| Type: | Brute Force |
| Protocol: | POP3 |
| OS: | Linux 3.6.11+ armv6l |
| Platform: | Pi Rev. B |
| Memory: | 512M |
| Daemon: | Dovecot 2.1.7-7 |
| Backend Daemon: | MySQL 5.5 |
| Backend OS: | Linux 2.6.32-5-amd64 |
| Backend Platform: | Generic AMD A4-3400 APU Dual Core |
| Backend Memory: | 3.5G |
| Total Attempts: | 13356 |
| Avg. Attempt/s: | 2.71 |
Postmortem:
67.136.48.186 was *unable* to successfully authenticate to any valid user.
Attack was mitigated at the firewall (DROP).
abuse@integratelecom.com was contacted about this event.
Our email server directories will be cleaned out February 28th.
What this means…
All ham and spam folders will be completely wiped cleaned.
If you have email in either folder on your account, move it to your inbox or create a new folder to store it.
Thanks.
The Administration
Build Environment:
CentOS 5 x86_64
Postfix 2.3.3 Sources
gcc version 4.1.2 20080704 (Red Hat 4.1.2-44)
2.6.18-164.el5 #1 SMP Thu Sep 3 03:28:30 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux
# Get the src
1) wget http://mirror.centos.org/centos/5.3/centosplus/SRPMS/postfix-2.3.3-2.1.centos.mysql_pgsql.src.rpm
# Install the src RPM
2) rpm -i postfix-2.3.3-2.1.centos.mysql_pgsql.src.rpm
# Install some dependencies I didn’t have
3.1) yum install pcre-devel
3.2) yum install rpm-build
3.3) yum install mysql-devel.x86_64 openldap-devel.x86_64 db4-devel.x86_64
3.4) yum install gcc.x86_64
# Edit SPECS; remove postgres support
4.1) cd /usr/src/redhat/SPECS
4.2) vi postfix.spec and change “%%define PGSQL 1” to “%define PGSQL 0”
# I didn’t want Postgres support
4.3) “%define MYSQL 1” was already defined for me
Bad Behavior has blocked 128 access attempts in the last 7 days.