Eric Pretorious
Regular Pleskian
In the proces of writing a daemon to monitor and respond to failed login attempts, I noticed this pattern repeated numerous times every day:
- Five simultaneous connections - never any more, never any less:
Code:Sep 9 04:00:34 www postfix/smtpd[444]: connect from 592329.soborka.net[94.158.158.194] Sep 9 04:00:34 www postfix/smtpd[446]: connect from host-94-158-158-194.soborka.net[94.158.158.194] Sep 9 04:00:34 www postfix/smtpd[447]: connect from host-94-158-158-194.soborka.net[94.158.158.194] Sep 9 04:00:34 www postfix/smtpd[449]: connect from 592329.soborka.net[94.158.158.194] Sep 9 04:00:34 www postfix/smtpd[450]: connect from 592329.soborka.net[94.158.158.194]
- Followed by five simultaneous authentication failures:
Code:Sep 9 04:00:34 www postfix/smtpd[444]: warning: 592329.soborka.net[94.158.158.194]: SASL LOGIN authentication failed: authentication failure ... Sep 9 04:00:34 www postfix/smtpd[446]: warning: host-94-158-158-194.soborka.net[94.158.158.194]: SASL LOGIN authentication failed: authentication failure ... Sep 9 04:00:34 www postfix/smtpd[447]: warning: host-94-158-158-194.soborka.net[94.158.158.194]: SASL LOGIN authentication failed: authentication failure ... Sep 9 04:00:34 www postfix/smtpd[449]: warning: 592329.soborka.net[94.158.158.194]: SASL LOGIN authentication failed: authentication failure ... Sep 9 04:00:34 www postfix/smtpd[450]: warning: 592329.soborka.net[94.158.158.194]: SASL LOGIN authentication failed: authentication failure
Last edited: