The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Should I worry about imap connections from an unknown IP?

Discussion in 'General Discussion' started by Vatoloco, Jul 23, 2005.

  1. Vatoloco

    Vatoloco Well-Known Member

    Joined:
    Jun 21, 2004
    Messages:
    100
    Likes Received:
    0
    Trophy Points:
    166
    I'm the only person with access to my server. I don't do any reselling. In my logwatch last night I had this entry:

    --------------------- Connections (secure-log) Begin ------------------------

    Connections:
    Service imap:
    69.56.245.114: 2 Time(s)
    127.0.0.1: 176 Time(s)


    I have no idea who's IP the 69.56.245.114 is. It's a webhost in texas (theplanet.com) which is far away from me.
     
    #1 Vatoloco, Jul 23, 2005
  2. digitard

    digitard Well-Known Member

    Joined:
    Aug 13, 2004
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    156
    It may be a wrong connection attempt, who knows.

    I recommend though, just to play it safe, maybe reset your password to something that uses lower case, capital and numbers (I even add special characters such as @) to minimize the risk or something guessing your passcode.
     
    #2 digitard, Jul 23, 2005
  3. Vatoloco

    Vatoloco Well-Known Member

    Joined:
    Jun 21, 2004
    Messages:
    100
    Likes Received:
    0
    Trophy Points:
    166
    Do invalid logins show up there also? For some reason I was thinking that if they show up in that log in means they were successful connections.

    I do have a good password and I'm very careful with security so I think it's unlikely that anyone would be able to get ahold of it or brute-force their way in.
     
    #3 Vatoloco, Jul 23, 2005
  4. digitard

    digitard Well-Known Member

    Joined:
    Aug 13, 2004
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    156
    I think it shows any connection... cause even if the password/username is wrong it still has to make a successful connection to the server before it can query the username/pass.

    I haven't really checked my logs a lot lately (just pay attention mainly to BFD bans and things).

    One thing you may wanna do, if you haven't already, is run APF + BFD. I'm sure you're familiar with the APF firewall. There's an addition called BFD which will ban people for attempting to connect to your box with random usernames/passes. I get like 30 bans a day...lol.

    You acn get info up in that 'beginners guide to securing your server' thread if ya dont already have it.
     
    #4 digitard, Jul 23, 2005
  5. Vatoloco

    Vatoloco Well-Known Member

    Joined:
    Jun 21, 2004
    Messages:
    100
    Likes Received:
    0
    Trophy Points:
    166
    I guess I need to get BFD installed. Usually the only thing in this log is 127.0.0.1 and every now and then maybe one other that tried to connect once. The last couple of days though it's been full of them and looked like this:

    Code:
    --------------------- Connections (secure-log) Begin ------------------------ 

Connections:
   Service imap:
      60.164.127.2: 2 Time(s)
      67.15.62.16: 420 Time(s)
      81.220.165.125: 2 Time(s)
      82.48.107.11: 2 Time(s)
      82.56.16.189: 2 Time(s)
      82.56.20.227: 2 Time(s)
      82.67.210.110: 2 Time(s)
      83.50.98.133: 2 Time(s)
      84.0.246.135: 2 Time(s)
      84.97.58.52: 2 Time(s)
      84.121.70.190: 2 Time(s)
      84.164.95.209: 3 Time(s)
      86.125.16.122: 2 Time(s)
      127.0.0.1: 173 Time(s)
      134.39.120.248: 1 Time(s)
      218.7.13.217: 2 Time(s)
      218.16.129.221: 2 Time(s)
      222.11.219.8: 1 Time(s)
      222.83.232.234: 2 Time(s)
      222.86.62.33: 2 Time(s)
      222.95.172.54: 2 Time(s)
    How do you tell if a connection was actually successful and not just an invalid log-in attempt?
     
    #5 Vatoloco, Sep 7, 2005
  6. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,472
    Likes Received:
    20
    Trophy Points:
    463
    Location:
    Go on, have a guess
    You can check in /var/log/maillog where the imap connections are logged.
     
    #6 chirpy, Sep 7, 2005
(You must log in or sign up to post here.)
Loading...
Similar Threads - Should worry imap
  1. mitt

    Domain pointed to IP should resolve to cPanel account

    mitt, May 23, 2017, in forum: Bind / DNS / Nameserver Issues
    Replies:
    4
    Views:
    276
    cPanelMichael
    May 29, 2017
  2. Anoop P Alias

    restartsrv mysql doing things it should not

    Anoop P Alias, May 20, 2017, in forum: cPanel Developers
    Replies:
    1
    Views:
    152
    cPanelMichael
    May 24, 2017
  3. yagami_kira

    How often should you do Graceful Server Reboot?

    yagami_kira, Mar 11, 2017, in forum: Security
    Replies:
    5
    Views:
    716
    cPanelMichael
    Mar 13, 2017
  4. kitchin

    Mariadb, what should be in yum.conf ?

    kitchin, Mar 8, 2017, in forum: Database Discussions
    Replies:
    1
    Views:
    234
    cPanelMichael
    Mar 12, 2017
  5. ItsMattSon

    SOLVED What should SPF Record be if you're on a GoDaddy VPS?

    ItsMattSon, Feb 15, 2017, in forum: E-mail Discussions
    Replies:
    6
    Views:
    490
    cPanelMichael
    Feb 17, 2017

Share This Page