Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Should I worry about imap connections from an unknown IP?

Discussion in 'General Discussion' started by Vatoloco, Jul 23, 2005.

  1. Vatoloco

    Vatoloco Well-Known Member

    Joined:
    Jun 21, 2004
    Messages:
    99
    Likes Received:
    0
    Trophy Points:
    166
    I'm the only person with access to my server. I don't do any reselling. In my logwatch last night I had this entry:

    --------------------- Connections (secure-log) Begin ------------------------

    Connections:
    Service imap:
    69.56.245.114: 2 Time(s)
    127.0.0.1: 176 Time(s)


    I have no idea who's IP the 69.56.245.114 is. It's a webhost in texas (theplanet.com) which is far away from me.
     
    #1 Vatoloco, Jul 23, 2005
  2. digitard

    digitard Well-Known Member

    Joined:
    Aug 13, 2004
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    156
    It may be a wrong connection attempt, who knows.

    I recommend though, just to play it safe, maybe reset your password to something that uses lower case, capital and numbers (I even add special characters such as @) to minimize the risk or something guessing your passcode.
     
    #2 digitard, Jul 23, 2005
  3. Vatoloco

    Vatoloco Well-Known Member

    Joined:
    Jun 21, 2004
    Messages:
    99
    Likes Received:
    0
    Trophy Points:
    166
    Do invalid logins show up there also? For some reason I was thinking that if they show up in that log in means they were successful connections.

    I do have a good password and I'm very careful with security so I think it's unlikely that anyone would be able to get ahold of it or brute-force their way in.
     
    #3 Vatoloco, Jul 23, 2005
  4. digitard

    digitard Well-Known Member

    Joined:
    Aug 13, 2004
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    156
    I think it shows any connection... cause even if the password/username is wrong it still has to make a successful connection to the server before it can query the username/pass.

    I haven't really checked my logs a lot lately (just pay attention mainly to BFD bans and things).

    One thing you may wanna do, if you haven't already, is run APF + BFD. I'm sure you're familiar with the APF firewall. There's an addition called BFD which will ban people for attempting to connect to your box with random usernames/passes. I get like 30 bans a day...lol.

    You acn get info up in that 'beginners guide to securing your server' thread if ya dont already have it.
     
    #4 digitard, Jul 23, 2005
  5. Vatoloco

    Vatoloco Well-Known Member

    Joined:
    Jun 21, 2004
    Messages:
    99
    Likes Received:
    0
    Trophy Points:
    166
    I guess I need to get BFD installed. Usually the only thing in this log is 127.0.0.1 and every now and then maybe one other that tried to connect once. The last couple of days though it's been full of them and looked like this:

    Code:
    --------------------- Connections (secure-log) Begin ------------------------ 

Connections:
   Service imap:
      60.164.127.2: 2 Time(s)
      67.15.62.16: 420 Time(s)
      81.220.165.125: 2 Time(s)
      82.48.107.11: 2 Time(s)
      82.56.16.189: 2 Time(s)
      82.56.20.227: 2 Time(s)
      82.67.210.110: 2 Time(s)
      83.50.98.133: 2 Time(s)
      84.0.246.135: 2 Time(s)
      84.97.58.52: 2 Time(s)
      84.121.70.190: 2 Time(s)
      84.164.95.209: 3 Time(s)
      86.125.16.122: 2 Time(s)
      127.0.0.1: 173 Time(s)
      134.39.120.248: 1 Time(s)
      218.7.13.217: 2 Time(s)
      218.16.129.221: 2 Time(s)
      222.11.219.8: 1 Time(s)
      222.83.232.234: 2 Time(s)
      222.86.62.33: 2 Time(s)
      222.95.172.54: 2 Time(s)
    How do you tell if a connection was actually successful and not just an invalid log-in attempt?
     
    #5 Vatoloco, Sep 7, 2005
  6. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,460
    Likes Received:
    21
    Trophy Points:
    463
    Location:
    Go on, have a guess
    You can check in /var/log/maillog where the imap connections are logged.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #6 chirpy, Sep 7, 2005
(You must log in or sign up to post here.)
Loading...
Similar Threads - Should worry imap
  1. kpmedia

    EA3 to EA4 warnings, should I worry?

    kpmedia, Dec 1, 2017, in forum: EasyApache
    Replies:
    1
    Views:
    775
    cPanelMichael
    Dec 5, 2017
  2. jcwacky

    Should I "Convert All Accounts to PHP-FPM"? Downsides?

    jcwacky, Aug 11, 2018, in forum: General Discussion
    Replies:
    3
    Views:
    86
    jcwacky
    Aug 15, 2018 at 5:38 AM
  3. milsou

    The hostname should be a domain name

    milsou, Jul 16, 2018, in forum: E-mail Discussion
    Replies:
    1
    Views:
    89
    cPanelLauren
    Jul 16, 2018
  4. spaceman

    How often should I reboot the server after updates?

    spaceman, Jul 9, 2018, in forum: Security
    Replies:
    4
    Views:
    122
    cPanelLauren
    Jul 11, 2018
  5. aolbrechts

    AutoSSL not renewing when it should?

    aolbrechts, Jul 3, 2018, in forum: Security
    Replies:
    7
    Views:
    166
    cPanelLauren
    Jul 30, 2018

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice