Good passwords are needed!

Thread: Good passwords are needed!

Search this list only Search all lists
Good passwords are needed!
United States	2007-11-27 08:09:25
Just in case any of you need convincing... Last night in a space of less than 4 minutes, surgemail logged over 3,570 login attempts to the main domain here from one ip address. The main domain here is just that. It's not a 'working' domain and has only a minimum number of accounts in it. (yes, it exists in DNS, just no users.) This is also the reason you need good passwords. And you need to have g_bad_login_allow set correctly for your server. And the reason you need to set g_user_send_warning set to a sane value on your server to monitor when someone does break into an account.(not if, but when). And also why I like having the main domain NOT be a working domain with lots of users. Lyle Giese This is just a couple of lines in the logs from yesterday: 2007-11-26 22:30:29.00:-185099360: -ERR Login incorrect natanya - too many attempts try later (g_bad_login_allow or g_bad_login_ip_ignore) 2007-11-26 22:30:29.00:-159999072: -ERR Login incorrect ortega - too many attempts try later (g_bad_login_allow or g_bad_login_ip_ignore) 2007-11-26 22:30:29.00:-181584992: -ERR Login incorrect melinda - too many attempts try later (g_bad_login_allow or g_bad_login_ip_ignore) 2007-11-26 22:30:29.00:-187941984: pop: User: nada Domain: mail3.lcrcomputer.net, IP: 193.251.38.135, -ERR nadamail3.lcrcomputer.net password wrong or not a valid user 2007-11-26 22:30:29.00:-177800288: -ERR Login incorrect mark - too many attempts try later (g_bad_login_allow or g_bad_login_ip_ignore) 2007-11-26 22:30:29.00:-187671648: pop: User: leonardo Domain: mail3.lcrcomputer.net, IP: 193.251.38.135, -ERR leonardomail3.lcrcomputer.net password wrong or not a valid user 2007-11-26 22:30:29.00:-181179488: -ERR Login incorrect operator - too many attempts try later (g_bad_login_allow or g_bad_login_ip_ignore) 2007-11-26 22:30:29.00:-189158496: -ERR Login incorrect michaels - too many attempts try later (g_bad_login_allow or g_bad_login_ip_ignore) 2007-11-26 22:30:29.00:-182260832: -ERR Login incorrect patricia - too many attempts try later (g_bad_login_allow or g_bad_login_ip_ignore)

Re: Good passwords are needed!
United States	2007-11-27 22:32:19

Wow... but I can believe it. How is your server setup that it even allows usernames without a corresponding domain name? Is this via POP or Webmail? If webmail, how's the start page configured? Does it default to a particular domain or did you program it that the person types in their username then pulls down their domain name? When a new domain is added, it automatically sorts the domains on the Domains list... but what is your first domain listed in surgemail.ini (the first one under the vdomain category?) The vdomains are listed in creation order in surgemail.ini... and while this can be manually changed, how would it affect the webmail logins? BarryZ ----- Original Message ----- From: lcrcomputer.info href="mailto:lylelcrcomputer.info">Lyle Giese To: netwinsite.com href="mailto:surgemail-listnetwinsite.com">surgemail-listnetwinsite.com Sent: Tuesday, November 27, 2007 9:09 AM Subject: [SurgeMail List] Good passwords are needed! Just in case any of you need convincing... Last night in a space of less than 4 minutes, surgemail logged over 3,570 login attempts to the main domain here from one ip address.  The main domain here is just that.  It's not a 'working' domain and has only a minimum number of accounts in it. (yes, it exists in DNS, just no users.) This is also the reason you need good passwords. And you need to have g_bad_login_allow set correctly for your server.  And the reason you need to set g_user_send_warning set to a sane value on your server to monitor when someone does break into an account.(not if, but when).  And also why I like having the main domain NOT be a working domain with lots of users. Lyle Giese This is just a couple of lines in the logs from yesterday: 2007-11-26 22:30:29.00:-185099360: -ERR Login incorrect natanya - too many attempts try later (g_bad_login_allow or g_bad_login_ip_ignore) 2007-11-26 22:30:29.00:-159999072: -ERR Login incorrect ortega - too many attempts try later (g_bad_login_allow or g_bad_login_ip_ignore) 2007-11-26 22:30:29.00:-181584992: -ERR Login incorrect melinda - too many attempts try later (g_bad_login_allow or g_bad_login_ip_ignore) 2007-11-26 22:30:29.00:-187941984: pop: User: nada Domain: mail3.lcrcomputer.net, IP: 193.251.38.135, -ERR mail3.lcrcomputer.net">nadamail3.lcrcomputer.net password wrong or not a valid user 2007-11-26 22:30:29.00:-177800288: -ERR Login incorrect mark - too many attempts try later (g_bad_login_allow or g_bad_login_ip_ignore) 2007-11-26 22:30:29.00:-187671648: pop: User: leonardo Domain: mail3.lcrcomputer.net, IP: 193.251.38.135, -ERR mail3.lcrcomputer.net">leonardomail3.lcrcomputer.net password wrong or not a valid user 2007-11-26 22:30:29.00:-181179488: -ERR Login incorrect operator - too many attempts try later (g_bad_login_allow or g_bad_login_ip_ignore) 2007-11-26 22:30:29.00:-189158496: -ERR Login incorrect michaels - too many attempts try later (g_bad_login_allow or g_bad_login_ip_ignore) 2007-11-26 22:30:29.00:-182260832: -ERR Login incorrect patricia - too many attempts try later (g_bad_login_allow or g_bad_login_ip_ignore)
Re: Good passwords are needed!
United States	2007-11-28 08:09:54

The first domain created was mail3.lcrcomputer.net. If you try to login in as 'fred', surgemail checks for 'mail3.lcrcomputer.net">fredmail3.lcrcomputer.net'. Only one account was created in the domain mail3.lcrcomputer.net. But surgemail checks logins without the domain.com against the 'main' or first domain created.  I like it when there is only one account in that domain<GRIN>! These 3,570 attempts were all using POP3 logins and no domain name was used by the attacker.  So surgemail was trying to find that user only in the main or first domain. Webmail is different. If you go to http://mail.mydomain.com, webmail will predefine mydomain.com. That's the way I setup webmail.  If you connect to port 80 blindly(via ip address), you get mail3.lcrcomputer.net. Lyle 1usa.com">webmaster1usa.com wrote: BARRYZ" type="cite"> Wow... but I can believe it. How is your server setup that it even allows usernames without a corresponding domain name? Is this via POP or Webmail? If webmail, how's the start page configured? Does it default to a particular domain or did you program it that the person types in their username then pulls down their domain name? When a new domain is added, it automatically sorts the domains on the Domains list... but what is your first domain listed in surgemail.ini (the first one under the vdomain category?) The vdomains are listed in creation order in surgemail.ini... and while this can be manually changed, how would it affect the webmail logins? BarryZ ----- Original Message ----- From: lcrcomputer.info" href="mailto:lylelcrcomputer.info">Lyle Giese To: netwinsite.com" href="mailto:surgemail-listnetwinsite.com">surgemail-listnetwinsite.com Sent: Tuesday, November 27, 2007 9:09 AM Subject: [SurgeMail List] Good passwords are needed! Just in case any of you need convincing... Last night in a space of less than 4 minutes, surgemail logged over 3,570 login attempts to the main domain here from one ip address.  The main domain here is just that. ; It's not a 'working' domain and has only a minimum number of accounts in it. (yes, it exists in DNS, just no users.) This is also the reason you need good passwords. And you need to have g_bad_login_allow set correctly for your server.  And the reason you need to set g_user_send_warning set to a sane value on your server to monitor when someone does break into an account.(not if, but when).  And also why I like having the main domain NOT be a working domain with lots of users. Lyle Giese This is just a couple of lines in the logs from yesterday: 2007-11-26 22:30:29.00:-185099360: -ERR Login incorrect natanya - too many attempts try later (g_bad_login_allow or g_bad_login_ip_ignore) 2007-11-26 22:30:29.00:-159999072: -ERR Login incorrect ortega - too many attempts try later (g_bad_login_allow or g_bad_login_ip_ignore) 2007-11-26 22:30:29.00:-181584992: -ERR Login incorrect melinda - too many attempts try later (g_bad_login_allow or g_bad_login_ip_ignore) 2007-11-26 22:30:29.00:-187941984: pop: User: nada Domain: mail3.lcrcomputer.net, IP: 193.251.38.135, -ERR mail3.lcrcomputer.net">nadamail3.lcrcomputer.net password wrong or not a valid user 2007-11-26 22:30:29.00:-177800288: -ERR Login incorrect mark - too many attempts try later (g_bad_login_allow or g_bad_login_ip_ignore) 2007-11-26 22:30:29.00:-187671648: pop: User: leonardo Domain: mail3.lcrcomputer.net, IP: 193.251.38.135, -ERR mail3.lcrcomputer.net">leonardomail3.lcrcomputer.net password wrong or not a valid user 2007-11-26 22:30:29.00:-181179488: -ERR Login incorrect operator - too many attempts try later (g_bad_login_allow or g_bad_login_ip_ignore) 2007-11-26 22:30:29.00:-189158496: -ERR Login incorrect michaels - too many attempts try later (g_bad_login_allow or g_bad_login_ip_ignore) 2007-11-26 22:30:29.00:-182260832: -ERR Login incorrect patricia - too many attempts try later (g_bad_login_allow or g_bad_login_ip_ignore)

[1-3]

about | contact Other archives ( Real Estate discussion Medical topics )