The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Dictionary attack

Discussion in 'General Discussion' started by rmbnet, Apr 22, 2004.

  1. rmbnet

    rmbnet Well-Known Member

    Joined:
    Feb 22, 2004
    Messages:
    54
    Likes Received:
    0
    Trophy Points:
    6
    One of my customers is getting pretty much hammered and I was wondering if there is anythng we can do short of deleting his MX record to stop this.. We are blocking the connections, but it's taking a toll on one of my servers...

    Note there are thousands of IP addresses and connections inbound..


    Any suggestions?


    2004-04-22 20:41:33 H=(h00a0cc7aadfd.ne.client2.attbi.com) [65.96.19.128] F=<rfopnp@msn.com> rejected RCPT <goldneagle@pikespeak.com>: rejected because 65.96.19.128 is is blacklisted at xbl.spamhaus.org
    2004-04-22 20:41:33 H=(c-67-173-255-27.client.comcast.net) [67.173.255.27] F=<ZGFGYKV@hotmail.com> rejected RCPT <rocollins@pikespeak.com>: rejected because 67.173.255.27 is is blacklisted at xbl.spamhaus.org
    2004-04-22 20:41:33 H=(h00a0cc7aadfd.ne.client2.attbi.com) [65.96.19.128] F=<rfopnp@msn.com> rejected RCPT <gopalan@pikespeak.com>: rejected because 65.96.19.128 is is blacklisted at xbl.spamhaus.org
    2004-04-22 20:41:33 H=(h00a0cc7aadfd.ne.client2.attbi.com) [65.96.19.128] F=<rfopnp@msn.com> rejected RCPT <gretchen@pikespeak.com>: rejected because 65.96.19.128 is is blacklisted at xbl.spamhaus.org
    2004-04-22 20:41:33 H=(h00a0cc7aadfd.ne.client2.attbi.com) [65.96.19.128] F=<rfopnp@msn.com> rejected RCPT <guyana@pikespeak.com>: rejected because 65.96.19.128 is is blacklisted at xbl.spamhaus.org
    2004-04-22 20:41:33 H=(66.139.75.16) [200.44.154.109] F=<shiaahiwuhsw@bantu.com> rejected RCPT <kr@pikespeak.com>: rejected because 200.44.154.109 is is blacklisted at xbl.spamhaus.org
    2004-04-22 20:41:33 H=(h00a0cc7aadfd.ne.client2.attbi.com) [65.96.19.128] F=<rfopnp@msn.com> rejected RCPT <harmony@pikespeak.com>: rejected because 65.96.19.128 is is blacklisted at xbl.spamhaus.org
    2004-04-22 20:41:34 H=(h00a0cc7aadfd.ne.client2.attbi.com)
     
    #1 rmbnet, Apr 22, 2004
    Last edited: Apr 25, 2004
  2. rmbnet

    rmbnet Well-Known Member

    Joined:
    Feb 22, 2004
    Messages:
    54
    Likes Received:
    0
    Trophy Points:
    6
    Bump.. anyone?
    From all the research ive done, this kind of attack only happens to large providers like hotmail and yahoo.. curious that they are hitting this domain as they have 5 users.. Any ideas short of turning his domain off?

    average hits about 1500 individual connections per hour a 50 messages each.. needless to say I dont need this traffic on the server.

    Thanks.. any help would be GREATLY appreciated.
     
  3. casey

    casey Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    2,303
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    If there is trouble, it will find me
    Search for dictionary attack at forums.ev1servers.net. There is a modification posted by aussie that deals with this.
     
  4. rmbnet

    rmbnet Well-Known Member

    Joined:
    Feb 22, 2004
    Messages:
    54
    Likes Received:
    0
    Trophy Points:
    6
    PERFECT!! THANK YOU!!

    I owe ya one :)

    Robert
     
  5. casey

    casey Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    2,303
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    If there is trouble, it will find me
    No problem. I hope it works for you.
     
  6. rmbnet

    rmbnet Well-Known Member

    Joined:
    Feb 22, 2004
    Messages:
    54
    Likes Received:
    0
    Trophy Points:
    6
    Working great, HIGHLY recommended for anyone who needs to filter not only dictionary attacks, but spammers in general.

    Thanks again for the link!

    Robert
     
  7. mydomain

    mydomain Well-Known Member

    Joined:
    Aug 10, 2003
    Messages:
    138
    Likes Received:
    0
    Trophy Points:
    16
    Please can you post the link you used to save the rest of us hunting high and low for the right one?

    TIA
     
  8. rmbnet

    rmbnet Well-Known Member

    Joined:
    Feb 22, 2004
    Messages:
    54
    Likes Received:
    0
    Trophy Points:
    6
  9. ramprage

    ramprage Well-Known Member

    Joined:
    Jul 21, 2002
    Messages:
    667
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Canada
  10. ivaserver

    ivaserver Well-Known Member

    Joined:
    Aug 9, 2002
    Messages:
    111
    Likes Received:
    0
    Trophy Points:
    16
    It says

    Before you begin: You will need Cpanel installed.
    You must be running Exim 4-24.x.

    in WHM server staus it says i am running

    exim (exim-4.34-60_cpanel_stmpcontrol_antivirus_rewrite_mailman2_mailtrap_exiscan)

    will this still work :confused:
     
  11. christi1

    christi1 Well-Known Member

    Joined:
    Oct 20, 2003
    Messages:
    65
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Texas, USA
Loading...

Share This Page