| Attack on POP3 Port 110 |
 Posted by
Andrew Fung
on Thursday, June 22, 2006 at 7:51:42 AM (EST)
I have been using LS since LS2002 and running in 2 office locations - one unlimited licence and anothe 25 licence (just upgraded last week from LS2002 ).
Then starting yesterday our LS2004 server have rec'd a lot of POP3 log-in attempts ( using my mail account and I think even with correct password), these log-in come from all over the world and all with proper PTR record and not SPAM site. The attacks happen almost every 10 minutes ( sometimes multiple site attack the same time). So I change my password and the log show incorrect password was used.
So last night and also 1 hours ago, I have moved a lot of these IP address to the blocked sites using my Pc-cillin program and in the Pc-cillin log still show a lot of attacks. And the attacks indicate that it want to evoke lansuite.exe.
Has anyone got similar experience and any suggestion to solve it?
Many thanks.
|
 Posted by
Russell Waddington
on Thursday, June 22, 2006 at 3:40:25 PM (EST)
I would check your machines out for malware/spyware/trojans. It seems like you have a keyboard logger on a machine.
If a machine is not protected it can get taken over by a netbot. A single person can control hundreds, even thousands of computers through netbots. They can use thier empire of netbots to attack other people, so the log in attempts can seem to be coming from legitimate machines. But these machines have been infect by trojans.
So if I got the sitution you just described, I would be getting my computers checked out.
AS for the attactes themselves, not much you can do except wait them out.
Another thing I would do, I would change all my passwords. If you have a keyboard logger, who knows what passwords they have harvested.
|
Posted by
Russell Waddington
on Thursday, June 22, 2006 at 4:00:00 PM (EST)
Another thought occured to me...
Have you used Lansuite's webmail from a public computer, or net workwork, like a library, or computer cafe. Maybe used an internet hotspot to connect a laptop to while traveling? Since wireless trafic can be monitored by anyone, and if it is not encrypted you might run into posible problems.
Public computers can be very unsecure. If you have to use public computers or networks, at the first opertunity you should change all passwords entered on said public computer. Make sure the password change is done from a machine you trust.
|
Posted by
Andrew Fung
on Thursday, June 22, 2006 at 10:56:06 PM (EST)
Dear Russell,
Thanks for advice, I am checking the computer of all our users and see who has been hacked. Will report back again if I find the source.
|
Posted by
Robert Smith
on Friday, June 23, 2006 at 10:03:02 AM (EST)
It might not mean anyone's been hacked. It could be someone looking for a crack or something similar or using a dictionary attack. Use strong passwords with numbers and letters as a rule of thumb, no dictionary words, stuff like that.
|
Posted by
Andrew Fung
on Monday, June 26, 2006 at 12:15:22 PM (EST)
Just an update. All attacks stop automatically on June 23, 2006 8:05am. I have not done any special scanning on my network. I checked all the computers in our network and can not find any suspious virus /spam report.
|
|
