Software602 Home . products . download . support . register . how to buy . . view cart . . . contact us . . . .
Software602 Home . . . . . .
. .
.
.
Software602 Login
E-mail:
Password:
forgot?
.
Support Home .
.
User Forum .
.
Knowledge Base .
.
Submit Ticket .
.
View My Tickets .
.
. .
.
602LAN SUITE 2004 User Forumforum home | rss | search | terms of use
BackBack to 602LAN SUITE 2004 Forum
Add New TopicAdd New Topic
Post ReplyPost Reply
Attack on POP3 Port 110
  Posted by  Andrew Fung  on Thursday, June 22, 2006 at 7:51:42 AM (EST)
I have been using LS since LS2002 and running in 2 office locations - one unlimited licence and anothe 25 licence (just upgraded last week from LS2002 ).

Then starting yesterday our LS2004 server have rec'd a lot of POP3 log-in attempts ( using my mail account and I think even with correct password), these log-in come from all over the world and all with proper PTR record and not SPAM site. The attacks happen almost every 10 minutes ( sometimes multiple site attack the same time). So I change my password and the log show incorrect password was used.

So last night and also 1 hours ago, I have moved a lot of these IP address to the blocked sites using my Pc-cillin program and in the Pc-cillin log still show a lot of attacks. And the attacks indicate that it want to evoke lansuite.exe.

Has anyone got similar experience and any suggestion to solve it?

Many thanks.
  Posted by Russell Waddington  on Thursday, June 22, 2006 at 3:40:25 PM (EST)
I would check your machines out for malware/spyware/trojans. It seems like you have a keyboard logger on a machine.

If a machine is not protected it can get taken over by a netbot. A single person can control hundreds, even thousands of computers through netbots. They can use thier empire of netbots to attack other people, so the log in attempts can seem to be coming from legitimate machines. But these machines have been infect by trojans.

So if I got the sitution you just described, I would be getting my computers checked out.

AS for the attactes themselves, not much you can do except wait them out.

Another thing I would do, I would change all my passwords. If you have a keyboard logger, who knows what passwords they have harvested.
  Posted by Russell Waddington  on Thursday, June 22, 2006 at 4:00:00 PM (EST)
Another thought occured to me...

Have you used Lansuite's webmail from a public computer, or net workwork, like a library, or computer cafe. Maybe used an internet hotspot to connect a laptop to while traveling? Since wireless trafic can be monitored by anyone, and if it is not encrypted you might run into posible problems.

Public computers can be very unsecure. If you have to use public computers or networks, at the first opertunity you should change all passwords entered on said public computer. Make sure the password change is done from a machine you trust.
  Posted by Andrew Fung  on Thursday, June 22, 2006 at 10:56:06 PM (EST)
Dear Russell,

Thanks for advice, I am checking the computer of all our users and see who has been hacked. Will report back again if I find the source.
  Posted by Robert Smith  on Friday, June 23, 2006 at 10:03:02 AM (EST)
It might not mean anyone's been hacked. It could be someone looking for a crack or something similar or using a dictionary attack. Use strong passwords with numbers and letters as a rule of thumb, no dictionary words, stuff like that.
  Posted by Andrew Fung  on Monday, June 26, 2006 at 12:15:22 PM (EST)
Just an update. All attacks stop automatically on June 23, 2006 8:05am. I have not done any special scanning on my network. I checked all the computers in our network and can not find any suspious virus /spam report.
BackBack to 602LAN SUITE 2004 Forum
Add New TopicAdd New Topic
Post ReplyPost Reply
.
. . .
.
  © 2009 Software602, Inc. All rights reserved.