I'm fed up of checking my logs daily to find brute force login attempts on emails, some times as many as 50 over night.
So in CSF I closed ports 110,143,220,465,587,993,995 to all but my home country code.
Either this is working to a point, or the hackers got bored and moved on.
However, if it is working, then I'm still seeing a very small number, but I've no ideas why.
How would I find which port they might be using, so I can close this one too ??
So in CSF I closed ports 110,143,220,465,587,993,995 to all but my home country code.
Either this is working to a point, or the hackers got bored and moved on.
However, if it is working, then I'm still seeing a very small number, but I've no ideas why.
Code:
2017-02-28 02:41:29 SMTP connection from [xxx.xx.xxx.xxx]:50841 (TCP/IP connection count = 1)
2017-02-28 02:41:30 no host name found for IP address xxx.xx.xxx.xxx
2017-02-28 02:41:50 no host name found for IP address xxx.xx.xxx.xxx
2017-02-28 02:41:52 no host name found for IP address xxx.xx.xxx.xxx
2017-02-28 02:41:58 dovecot_plain authenticator failed for ([127.0.0.1]) [xxx.xx.xxx.xxx]:50841: 535 Incorrect authentication data (set_id=user)
2017-02-28 02:42:00 SMTP connection from ([127.0.0.1]) [xxx.xx.xxx.xxx]:50841 lost
2017-02-28 02:42:01 SMTP connection from [xxx.xx.xxx.xxx]:54329 (TCP/IP connection count = 1)
2017-02-28 02:42:01 no host name found for IP address xxx.xx.xxx.xxx
2017-02-28 02:45:06 SMTP command timeout on connection from [xxx.xx.xxx.xxx]:54329