1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

How to block smtp_auth hackers what are targeting a specific account?

Discussion in 'Plesk 9.x for Linux Issues, Fixes, How-To' started by eugenevdm, Apr 2, 2011.

  1. eugenevdm

    eugenevdm Silver Pleskian

    30
    68%
    Joined:
    Nov 11, 2003
    Messages:
    611
    Likes Received:
    0
    I get this in my Qmail log files:

    tail -f /usr/local/psa/var/log/maillog | egrep -i "unable|failed|refused|error|warning|listed"

    This repeats over and over from all different IP address. At some stage the compromised user's password was changed so the spammers can't get back into that account.

    However, I want to take additional precaution and permanently block those IP addresses. Please recommend something that checks for repeated failed logins on SMTP and then block the IP addresses.
     
Loading...