KrazyBob
Regular Pleskian
All of my 100+ servers have been under constant attack since last week. zen.spamhaus.org is catching much of the incoming SPAM but they are slamming the servers. But the other issue appears to be an attack on port 25 SMTP. lsof -i :25 shows 50-100 simultaneous connections to port 25 from different IP's. I have blocked entire subnets in our hardware firewall from around the globe from which the attacks are coming but I can't get all of them. They are sequenctial blocks as well: 114.x.x.x, 115.x.x.x, 116.x.x.x -- 189.x.x.x, 190.x.x.x -- and are hitting all of my servers at one time. Our alarming systems keep sending alert after alert that SMTP is stopping and restarting. I have edited MAXDAEMONS=160 and MAXPERIP=80 just to keep the service from shutting down.
But what I need is more of a solution to stop the overall problem. Looking at the logs in /var/log shows me that what appears to be brute force attacks on all passworded services are not stopping. FTP, mysql, POP3, SMTP.
I am running Plesk 8.6 inside of Virtuozzo. Because we're behind a firewall I haven't installed APF or BFD but do have IPTABLES installed.
Suggestions?
But what I need is more of a solution to stop the overall problem. Looking at the logs in /var/log shows me that what appears to be brute force attacks on all passworded services are not stopping. FTP, mysql, POP3, SMTP.
I am running Plesk 8.6 inside of Virtuozzo. Because we're behind a firewall I haven't installed APF or BFD but do have IPTABLES installed.
Suggestions?