On 2022-01-08 08:03, Andrea Venturoli wrote:
This is what suprises me more: I'm used to seeing attempts with
username = existing mail addresses, but here they are choosing random
user names (E.g. "billing") which don't have any history in this
domain and insist on them for 24h.
Its the 'net background noise.
Jan 9 04:42:15 Blocking t=432000 r=1 b=3 p=1 u=1 l=0 [eetesuvpm]
[eetesuvpm2019] 1,1 attempts in 0,0 seconds added: 177.53.165.43/32 0
Jan 9 04:42:44 Blocking t=432000 r=0 b=2 p=4 u=4 l=0
[trinaexultationtripp] [trinaexultationtripp2019] 4,1 attempts in 5717,0
seconds added: 45.227.33.45/32 0
Jan 9 04:45:31 Blocking t=432000 r=1 b=3 p=1 u=1 l=0 [quicksales]
[quicksales2019] 1,1 attempts in 0,0 seconds added: 94.74.148.69/32 0
Jan 9 04:51:04 Blocking t=432000 r=1 b=3 p=1 u=1 l=0
[kathyallegrachilders] [kathyallegrachilders2019] 1,1 attempts in 0,0
seconds added: 177.87.68.115/32 0
Jan 9 04:51:59 Blocking t=432000 r=1 b=3 p=2 u=2 l=0 [carlonejgoe]
[carlonejgoe2019] 2,1 attempts in 4463,0 seconds added:
170.239.137.205/32 0
Jan 9 04:55:03 Blocking t=432000 r=1 b=9 p=1 u=1 l=0 [fitpsl]
[fitpsl2019] 1,1 attempts in 0,0 seconds added: 170.81.20.207/32 0
Jan 9 05:00:11 Blocking t=432000 r=1 b=9 p=1 u=1 l=0 [mary] [mary2019]
1,1 attempts in 0,0 seconds added:131.196.95.86/32 0
Jan 9 05:02:11 Blocking t=432000 r=1 b=9 p=1 u=1 l=0 [sarah]
[sarah2019] 1,1 attempts in 0,0 seconds added: 94.74.180.199/32 0
Jan 9 05:16:32 Pwds: 4, Boxes: 313, Good: 1870, Pending: 396, Blocked:
1225
None of those are valid usernames. Always have at least 1000 IP
addresses blocked on each machine and sometimes 3000+.
I'm shutting down completely next week so I set the block time to 5
days. There is only one person using that server now.
John Capo
Tuffmaiol.com
------------------------------------------
Cyrus: Info
Permalink: https://cyrus.topicbox.com/groups/info/T1d0fcd8364d69d1f-Mf64f54f35bcdc9768e53f871
Delivery options: https://cyrus.topicbox.com/groups/info/subscription
