This is typical for hosts exposed to the general Internet; we get hundreds of failed probing login attempts every day on our systems at work. I don't know of any effective way to stop it unless you restrict login ports to a small set of addresses by firewalling or turn off logins entirely. - Brian
On Sun, Jun 12, 2016 at 03:39:43PM -0300, Pedro Converso wrote:
(Please trim inclusions from previous messages) _______________________________________________ Hello,
Since last months my JNOS MBOX is being attacked:
15:24:59 94.53.236.39:55248 - MBOX (supervisor) bad login 15:25:07 113.162.86.77:35247 - MBOX (support) bad login 15:25:09 190.140.17.22:53348 - MBOX (root) bad login 15:25:14 92.27.102.224:38887 - MBOX (support) bad login 15:25:14 114.109.125.48:42069 - MBOX (administrator) bad login 15:25:35 190.140.17.22:54146 - MBOX (root) bad login 15:25:50 92.27.102.224:40191 - MBOX (support) bad login 15:26:33 182.184.71.162:41259 - MBOX (root) bad login 15:26:49 182.184.71.162:41259 - MBOX (sh) bad login 15:26:50 89.22.213.165:33979 - MBOX (root) bad login 15:27:52 89.22.213.165:34979 - MBOX (root) bad login
None of the users tried have granted permit.
Installed fail2ban but not avail. Attacking IPs change continuosly, routing to loopback no help Due heavy load jnos eventually hangs.
Is it there any way/suggestion to stop this ?
Appreciate any help. 73, lu7abf, Pedro Converso 44.153.0.1 or conversoft.com.ar pconver@gmail.com