1

I have a bit of an issue, this has caught my attention yesterday. Someone or something, a botnet I presume, has been trying to gain access to specific e-mail addresses.

The server software keeps blocking the login attempts but the problem is that I keep getting more and more hits. The IPs are not from one specific range but from all over the world.

There are a little over 500 attempts since Feb 26th. Is there anything I can do to block this "attack" besides blocking the IPs after an X amount of attempts?

I am running a CentOS server with Direcadmin installed. I use csf+lfd as a add-on.

Sevvlor
  • 113
  • 4
  • 1
    Small semantic but email address and email accounts are two different things, distinguishing them is needed to understand the solution. – ETL Feb 27 '14 at 22:06
  • Sorry, it is a specific e-mail address. It is attacking admin@example.com and admin@example2.com – Sevvlor Feb 27 '14 at 22:11
  • 1
    You don't attack an email ADDRESS. You can send spam to it. You can try to logon to an ACCOUNT which is linked to an ADDRESS. You're talking about login attempts, so that is an ACCOUNT. An address is like a door number. Does not mean who lives there. It means there is a house there you can route mail to. – ETL Feb 27 '14 at 22:14

1 Answers1

2

Cancel that email account, make a new one for the person who owns it. Make the address an alias to the new one so the emails can still be received.

ETL
  • 6,443
  • 1
  • 26
  • 47
  • I'll try this for now. Thanks for the tip! If there are more suggestions please let me know. I'm a little paranoid. – Sevvlor Feb 27 '14 at 22:19