Hello and sorry for the OT.
One of the server I manage, has been under attack since 3 days: I'm
confident they won't be able to get in, but monitoring would warn me
just in case.
However, I feel curious, since I never saw such a perduring attack:
normally they try info@ or an existent address a few times, then go away.
Here, however:
_ it's going on since 3 days;
_ fail2ban has already blocked 3500 IPs from all around the world
(mostly from US, a lot from Europe, but also Asia...);
_ they started trying to access reception@... (which never existed);
after 24h, they moved to trying billing@... (which also never existed);
now they are trying with an existing address (which is an alias, though,
so they won't get access anyway with that user).
The company this server belongs to is no NASA or McDonald or bank: I see
no reason why they should insist on it.
Furthermore, since tonight, another of my customer started experiencing
the same thing.
Anyone else seeing this?
Is it some known attack campaign?
bye & Thanks
av.
------------------------------------------
Cyrus: Info
Permalink: https://cyrus.topicbox.com/groups/info/T1d0fcd8364d69d1f-M8cfc14626fbf960d6d792e78
Delivery options: https://cyrus.topicbox.com/groups/info/subscription