Podczas analizy wielu ataków można zauważyć pewną analogię. Zaczyna się zwykle od sondowania poszczególnych usług działających na serwerze. Są one czasami tak masowe, że pomimo zadziałania fail2ban (opiszę jego konfigurację przy najbliższej okazji) udaje się mimo wszystko obejść jego blokady. Innym razem są one tak delikatne, że przyrównałbym je do muśnięcie rzęs kochającej kobiety. Oba przypadki umykają uwadze automatów. Jest to pole do popisu dla niedocenianej, acz dość popularnej w innych dziedzinach życia profilaktyce, Czyli częsta zmiana haseł i to na coraz silniejsze. Ale jest, jak jest i szczególnie w przypadku kadry kierowniczej powiedzenie szewc chodzi bez butów ma tu szczególne zastosowanie. Co ciekawe nawet włamanie na skrzynkę e-mail nie zmienia wiele w tej kwestii. Pojawiają się jednak od czasu do czasu przebłyski racjonalizmu, ale wiąże to bardziej z batem w postaci ROOD-o niż otrzeźwienia. Wracając do tematu namawiam do ręcznego banowania numerów IP. Łatwo się mówi, gdy mamy do zanalizowania kilkaset numerów IP, ale gdy ich jest kilka tysięcy i więcej (botnet Mirai 49 657 unikalnych adresów IP). Ogólnie ataki siłowe charakteryzują się:
próbami logowania z jednego adresu IP na tego samego, jak również wielu różnych użytkowników
próbami logowania na jedno konto z wielu adresów IP
próby logowania przy wykorzystaniu listy użytkowników (zwykle alfabetycznie ułożonej)
używania adresów URL zawierających nazwę użytkownika i hasło typu http://uzytkownik:hasło@www.bit.sos.pl
because "535 Authentication failed.",cmd: AUTH LOGIN admin@bit.sos.pl - 3 Times Host 190.220.147.114 - 3 Times because "535 Authentication failed.",cmd: AUTH LOGIN glopez - 1 Time Host 204.152.209.101 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN glynis - 1 Time Host 95.168.96.77 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN gmoore - 1 Time Host 204.152.209.101 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN gmorris - 1 Time Host 187.185.190.199 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN gmurphy - 1 Time Host 204.152.209.101 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN gnats - 1 Time Host 211.193.148.63 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN go - 1 Time Host 95.168.96.77 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN goal - 1 Time Host 213.186.180.179 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN god - 1 Time Host 179.232.179.143 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN godoy - 1 Time Host 95.168.96.77 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN gomez - 1 Time Host 189.208.163.224 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN good - 1 Time Host 184.71.152.86 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN gough - 1 Time Host 95.168.96.77 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN gould - 1 Time Host 201.6.115.155 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN gpatterson - 1 Time Host 189.208.163.224 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN gperez - 1 Time Host 96.78.113.20 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN gphillips - 1 Time Host 190.111.24.194 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN grabar - 1 Time Host 189.208.163.224 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN grade - 1 Time Host 179.232.179.143 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN grado - 1 Time Host 82.127.128.117 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN grafico - 1 Time Host 190.247.33.105 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN grajeda - 1 Time Host 95.168.96.77 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN grandmother - 1 Time Host 41.162.101.2 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN gray - 1 Time Host 179.232.179.143 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN grazia - 1 Time Host 177.103.160.67 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN graziela - 1 Time Host 187.185.190.199 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN greed - 1 Time Host 179.232.179.143 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN greene - 1 Time Host 187.185.190.199 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN gregg - 1 Time Host 190.247.33.105 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN gregory - 1 Time Host 179.232.179.143 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN grep - 1 Time Host 89.96.151.178 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN griffith - 1 Time Host 189.208.163.224 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN grimaldo - 1 Time Host 184.71.152.86 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN grimes - 1 Time Host 213.37.253.27 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN grocery - 1 Time Host 96.78.113.20 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN grodriguez - 1 Time Host 189.208.163.224 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN group - 1 Time Host 211.193.148.63 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN grullon - 1 Time Host 179.232.179.143 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN grupo - 1 Time Host 204.152.209.101 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN grussell - 1 Time Host 204.152.209.101 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN gsanchez - 1 Time Host 96.78.113.20 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN gsimmons - 1 Time Host 187.67.179.181 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN guajardo - 1 Time Host 189.208.163.224 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN guel - 1 Time Host 190.111.24.194 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN guest1 - 1 Time Host 204.152.209.101 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN guest3 - 1 Time Host 96.78.113.20 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN guinevre - 1 Time Host 113.171.23.47 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN guitarra - 1 Time Host 41.162.101.2 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN gward - 1 Time Host 89.96.151.178 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN gwilliams - 1 Time Host 189.208.163.224 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN gyoung - 1 Time Host 80.11.241.22 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hacer - 1 Time Host 213.154.29.27 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hadley - 1 Time Host 96.78.113.20 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hailey - 1 Time Host 165.90.108.137 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hailie - 1 Time Host 190.247.33.105 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN haley - 1 Time Host 211.193.148.63 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN halima - 1 Time Host 179.232.179.143 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN halle - 1 Time Host 41.162.101.2 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hallie - 1 Time Host 187.185.190.199 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN halt - 1 Time Host 204.152.209.101 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hamburgo - 1 Time Host 213.37.253.27 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hammer - 1 Time Host 179.232.179.143 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hamza - 1 Time Host 211.193.148.63 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hana - 1 Time Host 165.90.108.137 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN handle - 1 Time Host 190.247.33.105 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hans - 1 Time Host 96.78.113.20 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN happy - 1 Time Host 190.247.33.105 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN harlan - 1 Time Host 96.78.113.20 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN harmonie - 1 Time Host 184.71.152.86 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN harmony - 1 Time Host 213.154.29.27 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN harrison - 1 Time Host 190.247.33.105 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hatti - 1 Time Host 190.145.52.118 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hawkins - 1 Time Host 189.208.163.224 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hayden - 1 Time Host 213.186.180.179 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN haynes - 1 Time Host 184.71.152.86 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hazel - 1 Time Host 213.154.29.27 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hazelle - 1 Time Host 211.193.148.63 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hbailey - 1 Time Host 190.247.33.105 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hbarnes - 1 Time Host 41.162.101.2 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hbrooks - 1 Time Host 187.67.179.181 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN head - 1 Time Host 177.103.160.67 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN heart - 1 Time Host 189.208.163.224 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN heat - 1 Time Host 96.78.113.20 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hell - 1 Time Host 204.152.209.101 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hellen - 1 Time Host 187.185.190.199 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN help - 1 Time Host 211.193.148.63 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN helpdesk - 1 Time Host 190.247.33.105 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN henao - 1 Time Host 41.162.101.2 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hendrix - 1 Time Host 113.171.23.47 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hermione - 1 Time Host 165.90.108.137 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hernandez - 1 Time Host 190.145.52.118 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN herramientas - 1 Time Host 187.185.190.199 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN herrera - 1 Time Host 41.162.101.2 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hgonzales - 1 Time Host 190.145.52.118 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hhall - 2 Times Host 177.103.160.67 - 1 Time Host 187.185.190.199 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hhayes - 1 Time Host 190.111.24.194 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hhoward - 1 Time Host 200.87.62.142 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hhughes - 1 Time Host 95.168.96.77 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hicks - 1 Time Host 96.78.113.20 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN highway - 1 Time Host 96.78.113.20 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN higuera - 1 Time Host 190.111.24.194 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hija - 1 Time Host 190.247.33.105 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hila - 1 Time Host 204.152.209.101 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hilario - 1 Time Host 95.168.96.77 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hilton - 1 Time Host 213.154.29.27 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hinojosa - 1 Time Host 213.154.29.27 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hiromi - 1 Time Host 184.71.152.86 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN historian - 1 Time Host 213.37.253.27 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hjohnson - 1 Time Host 81.137.254.87 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hking - 1 Time Host 190.247.33.105 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hlong - 1 Time Host 211.193.148.63 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hlopez - 1 Time Host 123.200.137.226 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hmorgan - 1 Time Host 184.71.152.86 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hmorris - 1 Time Host 204.152.209.101 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hnelson - 1 Time Host 187.67.179.181 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hodges - 1 Time Host 24.51.95.89 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hodgson - 1 Time Host 96.78.113.20 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hoja - 1 Time Host 96.78.113.20 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hojainformativa - 1 Time Host 81.137.254.87 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hola - 1 Time Host 179.252.114.254 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN holcomb - 1 Time Host 211.193.148.63 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN holding - 1 Time Host 123.200.137.226 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hole - 1 Time Host 81.137.254.87 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN holguin - 1 Time Host 189.58.47.185 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN holland - 1 Time Host 95.168.96.77 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN holt - 1 Time Host 190.111.24.194 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN home - 1 Time Host 24.51.95.89 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN homework - 1 Time Host 113.171.23.47 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hope - 1 Time Host 213.186.180.179 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hopkins - 1 Time Host 190.13.141.234 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hopper - 1 Time Host 187.185.190.199 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hora - 1 Time Host 41.162.101.2 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN host - 1 Time Host 113.171.23.47 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hostigar - 1 Time Host 200.111.104.123 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN howard - 1 Time Host 123.200.137.226 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hoyos - 1 Time Host 89.96.151.178 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hp - 1 Time Host 82.127.128.117 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hpatterson - 1 Time Host 190.247.33.105 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hperry - 1 Time Host 190.13.141.234 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hprice - 1 Time Host 177.103.160.67 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hr - 1 Time Host 179.252.114.254 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hreed - 1 Time Host 190.13.141.234 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hrichardson - 1 Time Host 123.200.137.226 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hrodriguez - 1 Time Host 41.162.101.2 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hrogers - 1 Time Host 187.67.179.181 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN htaylor - 1 Time Host 200.111.104.123 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hthompson - 1 Time Host 211.193.148.63 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN htorres - 1 Time Host 89.96.151.178 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN http - 1 Time Host 24.51.95.89 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN httpd - 1 Time Host 184.71.152.86 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hturner - 1 Time Host 213.154.29.27 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN huber - 1 Time Host 211.193.148.63 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN huey - 1 Time Host 190.247.33.105 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN huezo - 1 Time Host 190.145.52.118 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hughes - 1 Time Host 211.193.148.63 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN huizar - 1 Time Host 95.168.96.77 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN human - 1 Time Host 211.193.148.63 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN humberto - 1 Time Host 187.67.179.181 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN humphrey - 1 Time Host 211.193.148.63 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN humphreys - 1 Time Host 165.90.108.137 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hunter - 1 Time Host 95.168.96.77 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hurley - 1 Time Host 41.220.193.70 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN husband - 1 Time Host 200.111.104.123 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN info@bit.sos.pl - 3 Times Host 190.171.233.75 - 3 Times because "535 Authentication failed.",cmd: AUTH LOGIN jonathan@mail.pl - 1 Time Host 194.53.142.153 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN kontakt - 7 Times Host 54.39.45.84 - 7 Times because "535 Authentication failed.",cmd: AUTH LOGIN kscanner@mail.pl - 1 Time Host 194.53.142.153 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN personal@mail.pl - 1 Time Host 194.53.142.153 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN pop@mail.pl - 2 Times Host 194.53.142.153 - 2 Times because "535 Authentication failed.",cmd: AUTH LOGIN prueba2@mail.pl - 1 Time Host 194.53.142.153 - 1 Time
because "535 Authentication failed.",cmd: AUTH LOGIN arthur - 2 Times Host 5.188.62.230 - 2 Times because "535 Authentication failed.",cmd: AUTH LOGIN helmut - 2 Times Host 5.188.62.230 - 2 Times because "535 Authentication failed.",cmd: AUTH LOGIN marshall - 2 Times Host 5.188.62.230 - 2 Times
because 550 User <www.niunia@jaj.pl> unknown - 72 Times Host 111.192.44.35 - 4 Times From www.niunia@jaj.pl - 4 Times To www.niunia@jaj.pl - 4 Times Host 14.228.12.184 - 4 Times From www.niunia@jaj.pl - 4 Times To www.niunia@jaj.pl - 4 Times Host 156.211.100.169 - 3 Times From www.niunia@jaj.pl - 3 Times To www.niunia@jaj.pl - 3 Times Host 156.211.209.216 - 4 Times From www.niunia@jaj.pl - 4 Times To www.niunia@jaj.pl - 4 Times Host 170.231.148.1 - 4 Times From www.niunia@jaj.pl - 4 Times To www.niunia@jaj.pl - 4 Times Host 179.183.198.253 - 4 Times From www.niunia@jaj.pl - 4 Times To www.niunia@jaj.pl - 4 Times Host 186.237.129.156 - 4 Times From www.niunia@jaj.pl - 4 Times To www.niunia@jaj.pl - 4 Times Host 190.144.61.250 - 2 Times From www.niunia@jaj.pl - 2 Times To www.niunia@jaj.pl - 2 Times Host 191.241.148.172 - 4 Times From www.niunia@jaj.pl - 4 Times To www.niunia@jaj.pl - 4 Times Host 197.221.89.69 - 4 Times From www.niunia@jaj.pl - 4 Times To www.niunia@jaj.pl - 4 Times Host 197.42.222.61 - 4 Times From www.niunia@jaj.pl - 4 Times To www.niunia@jaj.pl - 4 Times Host 2.236.109.166 - 4 Times From www.niunia@jaj.pl - 4 Times To www.niunia@jaj.pl - 4 Times Host 206.126.126.134 - 4 Times From www.niunia@jaj.pl - 4 Times To www.niunia@jaj.pl - 4 Times Host 43.255.221.61 - 3 Times From www.niunia@jaj.pl - 3 Times To www.niunia@jaj.pl - 3 Times Host 46.17.121.214 - 4 Times From www.niunia@jaj.pl - 4 Times To www.niunia@jaj.pl - 4 Times Host 77.30.137.217 - 4 Times From www.niunia@jaj.pl - 4 Times To www.niunia@jaj.pl - 4 Times Host 82.17.232.115 - 4 Times From www.niunia@jaj.pl - 4 Times To www.niunia@jaj.pl - 4 Times Host 89.136.98.98 - 4 Times From www.niunia@jaj.pl - 4 Times To www.niunia@jaj.pl - 4 Times Host 94.129.110.100 - 4 Times From www.niunia@jaj.pl - 4 Times To www.niunia@jaj.pl - 4 Times
because 550 User <jaj@jaj.pl> unknown - 2 Times Host 62.138.18.186 - 1 Time From ayhodkq@onymaxys.eu - 1 Time To jaj@jaj.pl - 1 Time Host 85.25.79.64 - 1 Time From usrecld@motherm.eu - 1 Time To jaj@jaj.pl - 1 Time
Kolejny przykład farmy ZOMBI:
because "535 Authentication failed.",cmd: AUTH CRAM-MD5 topware@jaj.pl - 1 Time Host 46.40.78.251 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN Admin - 1 Time Host 137.116.216.28 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN aaaa - 1 Time Host 78.18.230.84 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN aaaaaa - 1 Time Host 181.197.150.21 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN accountant - 1 Time Host 181.40.120.46 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN accounts - 1 Time Host 181.40.120.46 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN accueil - 1 Time Host 177.103.182.12 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN achat - 1 Time Host 94.79.4.143 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN adam - 1 Time Host 59.124.9.251 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN admin1 - 1 Time Host 181.40.120.46 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN alan - 1 Time Host 202.77.50.129 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN alarm - 1 Time Host 78.18.230.84 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN albert - 1 Time Host 213.79.118.83 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN alena - 1 Time Host 190.171.144.66 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN alexis - 1 Time Host 60.171.185.66 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN alfredo - 1 Time Host 177.103.182.12 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN am - 1 Time Host 181.40.120.46 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN amy - 1 Time Host 181.40.120.46 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN andre - 1 Time Host 202.77.50.129 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN andrea - 1 Time Host 122.179.137.19 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN andres - 1 Time Host 86.47.96.237 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN andrew - 1 Time Host 78.131.87.207 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN angeles - 1 Time Host 122.179.137.19 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN ann - 1 Time Host 181.166.222.64 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN anna - 1 Time Host 206.210.123.98 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN anthony - 1 Time Host 79.158.248.148 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN antivirus - 1 Time Host 197.248.39.202 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN arcserve - 1 Time Host 190.171.144.66 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN atelier - 1 Time Host 122.179.137.19 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN auditoria - 1 Time Host 206.210.123.98 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN avis - 1 Time Host 179.41.26.133 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN b - 1 Time Host 60.171.185.66 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN barcode - 1 Time Host 122.179.137.19 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN biblioteca - 2 Times Host 117.41.229.63 - 1 Time Host 137.116.216.28 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN bill - 1 Time Host 181.197.150.21 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN buchhaltung - 1 Time Host 41.226.168.81 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN cadastro - 1 Time Host 85.15.5.28 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN calendar - 1 Time Host 187.103.249.139 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN camera - 1 Time Host 85.15.5.28 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN canon - 1 Time Host 181.166.222.64 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN careers - 1 Time Host 113.160.202.71 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN carlo - 1 Time Host 181.40.120.46 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN carlos - 1 Time Host 187.103.249.139 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN carolina - 1 Time Host 86.47.96.237 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN caroline - 1 Time Host 87.139.32.77 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN cindy - 1 Time Host 181.224.239.202 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN citrix - 1 Time Host 184.70.254.234 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN class - 1 Time Host 41.226.168.81 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN client - 1 Time Host 181.166.222.64 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN cliente - 1 Time Host 213.79.118.83 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN coco - 1 Time Host 181.197.150.21 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN comercial - 1 Time Host 177.143.192.221 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN commercial - 1 Time Host 179.41.26.133 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN conference - 1 Time Host 177.103.182.12 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN confroom - 1 Time Host 117.41.229.63 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN consultor - 1 Time Host 78.131.87.207 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN contabilidad - 1 Time Host 177.103.182.12 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN contact - 1 Time Host 177.103.182.12 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN control - 1 Time Host 190.64.84.98 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN cook - 2 Times Host 187.103.249.139 - 1 Time Host 94.79.4.143 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN copier - 1 Time Host 113.160.202.71 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN cristina - 1 Time Host 184.70.254.234 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN customer - 1 Time Host 188.136.143.42 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN cyrus - 1 Time Host 181.197.150.21 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN daniela - 1 Time Host 60.171.185.66 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN dave - 1 Time Host 188.136.143.42 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN db - 1 Time Host 79.158.248.148 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN default - 1 Time Host 206.210.123.98 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN develop - 1 Time Host 41.79.233.43 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN dina - 1 Time Host 181.224.239.202 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN diseno - 1 Time Host 62.150.216.159 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN doctor - 1 Time Host 113.160.202.71 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN dovecot - 1 Time Host 181.224.239.202 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN driver - 1 Time Host 85.15.5.28 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN drucker - 1 Time Host 85.15.5.28 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN edi - 1 Time Host 41.226.168.81 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN editor - 1 Time Host 188.96.10.191 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN edward - 1 Time Host 177.103.182.12 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN empfang - 1 Time Host 187.103.249.139 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN esther - 1 Time Host 181.197.150.21 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN exchange - 1 Time Host 94.79.4.143 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN expert - 1 Time Host 181.197.150.21 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN export - 2 Times Host 187.103.249.139 - 1 Time Host 190.171.144.66 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN fax - 1 Time Host 86.47.96.237 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN fin - 1 Time Host 187.103.249.139 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN finanzas - 1 Time Host 41.79.233.43 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN florence - 1 Time Host 79.158.248.148 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN forum - 1 Time Host 185.25.108.138 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN frontdesk - 1 Time Host 188.136.143.42 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN ftp - 1 Time Host 113.160.202.71 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN ftpuser - 1 Time Host 59.124.9.251 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN ghost - 1 Time Host 122.179.137.19 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN giorgio - 1 Time Host 177.143.192.221 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN green - 1 Time Host 177.143.192.221 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hasegawa - 1 Time Host 87.139.32.77 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN helen - 1 Time Host 94.79.4.143 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hiromi - 1 Time Host 41.226.168.81 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN host - 1 Time Host 197.248.39.202 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hostmaster - 1 Time Host 137.116.216.28 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN hp - 1 Time Host 177.103.182.12 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN invitado - 1 Time Host 87.139.32.77 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN invite - 1 Time Host 213.79.118.83 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN isabella - 1 Time Host 78.131.87.207 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN it - 1 Time Host 206.210.123.98 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN ivan - 1 Time Host 181.197.150.21 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN jack - 2 Times Host 213.79.118.83 - 1 Time Host 41.226.168.81 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN jason - 1 Time Host 113.160.202.71 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN javier - 1 Time Host 202.77.50.129 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN jeff - 1 Time Host 187.103.249.139 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN jimmy - 1 Time Host 213.79.118.83 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN joel - 1 Time Host 113.160.202.71 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN julian - 1 Time Host 181.197.150.21 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN karen - 1 Time Host 181.166.222.64 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN karin - 1 Time Host 181.224.239.202 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN ken - 1 Time Host 41.226.168.81 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN kevin - 1 Time Host 179.41.26.133 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN kim - 1 Time Host 177.103.182.12 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN laptop - 1 Time Host 113.160.202.71 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN laser - 1 Time Host 85.15.5.28 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN lena - 1 Time Host 85.15.5.28 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN lola - 1 Time Host 94.79.4.143 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN lp - 1 Time Host 181.197.150.21 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN luca - 1 Time Host 181.166.222.64 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN luciano - 1 Time Host 181.197.150.21 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN mac - 1 Time Host 206.210.123.98 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN maestro - 1 Time Host 184.70.254.234 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN mail - 1 Time Host 113.160.202.71 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN mailer - 1 Time Host 181.40.120.46 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN manager - 1 Time Host 184.70.254.234 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN manuel - 1 Time Host 181.166.222.64 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN marco - 1 Time Host 177.103.182.12 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN marina - 1 Time Host 122.179.137.19 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN marita - 1 Time Host 60.171.185.66 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN mark - 1 Time Host 181.224.239.202 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN master - 2 Times Host 113.160.202.71 - 1 Time Host 46.225.107.60 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN matt - 1 Time Host 200.87.62.142 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN maximo - 1 Time Host 181.224.239.202 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN media - 1 Time Host 137.116.216.28 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN meeting - 1 Time Host 85.15.5.28 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN mercadeo - 1 Time Host 190.171.144.66 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN michel - 1 Time Host 179.41.26.133 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN michelle - 1 Time Host 206.210.123.98 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN new - 1 Time Host 113.160.202.71 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN newsletter - 1 Time Host 177.143.192.221 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN noc - 1 Time Host 213.79.118.83 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN nospam - 1 Time Host 122.179.137.19 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN notebook - 1 Time Host 187.103.249.139 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN nurse - 1 Time Host 185.25.108.138 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN operador - 1 Time Host 87.139.32.77 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN oracle - 1 Time Host 177.143.192.221 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN oscar - 1 Time Host 213.79.118.83 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN payroll - 1 Time Host 181.166.222.64 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN phil - 1 Time Host 94.79.4.143 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN pos - 1 Time Host 41.226.168.81 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN postfix - 1 Time Host 41.226.168.81 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN postgres - 1 Time Host 87.139.32.77 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN postgres@mail.pl - 1 Time Host 202.22.144.210 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN printer - 1 Time Host 187.103.249.139 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN project - 1 Time Host 112.199.38.123 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN pruebas - 1 Time Host 184.70.254.234 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN public - 1 Time Host 181.40.120.46 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN rafael - 1 Time Host 177.143.192.221 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN recepcao - 1 Time Host 112.199.38.123 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN recepcion - 1 Time Host 213.79.118.83 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN recruit - 1 Time Host 41.226.168.81 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN region - 1 Time Host 184.70.254.234 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN registration - 1 Time Host 41.79.233.43 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN restore - 1 Time Host 60.171.185.66 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN retail - 1 Time Host 213.79.118.83 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN rgarcia - 1 Time Host 181.224.239.202 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN robert - 1 Time Host 41.79.233.43 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN ryan - 1 Time Host 87.139.32.77 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN sage - 1 Time Host 177.103.182.12 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN sales - 2 Times Host 137.116.216.28 - 1 Time Host 78.131.87.207 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN sales2 - 1 Time Host 46.225.107.60 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN sales@mail.pl - 2 Times Host 60.250.71.25 - 2 Times because "535 Authentication failed.",cmd: AUTH LOGIN samsung - 1 Time Host 188.96.10.191 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN sarah - 1 Time Host 213.79.118.83 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN scanuser - 1 Time Host 181.224.239.202 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN security - 1 Time Host 122.179.137.19 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN sergio - 1 Time Host 181.166.222.64 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN shirley - 1 Time Host 181.224.239.202 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN simon - 1 Time Host 200.87.62.142 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN spam - 1 Time Host 137.116.216.28 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN staff - 1 Time Host 177.143.192.221 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN stage - 1 Time Host 177.103.182.12 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN store - 1 Time Host 177.143.192.221 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN student - 1 Time Host 122.179.137.19 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN student1 - 1 Time Host 85.15.5.28 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN supervisor - 1 Time Host 181.224.239.202 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN support - 1 Time Host 137.116.216.28 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN sysadmin - 1 Time Host 177.103.182.12 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN tania - 1 Time Host 41.226.168.81 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN tempuser - 1 Time Host 184.70.254.234 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN test2 - 1 Time Host 177.143.192.221 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN test3 - 1 Time Host 213.79.118.83 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN tim - 1 Time Host 177.143.192.221 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN tmp - 1 Time Host 117.41.229.63 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN tomcat - 1 Time Host 41.226.168.81 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN trainer - 1 Time Host 197.248.39.202 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN upload - 1 Time Host 46.225.107.60 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN user1 - 1 Time Host 181.166.222.64 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN user3 - 1 Time Host 137.116.216.28 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN username - 1 Time Host 213.79.118.83 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN utilisateur - 1 Time Host 181.166.222.64 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN victoria - 1 Time Host 188.136.143.42 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN video - 1 Time Host 87.139.32.77 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN vision - 1 Time Host 41.226.168.81 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN visitante - 1 Time Host 179.41.26.133 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN vmail - 1 Time Host 181.166.222.64 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN wedding - 1 Time Host 184.70.254.234 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN welcome - 1 Time Host 206.210.123.98 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN wendy - 1 Time Host 79.158.248.148 - 1 Time because "535 Authentication failed.",cmd: AUTH LOGIN yoursite - 1 Time Host 179.41.26.133 - 1 Time
Przykłady orzeźwiającego powiewu znad Chin, Egiptu, Kanady i Stanów Zjednoczonych:
**Unmatched Entries**
LOGIN FAILED, method=PLAIN, ip=[::ffff:111.26.198.30]: 1 Time(s) LOGIN FAILED, method=PLAIN, ip=[::ffff:118.144.8.198]: 1 Time(s) LOGIN FAILED, method=PLAIN, ip=[::ffff:120.237.228.16]: 1 Time(s) LOGIN FAILED, method=PLAIN, ip=[::ffff:197.51.59.138]: 1 Time(s) LOGIN FAILED, method=PLAIN, ip=[::ffff:211.138.182.198]: 1 Time(s) LOGIN FAILED, method=PLAIN, ip=[::ffff:221.178.194.144]: 1 Time(s) LOGIN FAILED, method=PLAIN, ip=[::ffff:221.226.65.10]: 1 Time(s) LOGIN FAILED, method=PLAIN, ip=[::ffff:222.191.233.238]: 1 Time(s) LOGIN FAILED, method=PLAIN, ip=[::ffff:61.134.52.164]: 1 Time(s)
LOGIN FAILED, method=PLAIN, ip=[::ffff:117.21.221.58]: 1 Time(s) LOGIN FAILED, method=PLAIN, ip=[::ffff:120.33.205.162]: 1 Time(s) LOGIN FAILED, method=PLAIN, ip=[::ffff:219.143.72.21]: 1 Time(s) LOGIN FAILED, method=PLAIN, ip=[::ffff:220.180.104.130]: 1 Time(s) LOGIN FAILED, method=PLAIN, ip=[::ffff:222.175.49.22]: 1 Time(s) LOGIN FAILED, method=PLAIN, ip=[::ffff:222.90.70.138]: 1 Time(s) LOGIN FAILED, user=akgj@jaj.pl, ip=[::ffff:107.170.42.147]: 2 Time(s) LOGIN FAILED, user=info@jaj.pl, ip=[::ffff:108.174.25.230]: 1 Time(s)
Wietnamu, Francji, Egiptu ...
[POP3] Login failures:
=========================
Host (user) | #
------------------------------------------------------------- | -----------
110.78.147.3 (akgj@jaj.pl) | 1
113.161.61.38 (akgj@jaj.pl) | 1
118.44.9.61 (muraski205@jaj.pl) | 1
123.25.11.20 (www.niunia@jaj.pl) | 1
143.255.153.18 (bucki35@jaj.pl) | 1
147.213.70.186 (hjaeecumtfxme@jaj.pl) | 1
180.183.248.194 (www.niunia@jaj.pl) | 1
181.225.29.223 (bucki35@jaj.pl) | 1
197.220.22.124 (bucki35@jaj.pl) | 1
202.137.141.129 (andy@jaj.pl) | 1
31.37.205.112 (muraski205@jaj.pl) | 1
41.38.40.194 (akgj@jaj.pl) | 1
---------------------------------------------------------------------------
12
By nie polec już na przedbiegach napisałem skrypt, który nic nie robi tylko wyłuskuje z pliku ipv4.txt numery IP by je zablokować na poziomie zapory ogniowej (komenda firewall-cmd narzędzie RED HAT-a dla IPTABLES). Czym wypełnimy plik to kwestia dowolna. Najważniejsze by adres IP był oddzielony spacjami, tabulatorami od innych słów, znaków zawartych w tekście. Oczywiście jego zastosowanie może być dowolne, jak np skopiowanie ze strony internetowej bazy polskich numerów IP w postaci czystej bez dodatkowych opisów itp.
#/bin/bash
#
# ban.sh
#
I=1
for IP in $(cat ipv4.txt | grep '[0-9].[0-9].[0-9].[0-9]')
do
if (echo "$IP" | grep '[0-9].[0-9].[0-9].[0-9]')
then
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='$IP/32' reject"
fi
I=`expr $I + 1`
done
systemctl restart firewalld
Jak widać skrypt jest prosty (proszę pamiętać by nadać mu uprawnienia do wykonania w postaci komendy chmod a+x ban.sh), a efekt murowany. Gdyby zaistniała potrzeba ręcznej edycji adresów ip to należy ich szukać w pliku /etc/firewalld/zones/public.xml oczywiście można użyc również komendy iptables -L itd.
190.220.147.114 204.152.209.101 95.168.96.77 204.152.209.101 187.185.190.199 204.152.209.101 211.193.148.63 95.168.96.77 213.186.180.179 179.232.179.143 95.168.96.77 189.208.163.224 184.71.152.86 95.168.96.77 201.6.115.155 189.208.163.224 96.78.113.20 190.111.24.194 189.208.163.224 179.232.179.143 82.127.128.117 190.247.33.105 95.168.96.77 41.162.101.2 179.232.179.143 177.103.160.67 187.185.190.199 179.232.179.143 187.185.190.199 190.247.33.105 179.232.179.143 89.96.151.178 189.208.163.224 184.71.152.86 213.37.253.27 96.78.113.20 189.208.163.224 211.193.148.63 179.232.179.143 204.152.209.101 204.152.209.101 96.78.113.20 187.67.179.181 189.208.163.224 190.111.24.194 204.152.209.101 96.78.113.20 113.171.23.47 41.162.101.2 89.96.151.178 189.208.163.224 80.11.241.22 213.154.29.27 96.78.113.20 165.90.108.137 190.247.33.105 211.193.148.63 179.232.179.143 41.162.101.2 187.185.190.199 204.152.209.101 213.37.253.27 179.232.179.143 211.193.148.63 165.90.108.137 190.247.33.105 96.78.113.20 190.247.33.105 96.78.113.20 184.71.152.86 213.154.29.27 190.247.33.105 190.145.52.118 189.208.163.224 213.186.180.179 184.71.152.86 213.154.29.27 211.193.148.63 190.247.33.105 41.162.101.2 187.67.179.181 177.103.160.67 189.208.163.224 96.78.113.20 204.152.209.101 187.185.190.199 211.193.148.63 190.247.33.105 41.162.101.2 113.171.23.47 165.90.108.137 190.145.52.118 187.185.190.199 41.162.101.2 190.145.52.118 177.103.160.67 187.185.190.199 190.111.24.194 95.168.96.77 96.78.113.20 96.78.113.20 190.111.24.194 190.247.33.105 204.152.209.101 95.168.96.77 213.154.29.27 213.154.29.27 184.71.152.86 213.37.253.27 81.137.254.87 190.247.33.105 211.193.148.63 123.200.137.226 184.71.152.86 204.152.209.101 187.67.179.181 96.78.113.20 96.78.113.20 81.137.254.87 179.252.114.254 211.193.148.63 123.200.137.226 81.137.254.87 95.168.96.77 190.111.24.194 113.171.23.47 213.186.180.179 190.13.141.234 187.185.190.199 41.162.101.2 113.171.23.47 200.111.104.123 123.200.137.226 89.96.151.178 82.127.128.117 190.247.33.105 190.13.141.234 177.103.160.67 179.252.114.254 190.13.141.234 123.200.137.226 41.162.101.2 187.67.179.181 200.111.104.123 211.193.148.63 89.96.151.178 184.71.152.86 213.154.29.27 211.193.148.63 190.247.33.105 190.145.52.118 211.193.148.63 95.168.96.77 211.193.148.63 187.67.179.181 211.193.148.63 165.90.108.137 95.168.96.77 41.220.193.70 200.111.104.123 190.171.233.75 194.53.142.153 194.53.142.153 194.53.142.153 194.53.142.153 194.53.142.153
Można oczywiście ułatwić sobie życie i stworzyć proste pułapki na zombi, np. w postaci umieszczenia na stronie internetowej adresu skrzynki e-mail, której wiadomości są przekazywane na inną i dopiero z niej odczytywane. Określam taki podział na konta ogólne i osobiste. Każda próba logowania na skrzynkę ogólna jest nieuprawniona, a wiec prosta do wykrycia i zablokowania. Uff, udało się bez C++, Lisp, awk ... :-)