Hack patern noticed, please advise

Discussion about hacker.org's server
Post Reply

Bot or bad server

Poll ended at Fri Jan 02, 2009 4:08 pm

Bot
2
100%
Bad Mail Server
0
No votes
 
Total votes: 2
insane_ai
Posts: 1
Joined: Tue Dec 23, 2008 3:52 pm
Location: Cleveland OH

Hack patern noticed, please advise

Post by insane_ai »

I have been logging unsuccessful attempts to gain access to my network over the last few months. Upon review of the source I.P. addresses, I noticed a pattern that these attempts followed persistent SMTP connections in my mail server from the same I.P. block.

Although different I.P. blocks are being used from one set of attacks to another, the same usernames are repeated in all attemps. ahola, aholasvr, manager, admin, and administrator.

Port usage is not consistent. Each account will attempt to use the same port up to three times within an attack before changing port and or username.

The attacks occur in batches of 11 to 14 attempts within 1 minute then repeat up to three times roughly every hour for up to three hours.

Does any one know if this is a bot or just poorly programmed mail servers?
Ignorance is not the problem, lack of will and effort to learn is.
Top
BerryTheWest
Posts: 205
Joined: Sat Nov 29, 2008 3:19 am

Re: Hack patern noticed, please advise

Post by BerryTheWest »

insane_ai wrote:I have been logging unsuccessful attempts to gain access to my network over the last few months. Upon review of the source I.P. addresses, I noticed a pattern that these attempts followed persistent SMTP connections in my mail server from the same I.P. block.

Although different I.P. blocks are being used from one set of attacks to another, the same usernames are repeated in all attemps. ahola, aholasvr, manager, admin, and administrator.

Port usage is not consistent. Each account will attempt to use the same port up to three times within an attack before changing port and or username.

The attacks occur in batches of 11 to 14 attempts within 1 minute then repeat up to three times roughly every hour for up to three hours.

Does any one know if this is a bot or just poorly programmed mail servers?
Well if you try to IP block them, it basically ineffective. Why? They can change it by changing the MAC address, call the ISP, or use a proxy.
The Assistant of the Clan. The White Orders.
Top
User avatar
PaRaDoX
Posts: 708
Joined: Fri Aug 22, 2008 5:52 am
Location: In your fridge, waiting to pop out and scare you.

Post by PaRaDoX »

i would think its a bot, no one i know has that kind of patience to attack so often and ineffectively. Good job with security btw ^-^

try an ip lookup? find the address and if its in your country report it to the police / their isp if thats all you can get. if they live near you go kick the guy's ass :P
Image

~You are a glitch in my reasoning.
Top
Post Reply

Return to “The Hacker's Server”