been under attack since 3 days: I'm confident they won't be able to get in, but monitoring would warn me just in case. However, I feel curious, since I never saw such a perduring attack: normally they try info@ or an existent address a few times, then go away.

Here, however:
_ it's going on since 3 days;
_ fail2ban has already blocked 3500 IPs from all around the world (mostly from US, a lot from Europe, but also Asia...); _ they started trying to access reception@... (which never existed); after 24h, they moved to trying billing@... (which also never existed); now they are trying with an existing address (which is an alias, though, so they won't get access anyway with that user).

The company this server belongs to is no NASA or McDonald or bank: I see no reason why they should insist on it.

Furthermore, since tonight, another of my customer started experiencing the same thing.

Anyone else seeing this?
Is it some known attack campaign?

 bye & Thanks
       av.

------------------------------------------
Cyrus: Info
Permalink: https://cyrus.topicbox.com/groups/info/T1d0fcd8364d69d1f-M8cfc14626fbf960d6d792e78
Delivery options: https://cyrus.topicbox.com/groups/info/subscription




[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux