5 Feb
2014
5 Feb
'14
11:54 a.m.
Just a heads up to the 44 Group who run 44 addressed mail servers.
Over the last few days I've had someone trying to break into my mail server.
After installing more detection software, I came up with IP Address
178.33.151.117.
Just a heads up he's probably scanning the network looking for others, so
heads up everyone.
Bill / KG6BAJ
==========================================
AUTOMATED NOTIFICATION !
The IP 178.33.151.117 has just been banned after several attempts against
dovecot.
Here are more information about 178.33.151.117:
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf
% Note: this output has been filtered.
% To receive output for a database update, use the "-B" flag.
% Information related to '178.33.151.112 - 178.33.151.127'
% Abuse contact for '178.33.151.112 - 178.33.151.127' is 'abuse(a)ovh.net'
inetnum: 178.33.151.112 - 178.33.151.127
netname: DVC-ITA
descr: DoveConviene.it Italian Network
country: IT
org: ORG-OS43-RIPE
admin-c: OTC5-RIPE
tech-c: OTC5-RIPE
status: ASSIGNED PA
mnt-by: OVH-MNT
source: RIPE # Filtered
organisation: ORG-OS43-RIPE
org-name: OVH Srl
org-type: OTHER
address: Via trieste 25
address: 20097 San Donato Milanese
address: Italia
abuse-mailbox: abuse(a)ovh.net
mnt-ref: OVH-MNT
mnt-by: OVH-MNT
source: RIPE # Filtered
role: OVH IT Technical Contact
address: OVH Srl
address: Via trieste 25
address: 20097 San Donato Milanese
address: Italia
admin-c: OK217-RIPE
tech-c: GM84-RIPE
nic-hdl: OTC5-RIPE
abuse-mailbox: abuse(a)ovh.net
mnt-by: OVH-MNT
source: RIPE # Filtered
% Information related to '178.32.0.0/15AS16276'
route: 178.32.0.0/15
descr: OVH ISP
descr: Paris, France
origin: AS16276
mnt-by: OVH-MNT
source: RIPE # Filtered
% This query was served by the RIPE Database Query Service version 1.71
(WHOIS1)
Lines containing IP:178.33.151.117 in /var/log/mail.log
Feb 5 04:15:37 linux1 dovecot: pop3-login: Disconnected (auth failed, 1
attempts): user=<test(a)ampr.org>rg>, method=PLAIN, rip=178.33.151.117,
lip=44.2.14.2
Feb 5 04:17:23 linux1 dovecot: pop3-login: Disconnected (auth failed, 1
attempts): user=<test(a)ampr.org>rg>, method=PLAIN, rip=178.33.151.117,
lip=44.2.14.2
Feb 5 04:17:41 linux1 dovecot: pop3-login: Disconnected (auth failed, 1
attempts): user=<test(a)ampr.org>rg>, method=PLAIN, rip=178.33.151.117,
lip=44.2.14.2
...... <snip>