This is a MIME-formatted message. If you see this text it means that your
E-mail software does not support MIME-formatted messages.
Hello Colleges and *,
since Sunday 19:47 CEST 18 of my servers are under heavy attack.
Currently I have counted over 18 million login attempts (dictionary
attack) with a list of 1005 names an started with IP <50.56.180.220>.
Aug 12 19:47:32 vserver04 imapd: Connection, ip=[::ffff:50.56.180.220]
Aug 12 19:47:53 vserver04 imapd: Connection, ip=[::ffff:50.56.180.220]
Aug 12 19:47:54 vserver04 imapd: LOGIN FAILED, user=aaron, ip=[::ffff:50.56.180.220]
Aug 12 19:47:59 vserver04 imapd: Disconnected, ip=[::ffff:50.56.180.220], time=6
Aug 12 19:47:59 vserver04 imapd: Connection, ip=[::ffff:50.56.180.220]
Aug 12 19:47:59 vserver04 imapd: LOGIN FAILED, user=aaron, ip=[::ffff:50.56.180.220]
Aug 12 19:48:04 vserver04 imapd: Disconnected, ip=[::ffff:50.56.180.220], time=5
Aug 12 19:48:04 vserver04 imapd: Connection, ip=[::ffff:50.56.180.220]
Aug 12 19:48:04 vserver04 imapd: LOGIN FAILED, user=aaron, ip=[::ffff:50.56.180.220]
Aug 12 19:48:09 vserver04 imapd: Connection, ip=[::ffff:50.56.180.220]
Aug 12 19:48:09 vserver04 imapd: LOGIN FAILED, user=abby, ip=[::ffff:50.56.180.220]
Aug 12 19:48:10 vserver04 imapd: Disconnected, ip=[::ffff:50.56.180.220], time=6
Aug 12 19:48:10 vserver04 imapd: Connection, ip=[::ffff:50.56.180.220]
Aug 12 19:48:10 vserver04 imapd: Disconnected, ip=[::ffff:50.56.180.220], time=0
Aug 12 19:48:10 vserver04 imapd: Connection, ip=[::ffff:50.56.180.220]
Aug 12 19:48:10 vserver04 imapd: LOGIN FAILED, user=aaron, ip=[::ffff:50.56.180.220]
Aug 12 19:48:14 vserver04 imapd: Disconnected, ip=[::ffff:50.56.180.220], time=5
Aug 12 19:48:14 vserver04 imapd: Connection, ip=[::ffff:50.56.180.220]
Aug 12 19:48:14 vserver04 imapd: LOGIN FAILED, user=abby, ip=[::ffff:50.56.180.220]
Aug 12 19:48:16 vserver04 imapd: Disconnected, ip=[::ffff:50.56.180.220], time=6
Aug 12 19:48:16 vserver04 imapd: Connection, ip=[::ffff:50.56.180.220]
Aug 12 19:48:16 vserver04 imapd: LOGIN FAILED, user=aaron, ip=[::ffff:50.56.180.220]
Aug 12 19:48:19 vserver04 imapd: Disconnected, ip=[::ffff:50.56.180.220], time=5
Aug 12 19:48:19 vserver04 imapd: Connection, ip=[::ffff:50.56.180.220]
Aug 12 19:48:20 vserver04 imapd: LOGIN FAILED, user=abby, ip=[::ffff:50.56.180.220]
Aug 12 19:48:21 vserver04 imapd: Disconnected, ip=[::ffff:50.56.180.220], time=5
Aug 12 19:48:21 vserver04 imapd: Connection, ip=[::ffff:50.56.180.220]
Aug 12 19:48:21 vserver04 imapd: LOGIN FAILED, user=aaron, ip=[::ffff:50.56.180.220]
Aug 12 19:48:25 vserver04 imapd: Disconnected, ip=[::ffff:50.56.180.220], time=6
Aug 12 19:48:25 vserver04 imapd: Connection, ip=[::ffff:50.56.180.220]
Aug 12 19:48:25 vserver04 imapd: Disconnected, ip=[::ffff:50.56.180.220], time=0
<snip>
I have encountered this problem tody, whil I saw, the logsize increased
by the factor 200! Mean, my daily mail.log are arround 1.8 GByte!
Also since yesterday, I get similar attacks by 3 other IPs from the USA.
Does someone have encountered similar things?
Note: I try to reach (a personaly known) FBI filed officer
from New York since I work a PMC.
Thanks, Greetings and nice Day/Evening
Michelle Konzack
##################### Debian GNU/Linux Consultant ######################
Development of Intranet and Embedded Systems with Debian GNU/Linux
Internet Service Provider, Cloud Computing
<http://www.itsystems.tamay-dogan.net/>
<http://www.debian.tamay-dogan.net/>
itsystems@tdnet Jabber linux4michelle@jabber.ccc.de
Owner Michelle Konzack
Gewerbe Strasse 3 Tel office: +49-176-86004575
77694 Kehl Tel mobil: +49-177-9351947
Germany Tel mobil: +33-6-61925193 (France)
USt-ID: DE 278 049 239
Linux-User #280138 with the Linux Counter, http://counter.li.org/
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/20120814114313.GD28928@work1
Tags
Create a new topic
Follow the discussion
13 replies
Make a reply
May 23rd, 2013 - 9:15 AM ET
Join now
Replies