The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Attack on Exim!

Discussion in 'General Discussion' started by fleksi, Jan 15, 2006.

  1. fleksi

    fleksi Well-Known Member

    Joined:
    Sep 17, 2003
    Messages:
    125
    Likes Received:
    0
    Trophy Points:
    16
    I have a lot of "no IP address found for host e500.indumil.gov.co" messages with different IPs.
    I already blocked "e500.indumil.gov.co" using mod_security but have no luck.
    Please help me to stop this attack. Thank you

    Below is a quotes from exim_mainlog:
    ---
    2006-01-15 06:48:46 no IP address found for host e500.indumil.gov.co (during SMTP connection from (abqori) [206.73.210.65]:2579 I=[70.84.104.200]:25)
    2006-01-15 06:48:53 no IP address found for host e500.indumil.gov.co (during SMTP connection from (server2.safelist-nation.com) [63.247.74.66]:48333 I=[70.84.104.200]:25)
    2006-01-15 06:50:00 no IP address found for host e500.indumil.gov.co (during SMTP connection from (aol.com) [71.195.213.239]:3506 I=[70.84.104.200]:25)
    2006-01-15 06:50:26 no IP address found for host e500.indumil.gov.co (during SMTP connection from (localhost) [12.217.69.169]:3469 I=[70.84.104.200]:25)
    2006-01-15 06:50:36 no IP address found for host e500.indumil.gov.co (during SMTP connection from (JOHN-RO10B1Z0XA) [68.59.7.113]:4781 I=[70.84.104.200]:25)
    2006-01-15 06:50:42 no IP address found for host e500.indumil.gov.co (during SMTP connection from (2iaku.qyir2.rr.com) [68.59.7.113]:4960 I=[70.84.104.200]:25)
    2006-01-15 06:50:47 no IP address found for host e500.indumil.gov.co (during SMTP connection from (abuhanif) [206.73.210.65]:3272 I=[70.84.104.200]:25)
    2006-01-15 06:50:48 no IP address found for host e500.indumil.gov.co (during SMTP connection from (odtdor1.a1o4.optonline.net) [222.253.71.69]:4354 I=[70.84.104.200]:25)
    2006-01-15 06:50:50 no IP address found for host e500.indumil.gov.co (during SMTP connection from pcp09629197pcs.wltrbr01.sc.comcast.net (JOHN-RO10B1Z0XA) [68.59.7.113]:1121 I=[70.84.104.200]:25)
    2006-01-15 06:50:53 no IP address found for host e500.indumil.gov.co (during SMTP connection from pcp09629197pcs.wltrbr01.sc.comcast.net (JOHN-RO10B1Z0XA) [68.59.7.113]:1121 I=[70.84.104.200]:25)
    2006-01-15 06:50:55 no IP address found for host e500.indumil.gov.co (during SMTP connection from (SERVER) [222.253.71.69]:4457 I=[70.84.104.200]:25)
    2006-01-15 06:50:56 no IP address found for host e500.indumil.gov.co (during SMTP connection from (JOHN-RO10B1Z0XA) [68.59.7.113]:1277 I=[70.84.104.204]:25)
    2006-01-15 06:50:58 no IP address found for host e500.indumil.gov.co (during SMTP connection from (JOHN-RO10B1Z0XA.wh1xae.com) [68.59.7.113]:1332 I=[70.84.104.200]:25)
    2006-01-15 06:51:01 no IP address found for host e500.indumil.gov.co (during SMTP connection from (JOHN-RO10B1Z0XA.ou3yvvic.com) [68.59.7.113]:1389 I=[70.84.104.204]:25)
    2006-01-15 06:51:02 no IP address found for host e500.indumil.gov.co (during SMTP connection from pcp09629197pcs.wltrbr01.sc.comcast.net (JOHN-RO10B1Z0XA.wh1xae.com) [68.59.7.113]:1332 I=[70.84.104.200]:25)
    2006-01-15 06:51:02 no IP address found for host e500.indumil.gov.co (during SMTP connection from (SERVER.vnavd37.com) [222.253.71.69]:4581 I=[70.84.104.200]:25)
    2006-01-15 06:51:05 no IP address found for host e500.indumil.gov.co (during SMTP connection from pcp09629197pcs.wltrbr01.sc.comcast.net (JOHN-RO10B1Z0XA.wh1xae.com) [68.59.7.113]:1332 I=[70.84.104.200]:25)
    2006-01-15 06:51:05 no IP address found for host e500.indumil.gov.co (during SMTP connection from (abuhanif) [206.73.210.65]:1402 I=[70.84.104.200]:25)
    2006-01-15 06:51:07 no IP address found for host e500.indumil.gov.co (during SMTP connection from (JOHN-RO10B1Z0XA) [68.59.7.113]:1500 I=[70.84.104.204]:25)
    2006-01-15 06:51:09 no IP address found for host e500.indumil.gov.co (during SMTP connection from (SERVER) [222.253.71.69]:4709 I=[70.84.104.200]:25)
    2006-01-15 06:51:10 no IP address found for host e500.indumil.gov.co (during SMTP connection from (uedh.t4d1bo.rr.com) [68.59.7.113]:1579 I=[70.84.104.200]:25)
    2006-01-15 06:51:12 no IP address found for host e500.indumil.gov.co (during SMTP connection from (JOHN-RO10B1Z0XA.pumo22wi.net) [68.59.7.113]:1618 I=[70.84.104.204]:25)
    2006-01-15 06:51:13 no IP address found for host e500.indumil.gov.co (during SMTP connection from pcp09629197pcs.wltrbr01.sc.comcast.net (uedh.t4d1bo.rr.com) [68.59.7.113]:1579 I=[70.84.104.200]:25)
    2006-01-15 06:51:16 no IP address found for host e500.indumil.gov.co (during SMTP connection from (ulea.e7of.cox.net) [222.253.71.69]:4823 I=[70.84.104.200]:25)
    2006-01-15 06:51:16 no IP address found for host e500.indumil.gov.co (during SMTP connection from pcp09629197pcs.wltrbr01.sc.comcast.net (uedh.t4d1bo.rr.com) [68.59.7.113]:1579 I=[70.84.104.200]:25)
    2006-01-15 06:51:17 no IP address found for host e500.indumil.gov.co (during SMTP connection from (JOHN-RO10B1Z0XA.awauahu.com) [68.59.7.113]:1712 I=[70.84.104.204]:25)
    2006-01-15 06:51:22 no IP address found for host e500.indumil.gov.co (during SMTP connection from (JOHN-RO10B1Z0XA.br0ipc4.net) [68.59.7.113]:1775 I=[70.84.104.200]:25)
    2006-01-15 06:51:22 no IP address found for host e500.indumil.gov.co (during SMTP connection from (localhost) [207.192.244.223]:1033 I=[70.84.104.200]:25)
    2006-01-15 06:51:23 no IP address found for host e500.indumil.gov.co (during SMTP connection from (iiuo.uui84ue.aol.com) [222.253.71.69]:4984 I=[70.84.104.200]:25)
    2006-01-15 06:51:23 no IP address found for host e500.indumil.gov.co (during SMTP connection from (qv12.eis53up.comcast.net) [68.59.7.113]:1795 I=[70.84.104.204]:25)
    2006-01-15 06:51:25 no IP address found for host e500.indumil.gov.co (during SMTP connection from pcp09629197pcs.wltrbr01.sc.comcast.net (JOHN-RO10B1Z0XA.br0ipc4.net) [68.59.7.113]:1775 I=[70.84.104.200]:25)
    2006-01-15 06:51:26 no IP address found for host e500.indumil.gov.co (during SMTP connection from (bmisurveyor.com) [222.124.72.5]:2317 I=[70.84.104.200]:25)
    2006-01-15 06:51:28 no IP address found for host e500.indumil.gov.co (during SMTP connection from pcp09629197pcs.wltrbr01.sc.comcast.net (JOHN-RO10B1Z0XA.br0ipc4.net) [68.59.7.113]:1775 I=[70.84.104.200]:25)
    2006-01-15 06:51:28 no IP address found for host e500.indumil.gov.co (during SMTP connection from (a0wui1h.2445abm8.verizon.net) [68.59.7.113]:1878 I=[70.84.104.204]:25)
    2006-01-15 06:51:29 no IP address found for host e500.indumil.gov.co (during SMTP connection from (SERVER.8bidfwzl.org) [222.253.71.69]:3104 I=[70.84.104.200]:25)
    ---

    -fl-
     
    #1 fleksi, Jan 15, 2006
    Last edited: Jan 15, 2006
  2. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    This issue has been discussed many many times in these forums. Most likely, clients with bad/insecure Php/cgi scripts. Upgrade and secure your server (you can find out how in these forums, or hire a sys admin), is your best option.
     
  3. simplestar

    simplestar Well-Known Member

    Joined:
    Nov 15, 2005
    Messages:
    97
    Likes Received:
    0
    Trophy Points:
    6
    I've been getting Exim attacks like mad ever since I did this conversion thing.
     
  4. racomnet

    racomnet BANNED

    Joined:
    Oct 6, 2004
    Messages:
    68
    Likes Received:
    0
    Trophy Points:
    0
    If you have apf try this:
    apf -d 70.84.104.1/24
    if you don't have apf, run this command

    iptables -I INPUT -s 70.84.104.1/24 -j DROP
     
  5. fleksi

    fleksi Well-Known Member

    Joined:
    Sep 17, 2003
    Messages:
    125
    Likes Received:
    0
    Trophy Points:
    16
    problem fixed

    The problem fixed after removed "e500.indumil.gov.co" entry from exim_deny which should consist of ONLY IP addresses.

    -fl-
     
Loading...

Share This Page