Mailing List SIMS@mail.stalker.com Message #14668
From: Lewis Butler <lbutler@covisp.net>
Subject: Re: Attack
Date: Sat, 24 Jul 2004 13:56:42 -0600
To: SIMS Discussions <SIMS@mail.stalker.com>
X-Mailer: Apple Mail (2.618)
On 23 Jul 2004, at 08:33, Dave Pooser wrote:
The way I handled them was to change the Postmaster account password to
something extremely hard

...so far so good...

then started blocking their IPs in the blacklist.

Useless, unfortunately. They're trying SMTP AUTH, which bypasses the
blacklist when successful. Only way to stop that is to block 'em at the
firewall. I have most of Asia unable to even get to my SMTP port after
several such experiences. Be aware they'll likely try POP too....

I have only:

# Chinese spammers
ALL: 218.188.0.0/255.255.0.0 : deny
ALL: 218.189.0.0/255.255.0.0 : deny

# fpcservers.com spammers (freeprizeclub.com)
# 50K attempts in one day
ALL: 209.133.28.0/255.255.255.0 : deny
ALL: 209.133.29.0/255.255.255.0 : deny
ALL: .fpcservers.com : deny

in hosts.deny on my OS X machine (easier than setting up firewall rules)

I scan my logs periodically for evidence of dictionary styled password attacks and deny the IP, the Class C, or sometimes the Class B.


--
You are responsible for your Rose
Rule #5 Get Kirsten Dunst Wet

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster