sziasztok!
tegnap ezt találtam a mail.log fileban. fail2ban aktív és a lenti ip címet elvileg dobja az iptables...
ma reggel ugyanezt találtam. légyszíves segítsetek, hogy tudnám ezt megszüntetni... egyáltalán pontosan mi is ez???? előre is köszi!
Oct 5 13:34:22 server postfix/smtpd[12949]: connect from bba427923.alshamil.net.ae[83.110.234.187]
Oct 5 13:34:24 server postfix/smtpd[12949]: disconnect from bba427923.alshamil.net.ae[83.110.234.187]
Oct 5 13:34:24 server postfix/smtpd[12949]: connect from bba427923.alshamil.net.ae[83.110.234.187]
Oct 5 13:34:24 server postfix/smtpd[12952]: connect from bba427923.alshamil.net.ae[83.110.234.187]
Oct 5 13:34:24 server postfix/smtpd[12953]: connect from bba427923.alshamil.net.ae[83.110.234.187]
Oct 5 13:34:24 server postfix/smtpd[12954]: connect from bba427923.alshamil.net.ae[83.110.234.187]
Oct 5 13:34:25 server postfix/smtpd[12955]: connect from bba427923.alshamil.net.ae[83.110.234.187]
Oct 5 13:34:25 server postfix/smtpd[12956]: connect from bba427923.alshamil.net.ae[83.110.234.187]
Oct 5 13:34:25 server postfix/smtpd[12957]: connect from bba427923.alshamil.net.ae[83.110.234.187]
Oct 5 13:34:26 server postfix/smtpd[12958]: connect from bba427923.alshamil.net.ae[83.110.234.187]
Oct 5 13:34:26 server postfix/smtpd[12959]: connect from bba427923.alshamil.net.ae[83.110.234.187]
Oct 5 13:34:27 server postfix/smtpd[12949]: lost connection after AUTH from bba427923.alshamil.net.ae[83.110.234.187]
Oct 5 13:34:27 server postfix/smtpd[12949]: disconnect from bba427923.alshamil.net.ae[83.110.234.187]
Oct 5 13:34:27 server postfix/smtpd[12949]: connect from bba427923.alshamil.net.ae[83.110.234.187]
Oct 5 13:34:27 server postfix/smtpd[12953]: lost connection after AUTH from bba427923.alshamil.net.ae[83.110.234.187]
Oct 5 13:34:27 server postfix/smtpd[12953]: disconnect from bba427923.alshamil.net.ae[83.110.234.187]
Oct 5 13:34:27 server postfix/smtpd[12952]: lost connection after AUTH from bba427923.alshamil.net.ae[83.110.234.187]
Oct 5 13:34:27 server postfix/smtpd[12952]: disconnect from bba427923.alshamil.net.ae[83.110.234.187]
Oct 5 13:34:27 server postfix/smtpd[12954]: lost connection after AUTH from bba427923.alshamil.net.ae[83.110.234.187]
Oct 5 13:34:27 server postfix/smtpd[12954]: disconnect from bba427923.alshamil.net.ae[83.110.234.187]
Oct 5 13:34:27 server postfix/smtpd[12955]: lost connection after AUTH from bba427923.alshamil.net.ae[83.110.234.187]
Oct 5 13:34:27 server postfix/smtpd[12955]: disconnect from bba427923.alshamil.net.ae[83.110.234.187]
Oct 5 13:34:27 server postfix/smtpd[12956]: lost connection after AUTH from bba427923.alshamil.net.ae[83.110.234.187]
Oct 5 13:34:27 server postfix/smtpd[12956]: disconnect from bba427923.alshamil.net.ae[83.110.234.187]
Oct 5 13:34:27 server postfix/smtpd[12953]: connect from bba427923.alshamil.net.ae[83.110.234.187]
Oct 5 13:34:28 server postfix/smtpd[12954]: connect from bba427923.alshamil.net.ae[83.110.234.187]
Oct 5 13:34:28 server postfix/smtpd[12957]: lost connection after AUTH from bba427923.alshamil.net.ae[83.110.234.187]
Oct 5 13:34:28 server postfix/smtpd[12957]: disconnect from bba427923.alshamil.net.ae[83.110.234.187]
Oct 5 13:34:28 server postfix/smtpd[12955]: connect from bba427923.alshamil.net.ae[83.110.234.187]
Oct 5 13:34:28 server postfix/smtpd[12958]: lost connection after AUTH from bba427923.alshamil.net.ae[83.110.234.187]
Oct 5 13:34:28 server postfix/smtpd[12958]: disconnect from bba427923.alshamil.net.ae[83.110.234.187]
Oct 5 13:34:29 server postfix/smtpd[12957]: connect from bba427923.alshamil.net.ae[83.110.234.187]
Oct 5 13:34:29 server postfix/smtpd[12952]: connect from bba427923.alshamil.net.ae[83.110.234.187]
Oct 5 13:34:29 server postfix/smtpd[12959]: lost connection after AUTH from bba427923.alshamil.net.ae[83.110.234.187]
Oct 5 13:34:29 server postfix/smtpd[12959]: disconnect from bba427923.alshamil.net.ae[83.110.234.187]
Oct 5 13:34:29 server postfix/smtpd[12958]: connect from bba427923.alshamil.net.ae[83.110.234.187]
Oct 5 13:34:29 server postfix/smtpd[12956]: connect from bba427923.alshamil.net.ae[83.110.234.187]
Oct 5 13:34:29 server postfix/smtpd[12959]: connect from bba427923.alshamil.net.ae[83.110.234.187]
Oct 5 13:34:29 server postfix/smtpd[12963]: connect from bba427923.alshamil.net.ae[83.110.234.187]
Oct 5 13:34:29 server postfix/smtpd[12966]: connect from bba427923.alshamil.net.ae[83.110.234.187]
Oct 5 13:34:29 server postfix/smtpd[12969]: connect from bba427923.alshamil.net.ae[83.110.234.187]
Oct 5 13:34:29 server postfix/smtpd[12949]: lost connection after AUTH from bba427923.alshamil.net.ae[83.110.234.187]
Oct 5 13:34:29 server postfix/smtpd[12949]: disconnect from bba427923.alshamil.net.ae[83.110.234.187]
Oct 5 13:34:29 server postfix/smtpd[12949]: connect from bba427923.alshamil.net.ae[83.110.234.187]
Oct 5 13:34:29 server postfix/smtpd[12970]: connect from bba427923.alshamil.net.ae[83.110.234.187]
Oct 5 13:34:30 server postfix/smtpd[12971]: connect from bba427923.alshamil.net.ae[83.110.234.187]
Oct 5 13:34:30 server postfix/smtpd[12953]: lost connection after AUTH from bba427923.alshamil.net.ae[83.110.234.187]
Oct 5 13:34:30 server postfix/smtpd[12953]: disconnect from bba427923.alshamil.net.ae[83.110.234.187]
Oct 5 13:34:30 server postfix/smtpd[12954]: lost connection after AUTH from bba427923.alshamil.net.ae[83.110.234.187]
Oct 5 13:34:30 server postfix/smtpd[12954]: disconnect from bba427923.alshamil.net.ae[83.110.234.187]
Oct 5 13:34:31 server postfix/smtpd[12955]: lost connection after AUTH from bba427923.alshamil.net.ae[83.110.234.187]
Oct 5 13:34:31 server postfix/smtpd[12955]: disconnect from bba427923.alshamil.net.ae[83.110.234.187]
Oct 5 13:34:31 server postfix/smtpd[12953]: connect from bba427923.alshamil.net.ae[83.110.234.187]
Oct 5 13:34:31 server postfix/smtpd[12954]: connect from bba427923.alshamil.net.ae[83.110.234.187]
Oct 5 13:34:31 server postfix/smtpd[12957]: lost connection after AUTH from bba427923.alshamil.net.ae[83.110.234.187]
Oct 5 13:34:31 server postfix/smtpd[12957]: disconnect from bba427923.alshamil.net.ae[83.110.234.187]
Oct 5 13:34:32 server postfix/smtpd[12952]: lost connection after AUTH from bba427923.alshamil.net.ae[83.110.234.187]
Oct 5 13:34:32 server postfix/smtpd[12952]: disconnect from bba427923.alshamil.net.ae[83.110.234.187]
Oct 5 13:34:32 server postfix/smtpd[12958]: lost connection after AUTH from bba427923.alshamil.net.ae[83.110.234.187]
Oct 5 13:34:32 server postfix/smtpd[12958]: disconnect from bba427923.alshamil.net.ae[83.110.234.187]
Oct 5 13:34:32 server postfix/smtpd[12956]: lost connection after AUTH from bba427923.alshamil.net.ae[83.110.234.187]
- 2331 megtekintés
Hozzászólások
próbálkozások(nak tűnnek).
fail2ban telepít, betanít. én a harmadik sikertelen próbálkozás után 4-24 óra hosszára (szolgáltatás-függő) pihentetem az ilyeneket.
update:
fail2ban regex-et kell belőni normálisan, úgy látszik hogy nem tiltja az ilyen bejegyzések után az ip címet. ha így van, akkor regex hiba/hiány lehet. ehhez majd a jail-ben állíts findtime-ot 150-re.
--
Aspire E1-530
"...és micsoda zajt csapott!"
- A hozzászóláshoz be kell jelentkezni
köszönöm regex-et belőttem teszteltem eddig úgy tűnik pöpec :)
nagyon köszi a segítséget!
- A hozzászóláshoz be kell jelentkezni