[MASOCH-L] Webmail x Spammers
Julio Cesar Covolato
julio at psi.com.br
Mon Apr 4 15:47:45 BRT 2011
Primeiro de tudo, instale o fail2ban para evitar probes de pop/imap!!!
-----------------------------
_ Julio Cesar Covolato
0v0<julio at psi.com.br>
/(_)\ F: 55-11-3129-3366
^ ^ PSI INTERNET
-----------------------------
Em 04/04/2011 11:49, Marcelo da Silva escreveu:
> Ola pessoal...
>
> Volta e meia, tentam ultilizar meu servidor para fazer spam..
> isso acontece da seguinte forma: sisteme de webmail é usado para fazer
> o spam..
>
> o script/spammer conecta no webmail, usando usuario e senha valido e a
> partir daí comeca...
>
> to usando squirrelmaill, mas acontece tambem com roundcube.. intaum
> num é uma falha de webmail..
>
> isso é o que tem no webmail..
>
> 115.132.104.87 - - [04/Apr/2011:06:38:52 -0300] "GET
> /src/right_main.php?mailbox=INBOX&sort=2&startMessage=1 HTTP/1.1" 200
> 66345
> "http://mail.dominio.com.br/src/compose.php?mailbox=INBOX&startMessage=1"
> "Opera/9.80 (Windows NT 6.1; U; en) Presto/2.7.62 Version/11.01"
> 115.132.104.87 - - [04/Apr/2011:06:38:58 -0300] "POST /src/compose.php
> HTTP/1.1" 302 -
> "http://mail.dominio.com.br/src/compose.php?mailbox=INBOX&startMessage=1"
> "Opera/9.80 (Windows NT 6.1; U; en) Presto/2.7.62 Version/11.01"
> 115.132.104.87 - - [04/Apr/2011:06:39:01 -0300] "GET
> /src/right_main.php?mailbox=INBOX&sort=2&startMessage=1 HTTP/1.1" 200
> 66345
> "http://mail.dominio.com.br/src/compose.php?mailbox=INBOX&startMessage=1"
> "Opera/9.80 (Windows NT 6.1; U; en) Presto/2.7.62 Version/11.01"
> 115.132.104.87 - - [04/Apr/2011:06:39:05 -0300] "POST /src/compose.php
> HTTP/1.1" 302 -
> "http://mail.dominio.com.br/src/compose.php?mailbox=INBOX&startMessage=1"
> "Opera/9.80 (Windows NT 6.1; U; en) Presto/2.7.62 Version/11.01"
> 115.132.104.87 - - [04/Apr/2011:06:39:14 -0300] "POST /src/compose.php
> HTTP/1.1" 302 -
> "http://mail.dominio.com.br/src/compose.php?mailbox=INBOX&startMessage=1"
> "Opera/9.80 (Windows NT 6.1; U; en) Presto/2.7.62 Version/11.01"
> 115.132.104.87 - - [04/Apr/2011:06:39:18 -0300] "GET
> /src/right_main.php?mailbox=INBOX&sort=2&startMessage=1 HTTP/1.1" 200
> 66345
> "http://mail.dominio.com.br/src/compose.php?mailbox=INBOX&startMessage=1"
> "Opera/9.80 (Windows NT 6.1; U; en) Presto/2.7.62 Version/11.01"
>
>
>
> isso é o que aparece no meu log, no servidor de email.
>
> @400000004d998f211b2e177c CHKUSER relaying rcpt: from
> <info at yahoo.com:usuario at dominio.com.br:> remote
> <mail.dominio.com.br:unknown:127.0.0.1> rcpt
> <tabatha.denney at hotmail.com> : client allowed to relay
> @400000004d998f211b2f30bc CHKUSER relaying rcpt: from
> <info at yahoo.com:usuario at dominio.com.br:> remote
> <mail.dominio.com.br:unknown:127.0.0.1> rcpt <tabathahi at hotmail.com >
> : client allowed to relay
> @400000004d998f211b30599c CHKUSER relaying rcpt: from
> <info at yahoo.com:usuario at dominio.com.br:> remote
> <mail.dominio.com.br:unknown:127.0.0.1> rcpt
> <tabathaparks at hotmail.com> : client allowed to relay
> @400000004d998f211b31f7ac CHKUSER relaying rcpt: from
> <info at yahoo.com:usuario at dominio.com.br:> remote
> <mail.dominio.com.br:unknown:127.0.0.1> rcpt
> <tabathawalters23 at hotmail.com> : client allowed to relay
> @400000004d998f211b338dec CHKUSER relaying rcpt: from
> <info at yahoo.com:usuario at dominio.com.br:> remote
> <mail.dominio.com.br:unknown:127.0.0.1> rcpt <tabbicat101 at hotmail.com>
> : client allowed to relay
>
> algumas vezes aonteceu com usuarios que tinha senha muito fraquinha,
> senhas obvias, estes eu resolvi..
> agora aconteceu com um usuario que tem a senha mais complexa..
>
> Alguem tem uma ideia de como ajudar a minimizar ou acabar com este
> problema..
> Abracosss a todos..
>
> __
> masoch-l list
> https://eng.registro.br/mailman/listinfo/masoch-l
More information about the masoch-l
mailing list