Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Should I worry about imap connections from an unknown IP?

Discussion in 'General Discussion' started by Vatoloco, Jul 23, 2005.

  1. Vatoloco

    Vatoloco Well-Known Member

    Joined:
    Jun 21, 2004
    Messages:
    99
    Likes Received:
    0
    Trophy Points:
    166
    I'm the only person with access to my server. I don't do any reselling. In my logwatch last night I had this entry:

    --------------------- Connections (secure-log) Begin ------------------------

    Connections:
    Service imap:
    69.56.245.114: 2 Time(s)
    127.0.0.1: 176 Time(s)


    I have no idea who's IP the 69.56.245.114 is. It's a webhost in texas (theplanet.com) which is far away from me.
     
    #1 Vatoloco, Jul 23, 2005
  2. digitard

    digitard Well-Known Member

    Joined:
    Aug 13, 2004
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    156
    It may be a wrong connection attempt, who knows.

    I recommend though, just to play it safe, maybe reset your password to something that uses lower case, capital and numbers (I even add special characters such as @) to minimize the risk or something guessing your passcode.
     
    #2 digitard, Jul 23, 2005
  3. Vatoloco

    Vatoloco Well-Known Member

    Joined:
    Jun 21, 2004
    Messages:
    99
    Likes Received:
    0
    Trophy Points:
    166
    Do invalid logins show up there also? For some reason I was thinking that if they show up in that log in means they were successful connections.

    I do have a good password and I'm very careful with security so I think it's unlikely that anyone would be able to get ahold of it or brute-force their way in.
     
    #3 Vatoloco, Jul 23, 2005
  4. digitard

    digitard Well-Known Member

    Joined:
    Aug 13, 2004
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    156
    I think it shows any connection... cause even if the password/username is wrong it still has to make a successful connection to the server before it can query the username/pass.

    I haven't really checked my logs a lot lately (just pay attention mainly to BFD bans and things).

    One thing you may wanna do, if you haven't already, is run APF + BFD. I'm sure you're familiar with the APF firewall. There's an addition called BFD which will ban people for attempting to connect to your box with random usernames/passes. I get like 30 bans a day...lol.

    You acn get info up in that 'beginners guide to securing your server' thread if ya dont already have it.
     
    #4 digitard, Jul 23, 2005
  5. Vatoloco

    Vatoloco Well-Known Member

    Joined:
    Jun 21, 2004
    Messages:
    99
    Likes Received:
    0
    Trophy Points:
    166
    I guess I need to get BFD installed. Usually the only thing in this log is 127.0.0.1 and every now and then maybe one other that tried to connect once. The last couple of days though it's been full of them and looked like this:

    Code:
    --------------------- Connections (secure-log) Begin ------------------------ 

Connections:
   Service imap:
      60.164.127.2: 2 Time(s)
      67.15.62.16: 420 Time(s)
      81.220.165.125: 2 Time(s)
      82.48.107.11: 2 Time(s)
      82.56.16.189: 2 Time(s)
      82.56.20.227: 2 Time(s)
      82.67.210.110: 2 Time(s)
      83.50.98.133: 2 Time(s)
      84.0.246.135: 2 Time(s)
      84.97.58.52: 2 Time(s)
      84.121.70.190: 2 Time(s)
      84.164.95.209: 3 Time(s)
      86.125.16.122: 2 Time(s)
      127.0.0.1: 173 Time(s)
      134.39.120.248: 1 Time(s)
      218.7.13.217: 2 Time(s)
      218.16.129.221: 2 Time(s)
      222.11.219.8: 1 Time(s)
      222.83.232.234: 2 Time(s)
      222.86.62.33: 2 Time(s)
      222.95.172.54: 2 Time(s)
    How do you tell if a connection was actually successful and not just an invalid log-in attempt?
     
    #5 Vatoloco, Sep 7, 2005
  6. chirpy

    chirpy Well-Known Member Verifed Vendor

    Joined:
    Jun 15, 2002
    Messages:
    13,460
    Likes Received:
    22
    Trophy Points:
    463
    Location:
    Go on, have a guess
    You can check in /var/log/maillog where the imap connections are logged.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #6 chirpy, Sep 7, 2005
(You must log in or sign up to post here.)
Loading...
Similar Threads - Should worry imap
  1. kpmedia

    EA3 to EA4 warnings, should I worry?

    kpmedia, Dec 1, 2017, in forum: EasyApache
    Replies:
    1
    Views:
    2,063
    cPanelMichael
    Dec 5, 2017
  2. Cahoots

    Domains in bandwidth stats that shouldn't be there

    Cahoots, Mar 11, 2019, in forum: General Discussion
    Replies:
    3
    Views:
    272
    cPanelLauren
    Mar 12, 2019 at 12:35 PM
  3. OzyPhil

    SOLVED Installed Cloudlinux & found more users than I should have.

    OzyPhil, Mar 10, 2019, in forum: CloudLinux
    Replies:
    6
    Views:
    233
    cPanelMichael
    Mar 13, 2019 at 12:34 PM
  4. Mrinmoy

    Should I install Linux server in Minimal Mode?

    Mrinmoy, Feb 23, 2019, in forum: General Discussion
    Replies:
    3
    Views:
    104
    cPanelMichael
    Feb 25, 2019
  5. terafuse

    Should I delete /home/cPanelInstall after installation?

    terafuse, Feb 14, 2019, in forum: General Discussion
    Replies:
    2
    Views:
    134
    terafuse
    Feb 18, 2019

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice