5 Feb
2014
5 Feb
'14
12:11 p.m.
looks like someones box has been hacked it is a shopping site in Italy.
Lin
On Wed, Feb 5, 2014 at 12:54 PM, William Lewis <kg6baj(a)n1oes.org> wrote:
> (Please trim inclusions from previous messages)
> _______________________________________________
> Just a heads up to the 44 Group who run 44 addressed mail servers.
>
> Over the last few days I've had someone trying to break into my mail
> server.
>
> After installing more detection software, I came up with IP Address
> 178.33.151.117.
>
> Just a heads up he's probably scanning the network looking for others, so
> heads up everyone.
>
> Bill / KG6BAJ
>
> ==========================================
>
> AUTOMATED NOTIFICATION !
>
> The IP 178.33.151.117 has just been banned after several attempts against
> dovecot.
>
>
> Here are more information about 178.33.151.117:
>
> % This is the RIPE Database query service.
> % The objects are in RPSL format.
> %
> % The RIPE Database is subject to Terms and Conditions.
> % See http://www.ripe.net/db/support/db-terms-conditions.pdf
>
> % Note: this output has been filtered.
> % To receive output for a database update, use the "-B" flag.
>
> % Information related to '178.33.151.112 - 178.33.151.127'
>
> % Abuse contact for '178.33.151.112 - 178.33.151.127' is
'abuse(a)ovh.net'
>
> inetnum: 178.33.151.112 - 178.33.151.127
> netname: DVC-ITA
> descr: DoveConviene.it Italian Network
> country: IT
> org: ORG-OS43-RIPE
> admin-c: OTC5-RIPE
> tech-c: OTC5-RIPE
> status: ASSIGNED PA
> mnt-by: OVH-MNT
> source: RIPE # Filtered
>
> organisation: ORG-OS43-RIPE
> org-name: OVH Srl
> org-type: OTHER
> address: Via trieste 25
> address: 20097 San Donato Milanese
> address: Italia
> abuse-mailbox: abuse(a)ovh.net
> mnt-ref: OVH-MNT
> mnt-by: OVH-MNT
> source: RIPE # Filtered
>
> role: OVH IT Technical Contact
> address: OVH Srl
> address: Via trieste 25
> address: 20097 San Donato Milanese
> address: Italia
> admin-c: OK217-RIPE
> tech-c: GM84-RIPE
> nic-hdl: OTC5-RIPE
> abuse-mailbox: abuse(a)ovh.net
> mnt-by: OVH-MNT
> source: RIPE # Filtered
>
> % Information related to '178.32.0.0/15AS16276'
>
> route: 178.32.0.0/15
> descr: OVH ISP
> descr: Paris, France
> origin: AS16276
> mnt-by: OVH-MNT
> source: RIPE # Filtered
>
> % This query was served by the RIPE Database Query Service version 1.71
> (WHOIS1)
>
>
> Lines containing IP:178.33.151.117 in /var/log/mail.log
>
> Feb 5 04:15:37 linux1 dovecot: pop3-login: Disconnected (auth failed, 1
> attempts): user=<test(a)ampr.org>rg>, method=PLAIN, rip=178.33.151.117,
> lip=44.2.14.2
> Feb 5 04:17:23 linux1 dovecot: pop3-login: Disconnected (auth failed, 1
> attempts): user=<test(a)ampr.org>rg>, method=PLAIN, rip=178.33.151.117,
> lip=44.2.14.2
> Feb 5 04:17:41 linux1 dovecot: pop3-login: Disconnected (auth failed, 1
> attempts): user=<test(a)ampr.org>rg>, method=PLAIN, rip=178.33.151.117,
> lip=44.2.14.2
> ...... <snip>
>