From: Nick H. <ni...@ho...> - 2018-02-11 16:38:07
|
F2b can't do anything against this type of attack as the IP's rarely repeat. If you want a bit of security through obscurity, turn off authentication on port 25 and configure your users to use SMPTS (tcp:465) or STARTTLS (tcp:587). There is much less bot traffic on those ports. Nick On 11/02/2018 15:17, chaouche yacine via Fail2ban-users wrote: > Dear list, > > I was surprised to find this in one of my script's live output : > > Feb 11 16:01:16 rad...@my...d 104.131.92.159: > Feb 11 16:01:19 rad...@my...d 81.91.92.176: > Feb 11 16:01:21 rad...@my...d 213.136.88.68: > Feb 11 16:01:25 rad...@my...d 132.148.21.197: > Feb 11 16:01:28 rad...@my...d 91.121.136.82: > Feb 11 16:01:31 rad...@my...d 70.32.72.249: > Feb 11 16:01:33 rad...@my...d 88.198.177.200: > Feb 11 16:01:37 rad...@my...d 132.148.22.72: > Feb 11 16:01:40 rad...@my...d 185.14.28.209: > Feb 11 16:01:47 rad...@my...d 185.14.28.209: > Feb 11 16:01:50 rad...@my...d 31.186.8.165: > Feb 11 16:01:52 rad...@my...d 176.31.171.249: > Feb 11 16:01:55 rad...@my...d 174.142.254.4: > Feb 11 16:01:58 rad...@my...d 173.249.5.133: > Feb 11 16:02:04 rad...@my...d 103.1.239.204: > Feb 11 16:02:10 rad...@my...d 115.146.127.53: > Feb 11 16:02:13 rad...@my...d 80.87.200.146: > Feb 11 16:02:17 rad...@my...d 50.62.82.236: > Feb 11 16:02:20 rad...@my...d 158.222.0.202: > Feb 11 16:02:24 rad...@my...d 89.219.33.110: > Feb 11 16:02:26 rad...@my...d 37.59.8.29: > Feb 11 16:02:28 rad...@my...d 85.25.213.84: > Feb 11 16:02:31 rad...@my...d 185.95.85.159: > Feb 11 16:02:33 rad...@my...d 146.185.160.102: > Feb 11 16:02:35 rad...@my...d 94.23.93.101: > Feb 11 16:02:38 rad...@my...d 104.236.206.7: > Feb 11 16:02:41 rad...@my...d 194.150.118.6: > Feb 11 16:02:44 rad...@my...d 212.109.221.24: > Feb 11 16:02:46 rad...@my...d 146.185.157.149: > Feb 11 16:02:48 rad...@my...d 62.75.202.128: > Feb 11 16:02:51 rad...@my...d 193.203.206.3: > Feb 11 16:02:55 rad...@my...d 208.107.4.149: > Feb 11 16:02:57 rad...@my...d 173.212.252.117: > Feb 11 16:03:01 rad...@my...d 38.109.217.143: > Feb 11 16:03:04 rad...@my...d 5.2.209.70: > Feb 11 16:03:10 rad...@my...d 101.99.65.25: > Feb 11 16:03:12 rad...@my...d 91.121.85.220: > Feb 11 16:03:15 rad...@my...d 83.220.174.125: > Feb 11 16:03:19 rad...@my...d 173.203.58.135: > Feb 11 16:03:21 rad...@my...d 144.76.60.149: > Feb 11 16:03:24 rad...@my...d 37.46.131.252: > Feb 11 16:03:30 rad...@my...d 221.132.35.142: > Feb 11 16:03:32 rad...@my...d 46.4.122.252: > Feb 11 16:03:36 rad...@my...d 64.91.251.84: > Feb 11 16:03:39 rad...@my...d 94.181.191.195: > Feb 11 16:03:42 rad...@my...d 216.27.29.7: > Feb 11 16:03:44 rad...@my...d 176.31.182.14: > Feb 11 16:03:48 rad...@my...d 47.22.0.41: > Feb 11 16:03:50 rad...@my...d 188.166.112.173: > Feb 11 16:03:53 rad...@my...d 62.109.23.50: > Feb 11 16:03:59 rad...@my...d 210.211.118.171: > Feb 11 16:04:02 rad...@my...d 176.57.209.53: > Feb 11 16:04:04 rad...@my...d 37.97.198.103: > Feb 11 16:04:10 rad...@my...d 221.132.35.142: > Feb 11 16:04:16 rad...@my...d 163.44.206.185: > Feb 11 16:04:19 rad...@my...d 184.173.181.142: > Feb 11 16:04:24 rad...@my...d 198.12.149.197: > Feb 11 16:04:27 rad...@my...d 213.159.208.254: > Feb 11 16:04:30 rad...@my...d 198.50.145.221: > Feb 11 16:04:36 rad...@my...d 190.13.128.146: > Feb 11 16:04:41 rad...@my...d 139.196.229.151: > Feb 11 16:04:43 rad...@my...d 176.9.122.132: > > > It was generated in realtime by ychaouche/mailcop > <https://github.com/ychaouche/mailcop> > > > > > > > > > ychaouche/mailcop > > mailcop - Watches your mail server > > > <https://github.com/ychaouche/mailcop> > > > > As you can see there are multiple IPs involved, it seems to be some > kind of distributed attack. Is there any way I can protect my server > against this ? > > Yassine. > > > > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > > _______________________________________________ > Fail2ban-users mailing list > Fai...@li... > https://lists.sourceforge.net/lists/listinfo/fail2ban-users |