Hi,
I’ve noticed for a long time that we get a massive number of failed login
attempts from numerous different IP addresses.
There is one thing in common, the EHLO is ylmf-pc so I finally got around
to looking it up with Google and it turns out that it is the default
setting of a botnet called PushDo that has been around for years. It may be
worth adding that to the default invalidhelo.txt file.
To take it a step further, I’d like to insta-ban any IP that uses that helo
so we don’t waste any more bandwidth on them. Is there an obvious way to do
that with ASSP? I’d rather not have to make fail2ban watch the ASSP log and
take action because I don’t know whether the two will play nicely.
All the best,
Colin
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Assp-test mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-test
