The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Should I worry about imap connections from an unknown IP?

Discussion in 'General Discussion' started by Vatoloco, Jul 23, 2005.

  1. Vatoloco

    Vatoloco Well-Known Member

    Joined:
    Jun 21, 2004
    Messages:
    100
    Likes Received:
    0
    Trophy Points:
    16
    I'm the only person with access to my server. I don't do any reselling. In my logwatch last night I had this entry:

    --------------------- Connections (secure-log) Begin ------------------------

    Connections:
    Service imap:
    69.56.245.114: 2 Time(s)
    127.0.0.1: 176 Time(s)


    I have no idea who's IP the 69.56.245.114 is. It's a webhost in texas (theplanet.com) which is far away from me.
     
  2. digitard

    digitard Well-Known Member

    Joined:
    Aug 13, 2004
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    6
    It may be a wrong connection attempt, who knows.

    I recommend though, just to play it safe, maybe reset your password to something that uses lower case, capital and numbers (I even add special characters such as @) to minimize the risk or something guessing your passcode.
     
  3. Vatoloco

    Vatoloco Well-Known Member

    Joined:
    Jun 21, 2004
    Messages:
    100
    Likes Received:
    0
    Trophy Points:
    16
    Do invalid logins show up there also? For some reason I was thinking that if they show up in that log in means they were successful connections.

    I do have a good password and I'm very careful with security so I think it's unlikely that anyone would be able to get ahold of it or brute-force their way in.
     
  4. digitard

    digitard Well-Known Member

    Joined:
    Aug 13, 2004
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    6
    I think it shows any connection... cause even if the password/username is wrong it still has to make a successful connection to the server before it can query the username/pass.

    I haven't really checked my logs a lot lately (just pay attention mainly to BFD bans and things).

    One thing you may wanna do, if you haven't already, is run APF + BFD. I'm sure you're familiar with the APF firewall. There's an addition called BFD which will ban people for attempting to connect to your box with random usernames/passes. I get like 30 bans a day...lol.

    You acn get info up in that 'beginners guide to securing your server' thread if ya dont already have it.
     
  5. Vatoloco

    Vatoloco Well-Known Member

    Joined:
    Jun 21, 2004
    Messages:
    100
    Likes Received:
    0
    Trophy Points:
    16
    I guess I need to get BFD installed. Usually the only thing in this log is 127.0.0.1 and every now and then maybe one other that tried to connect once. The last couple of days though it's been full of them and looked like this:

    Code:
    --------------------- Connections (secure-log) Begin ------------------------ 
    
    Connections:
       Service imap:
          60.164.127.2: 2 Time(s)
          67.15.62.16: 420 Time(s)
          81.220.165.125: 2 Time(s)
          82.48.107.11: 2 Time(s)
          82.56.16.189: 2 Time(s)
          82.56.20.227: 2 Time(s)
          82.67.210.110: 2 Time(s)
          83.50.98.133: 2 Time(s)
          84.0.246.135: 2 Time(s)
          84.97.58.52: 2 Time(s)
          84.121.70.190: 2 Time(s)
          84.164.95.209: 3 Time(s)
          86.125.16.122: 2 Time(s)
          127.0.0.1: 173 Time(s)
          134.39.120.248: 1 Time(s)
          218.7.13.217: 2 Time(s)
          218.16.129.221: 2 Time(s)
          222.11.219.8: 1 Time(s)
          222.83.232.234: 2 Time(s)
          222.86.62.33: 2 Time(s)
          222.95.172.54: 2 Time(s)
    
    How do you tell if a connection was actually successful and not just an invalid log-in attempt?
     
  6. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    You can check in /var/log/maillog where the imap connections are logged.
     
Loading...

Share This Page