distributed SMTP Logins on account

crazyaboutlinux
Junior Member
Posts: 36
Joined: 21 Mar 2009, 14:48

distributed SMTP Logins on account

Post by crazyaboutlinux »

HI,

what is distributed SMTP Logins on account ??

there is many entries in CSF firewall dely list like

Code: Select all

31.128.187.117 # lfd: 31.128.187.117 (UA/Ukraine/214-187-117.shostka.uacity.net), 5 distributed SMTP Logins on account [info@akshayengineering.com] in the last 300 secs - Thu Nov 14 16:14:43 2013
77.121.93.203 # lfd: 77.121.93.203 (UA/Ukraine/77-121-93-203.dynamic.kits.zp.ua), 5 distributed SMTP Logins on account [info@akshayengineering.com] in the last 300 secs - Thu Nov 14 16:21:04 2013
81.162.238.13 # lfd: 81.162.238.13 (UA/Ukraine/-), 5 distributed SMTP Logins on account [info@akshayengineering.com] in the last 300 secs - Thu Nov 14 16:21:05 2013
212.66.50.117 # lfd: 212.66.50.117 (UA/Ukraine/-), 5 distributed SMTP Logins on account [info@akshayengineering.com] in the last 300 secs - Thu Nov 14 16:21:05 2013
222.112.43.112 # lfd: 222.112.43.112 (KR/Korea, Republic of/-), 5 distributed SMTP Logins on account [info@akshayengineering.com] in the last 300 secs - Thu Nov 14 16:21:05 2013
91.241.248.140 # lfd: 91.241.248.140 (UA/Ukraine/-), 5 distributed SMTP Logins on account [info@akshayengineering.com] in the last 300 secs - Thu Nov 14 16:21:06 2013
46.118.251.48 # lfd: 46.118.251.48 (UA/Ukraine/SOL-FTTB.48.251.118.46.sovam.net.ua), 5 distributed SMTP Logins on account [info@akshayengineering.com] in the last 300 secs - Thu Nov 14 16:24:20 2013
46.130.41.157 # lfd: 46.130.41.157 (AM/Armenia/157.41.130.46.in-addr.mts.am), 5 distributed SMTP Logins on account [info@akshayengineering.com] in the last 300 secs - Thu Nov 14 16:24:20 2013
94.153.119.39 # lfd: 94.153.119.39 (UA/Ukraine/94-153-119-39-gprs.kyivstar.net), 5 distributed SMTP Logins on account [info@akshayengineering.com] in the last 300 secs - Thu Nov 14 16:28:46 2013
118.232.26.105 # lfd: 118.232.26.105 (TW/Taiwan/118-232-26-105.dynamic.kbronet.com.tw), 5 distributed SMTP Logins on account [info@akshayengineering.com] in the last 300 secs - Thu Nov 14 16:28:47 2013
159.224.243.197 # lfd: 159.224.243.197 (UA/Ukraine/197.243.224.159.triolan.net), 5 distributed SMTP Logins on account [info@akshayengineering.com] in the last 300 secs - Thu Nov 14 16:28:47 2013
46.118.41.159 # lfd: 46.118.41.159 (UA/Ukraine/SOL-FTTB.159.41.118.46.sovam.net.ua), 5 distributed SMTP Logins on account [info@akshayengineering.com] in the last 300 secs - Thu Nov 14 16:28:48 2013
109.86.118.24 # lfd: 109.86.118.24 (UA/Ukraine/24.118.86.109.triolan.net), 5 distributed SMTP Logins on account [info@akshayengineering.com] in the last 300 secs - Thu Nov 14 16:28:48 2013
219.131.12.127 # lfd: (smtpauth) Failed SMTP AUTH login from 219.131.12.127 (CN/China/127.12.131.219.broad.hz.gd.dynamic.163data.com.cn): 5 in the last 300 secs - Thu Nov 14 16:33:01 2013
46.211.4.140 # lfd: 46.211.4.140 (UA/Ukraine/46-211-4-140-broadband.kyivstar.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Thu Nov 14 16:34:01 2013
77.123.11.116 # lfd: 77.123.11.116 (UA/Ukraine/-), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Thu Nov 14 16:34:03 2013
121.161.47.38 # lfd: 121.161.47.38 (KR/Korea, Republic of/-), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Thu Nov 14 16:34:03 2013
159.224.71.33 # lfd: 159.224.71.33 (UA/Ukraine/33.71.224.159.triolan.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Thu Nov 14 16:34:03 2013
5.178.206.162 # lfd: 5.178.206.162 (GE/Georgia/-), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Thu Nov 14 16:34:05 2013
37.229.81.239 # lfd: 37.229.81.239 (UA/Ukraine/37-229-81-239-broadband.kyivstar.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Thu Nov 14 16:53:56 2013
46.119.141.209 # lfd: 46.119.141.209 (UA/Ukraine/-), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Thu Nov 14 16:53:56 2013
159.224.140.37 # lfd: 159.224.140.37 (UA/Ukraine/37.140.224.159.triolan.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Thu Nov 14 16:53:57 2013
93.79.32.205 # lfd: 93.79.32.205 (UA/Ukraine/93-79-32-205.sumy.volia.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Thu Nov 14 16:53:57 2013
77.122.243.181 # lfd: 77.122.243.181 (UA/Ukraine/dynamic-77-122-243-181.ricona.net.ua), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Thu Nov 14 16:53:57 2013
89.136.58.11 # lfd: 89.136.58.11 (RO/Romania/dyn-89.136.58.11.ph.upcnet.ro), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Thu Nov 14 16:56:01 2013
176.8.78.15 # lfd: 176.8.78.15 (UA/Ukraine/176-8-78-15-broadband.kyivstar.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Thu Nov 14 16:56:01 2013
37.57.39.213 # lfd: 37.57.39.213 (UA/Ukraine/213.39.57.37.triolan.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Thu Nov 14 16:56:02 2013
213.200.36.21 # lfd: 213.200.36.21 (UA/Ukraine/50711.user.farlep.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Thu Nov 14 16:56:02 2013
46.119.214.89 # lfd: 46.119.214.89 (UA/Ukraine/-), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Thu Nov 14 16:56:02 2013
5.105.117.161 # lfd: 5.105.117.161 (UA/Ukraine/5-105-117-161.mytrinity.com.ua), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Thu Nov 14 16:57:57 2013
46.118.211.68 # lfd: 46.118.211.68 (UA/Ukraine/SOL-FTTB.68.211.118.46.sovam.net.ua), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Thu Nov 14 16:57:57 2013
91.189.158.213 # lfd: 91.189.158.213 (UA/Ukraine/user-91.189.158.213.cso.com.ua), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Thu Nov 14 16:57:57 2013 
Sergio
Junior Member
Posts: 1685
Joined: 12 Dec 2006, 14:56

Re: distributed SMTP Logins on account

Post by Sergio »

It means that the email account is under attack and a lot of hackers are trying to access it and CSF has blocked that IPs.

Check if the email account is not sending spam and if so, then change the password of the account ASAP.
crazyaboutlinux
Junior Member
Posts: 36
Joined: 21 Mar 2009, 14:48

Re: distributed SMTP Logins on account

Post by crazyaboutlinux »

Hi,

Thanks for the quick response, but question is how this account is on attack ??

and surprisingly question is, i had changed password of this account including all email ids and cpanel.

today again i found blocked entries for the same account

Code: Select all

37.115.92.202 # lfd: 37.115.92.202 (UA/Ukraine/37-115-92-202-broadband.kyivstar.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 00:02:21 2013
5.248.160.93 # lfd: 5.248.160.93 (UA/Ukraine/5-248-160-93-broadband.kyivstar.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 00:02:21 2013
81.163.122.119 # lfd: 81.163.122.119 (UA/Ukraine/-), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 00:02:21 2013
37.115.34.71 # lfd: 37.115.34.71 (UA/Ukraine/37-115-34-71-broadband.kyivstar.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 00:02:21 2013
46.118.58.18 # lfd: 46.118.58.18 (UA/Ukraine/SOL-FTTB.18.58.118.46.sovam.net.ua), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 00:10:41 2013
109.86.29.191 # lfd: 109.86.29.191 (UA/Ukraine/191.29.86.109.triolan.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 00:10:41 2013
178.151.164.244 # lfd: 178.151.164.244 (UA/Ukraine/244.164.151.178.triolan.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 00:10:42 2013
140.125.35.131 # lfd: 140.125.35.131 (TW/Taiwan/-), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 00:10:42 2013
119.194.106.139 # lfd: 119.194.106.139 (KR/Korea, Republic of/-), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 00:10:42 2013
118.244.187.104 # lfd: (ftpd) Failed FTP login from 118.244.187.104 (CN/China/-): 10 in the last 300 secs - Fri Nov 15 00:14:17 2013
178.137.49.17 # lfd: 178.137.49.17 (UA/Ukraine/178-137-49-17-gprs.kyivstar.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 00:22:22 2013
46.118.82.147 # lfd: 46.118.82.147 (UA/Ukraine/SOL-FTTB.147.82.118.46.sovam.net.ua), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 00:22:23 2013
176.120.118.206 # lfd: 176.120.118.206 (UA/Ukraine/-), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 00:22:23 2013
46.119.132.40 # lfd: 46.119.132.40 (UA/Ukraine/-), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 00:22:23 2013
89.69.57.160 # lfd: 89.69.57.160 (PL/Poland/89-69-57-160.dynamic.chello.pl), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 00:22:24 2013
183.13.150.162 # lfd: 183.13.150.162 (CN/China/-), 5 distributed smtpauth attacks on account [info] in the last 300 secs - Fri Nov 15 00:24:48 2013
183.13.149.233 # lfd: 183.13.149.233 (CN/China/-), 5 distributed smtpauth attacks on account [info] in the last 300 secs - Fri Nov 15 00:24:48 2013
183.13.241.130 # lfd: 183.13.241.130 (CN/China/-), 5 distributed smtpauth attacks on account [info] in the last 300 secs - Fri Nov 15 00:24:48 2013
31.128.85.22 # lfd: 31.128.85.22 (UA/Ukraine/-), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 00:28:28 2013
5.248.11.143 # lfd: 5.248.11.143 (UA/Ukraine/5-248-11-143-broadband.kyivstar.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 00:28:28 2013
89.43.177.157 # lfd: 89.43.177.157 (RO/Romania/89-43-177-157.volio.ro), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 00:28:28 2013
5.251.181.56 # lfd: 5.251.181.56 (KZ/Kazakhstan/-), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 00:28:29 2013
118.232.173.108 # lfd: 118.232.173.108 (TW/Taiwan/118-232-173-108.dynamic.kbronet.com.tw), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 00:28:29 2013
130.255.134.15 # lfd: 130.255.134.15 (UA/Ukraine/15-134-255-130.host.sevstar.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 00:48:15 2013
37.57.166.16 # lfd: 37.57.166.16 (UA/Ukraine/16.166.57.37.triolan.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 00:48:15 2013
176.8.95.120 # lfd: 176.8.95.120 (UA/Ukraine/176-8-95-120-kzts.broadband.kyivstar.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 00:48:16 2013
46.185.31.34 # lfd: 46.185.31.34 (UA/Ukraine/46-185-31-34-brdn.broadband.kyivstar.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 00:48:16 2013
109.162.87.167 # lfd: 109.162.87.167 (UA/Ukraine/109-162-87-167-shst.broadband.kyivstar.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 00:48:16 2013
178.150.57.149 # lfd: 178.150.57.149 (UA/Ukraine/149.57.150.178.triolan.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 00:51:50 2013
88.196.131.200 # lfd: 88.196.131.200 (EE/Estonia/200.131.196.88.dyn.estpak.ee), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 00:51:51 2013
77.122.178.60 # lfd: 77.122.178.60 (UA/Ukraine/dynamic-77-122-178-060.ricona.net.ua), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 00:51:51 2013
31.128.173.85 # lfd: 31.128.173.85 (UA/Ukraine/208-173-85.shostka.uacity.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 00:51:51 2013
109.86.76.29 # lfd: 109.86.76.29 (UA/Ukraine/29.76.86.109.triolan.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 00:51:51 2013
46.118.75.223 # lfd: 46.118.75.223 (UA/Ukraine/SOL-FTTB.223.75.118.46.sovam.net.ua), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 01:00:36 2013
89.102.119.120 # lfd: 89.102.119.120 (CZ/Czech Republic/ip-89-102-119-120.net.upcbroadband.cz), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 01:00:36 2013
75.118.67.68 # lfd: 75.118.67.68 (US/United States/d118-75-68-67.col.wideopenwest.com), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 01:00:37 2013
46.172.231.17 # lfd: 46.172.231.17 (UA/Ukraine/17-231-172-46.ip.home-net.net.ua), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 01:00:37 2013
1.165.168.231 # lfd: 1.165.168.231 (TW/Taiwan/1-165-168-231.dynamic.hinet.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 01:00:37 2013
77.123.23.139 # lfd: 77.123.23.139 (UA/Ukraine/-), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 01:15:24 2013
37.115.83.50 # lfd: 37.115.83.50 (UA/Ukraine/37-115-83-50-broadband.kyivstar.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 01:15:24 2013
81.22.136.165 # lfd: 81.22.136.165 (UA/Ukraine/CPE160165.tvcom.net.ua), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 01:15:24 2013
178.151.60.164 # lfd: 178.151.60.164 (UA/Ukraine/164.60.151.178.triolan.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 01:15:25 2013
93.78.89.12 # lfd: 93.78.89.12 (UA/Ukraine/-), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 01:15:25 2013
178.167.243.123 # lfd: (mod_security) mod_security (id:960032) triggered by 178.167.243.123 (IE/Ireland/178.167.243.123.threembb.ie): 5 in the last 300 secs - Fri Nov 15 01:20:03 2013
93.77.177.154 # lfd: 93.77.177.154 (UA/Ukraine/dhcp-pool.net-93.77.177.host-154.sev.crimea.volia.ua), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 01:20:53 2013
77.123.47.29 # lfd: 77.123.47.29 (UA/Ukraine/-), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 01:20:55 2013
46.172.248.124 # lfd: 46.172.248.124 (UA/Ukraine/124-248-172-46.ip.home-net.net.ua), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 01:20:55 2013
91.225.225.179 # lfd: 91.225.225.179 (UA/Ukraine/179.225.225.91.homenet.kiev.ua), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 01:20:55 2013
212.22.203.62 # lfd: 212.22.203.62 (UA/Ukraine/212.22.203.62.freenet.com.ua), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 01:20:56 2013
176.8.37.224 # lfd: 176.8.37.224 (UA/Ukraine/176-8-37-224-broadband.kyivstar.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 01:27:29 2013
46.185.89.103 # lfd: 46.185.89.103 (UA/Ukraine/46-185-89-103-gprs.kyivstar.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 01:27:29 2013
134.249.43.226 # lfd: 134.249.43.226 (UA/Ukraine/134-249-43-226-gprs.kyivstar.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 01:27:29 2013
112.104.164.55 # lfd: 112.104.164.55 (TW/Taiwan/112-104-164-55.adsl.dynamic.seed.net.tw), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 01:27:30 2013
5.105.26.106 # lfd: 5.105.26.106 (UA/Ukraine/5-105-26-106.mytrinity.com.ua), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 01:27:30 2013
5.248.104.226 # lfd: 5.248.104.226 (UA/Ukraine/5-248-104-226-broadband.kyivstar.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 01:38:20 2013
94.153.100.250 # lfd: 94.153.100.250 (UA/Ukraine/94-153-100-250-svrd.broadband.kyivstar.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 01:38:20 2013
77.123.17.204 # lfd: 77.123.17.204 (UA/Ukraine/-), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 01:38:22 2013
37.57.41.203 # lfd: 37.57.41.203 (UA/Ukraine/203.41.57.37.triolan.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 01:38:22 2013
109.87.143.201 # lfd: 109.87.143.201 (UA/Ukraine/201.143.87.109.triolan.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 01:38:22 2013
178.150.139.157 # lfd: 178.150.139.157 (UA/Ukraine/157.139.150.178.triolan.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 01:47:34 2013
37.233.2.15 # lfd: 37.233.2.15 (MD/Moldova, Republic of/37-233-2-15.starnet.md), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 01:47:34 2013
5.248.123.62 # lfd: 5.248.123.62 (UA/Ukraine/5-248-123-62-broadband.kyivstar.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 01:47:35 2013
176.105.44.130 # lfd: 176.105.44.130 (UA/Ukraine/-), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 01:57:25 2013
178.151.12.136 # lfd: 178.151.12.136 (UA/Ukraine/136.12.151.178.triolan.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 01:57:25 2013
178.137.165.18 # lfd: 178.137.165.18 (UA/Ukraine/178-137-165-18-broadband.kyivstar.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 01:57:25 2013
109.235.10.174 # lfd: 109.235.10.174 (UA/Ukraine/vlaia.zssm.zp.ua), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 01:57:26 2013
89.149.116.81 # lfd: 89.149.116.81 (MD/Moldova, Republic of/-), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 01:57:26 2013
176.240.47.104 # lfd: 176.240.47.104 (TR/Turkey/-), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 02:09:41 2013
213.200.36.21 # lfd: 213.200.36.21 (UA/Ukraine/50711.user.farlep.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 02:09:41 2013
46.118.81.121 # lfd: 46.118.81.121 (UA/Ukraine/SOL-FTTB.121.81.118.46.sovam.net.ua), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 02:09:42 2013
138.110.243.99 # lfd: 138.110.243.99 (US/United States/n243-099.mtholyoke.edu), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 02:09:42 2013
93.78.237.162 # lfd: 93.78.237.162 (UA/Ukraine/-), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 02:09:42 2013
37.229.162.151 # lfd: 37.229.162.151 (UA/Ukraine/37-229-162-151-broadband.kyivstar.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 02:19:37 2013
109.162.94.136 # lfd: 109.162.94.136 (UA/Ukraine/109-162-94-136-kre.broadband.kyivstar.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 02:19:37 2013
37.115.44.84 # lfd: 37.115.44.84 (UA/Ukraine/37-115-44-84-broadband.kyivstar.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 02:19:37 2013
31.193.86.176 # lfd: 31.193.86.176 (UA/Ukraine/-), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 02:19:38 2013
178.137.186.232 # lfd: 178.137.186.232 (UA/Ukraine/178-137-186-232-broadband.kyivstar.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 02:19:38 2013
140.114.202.34 # lfd: 140.114.202.34 (TW/Taiwan/s102022503.HUNG.ab.nthu.edu.tw), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 02:35:19 2013
91.219.196.182 # lfd: 91.219.196.182 (UA/Ukraine/91-219-196-182.planeta.dn.ua), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 02:35:19 2013
178.217.215.159 # lfd: 178.217.215.159 (UA/Ukraine/-), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 02:35:19 2013
91.241.227.79 # lfd: 91.241.227.79 (UA/Ukraine/-), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 02:35:19 2013
178.158.251.102 # lfd: 178.158.251.102 (UA/Ukraine/-), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 02:38:54 2013
109.251.44.102 # lfd: 109.251.44.102 (UA/Ukraine/109.251.44.102.freenet.com.ua), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 02:38:54 2013
46.36.139.89 # lfd: 46.36.139.89 (KZ/Kazakhstan/-), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 02:38:55 2013
93.79.97.218 # lfd: 93.79.97.218 (UA/Ukraine/93-79-97-218.sumy.volia.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 02:38:55 2013
176.8.172.136 # lfd: 176.8.172.136 (UA/Ukraine/176-8-172-136-drgb.broadband.kyivstar.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 02:38:55 2013
46.118.243.9 # lfd: 46.118.243.9 (UA/Ukraine/SOL-FTTB.9.243.118.46.sovam.net.ua), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 03:09:04 2013
93.78.203.69 # lfd: 93.78.203.69 (UA/Ukraine/-), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 03:09:04 2013
46.211.61.115 # lfd: 46.211.61.115 (UA/Ukraine/46-211-61-115-ter.broadband.kyivstar.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 03:09:05 2013
24.133.218.171 # lfd: 24.133.218.171 (TR/Turkey/-), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 03:09:05 2013
109.162.98.42 # lfd: 109.162.98.42 (UA/Ukraine/109-162-98-42-sthn.broadband.kyivstar.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 03:09:05 2013
188.2.114.132 # lfd: 188.2.114.132 (RS/Serbia/cable-188-2-114-132.dynamic.sbb.rs), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 03:14:00 2013
178.137.242.135 # lfd: 178.137.242.135 (UA/Ukraine/178-137-242-135-broadband.kyivstar.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 03:14:00 2013
109.86.23.142 # lfd: 109.86.23.142 (UA/Ukraine/142.23.86.109.triolan.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 03:14:00 2013
178.150.202.131 # lfd: 178.150.202.131 (UA/Ukraine/131.202.150.178.triolan.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 03:14:01 2013
194.12.100.3 # lfd: 194.12.100.3 (UA/Ukraine/-), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 03:14:01 2013
37.229.53.232 # lfd: 37.229.53.232 (UA/Ukraine/37-229-53-232-broadband.kyivstar.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 03:20:05 2013
77.122.164.40 # lfd: 77.122.164.40 (UA/Ukraine/dynamic-77-122-164-040.ricona.net.ua), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 03:20:06 2013
176.8.0.206 # lfd: 176.8.0.206 (UA/Ukraine/176-8-0-206-broadband.kyivstar.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 03:20:06 2013
37.229.49.172 # lfd: 37.229.49.172 (UA/Ukraine/37-229-49-172-broadband.kyivstar.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 03:20:06 2013
92.49.195.81 # lfd: 92.49.195.81 (UA/Ukraine/92-49-195-81.dynamic.peoplenet.ua), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 03:24:00 2013
178.150.124.140 # lfd: 178.150.124.140 (UA/Ukraine/140.124.150.178.triolan.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 03:24:01 2013
68.188.253.205 # lfd: 68.188.253.205 (US/United States/68-188-253-205.dhcp.bycy.mi.charter.com), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 03:24:01 2013
109.251.217.207 # lfd: 109.251.217.207 (UA/Ukraine/109.251.217.207.freenet.com.ua), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 03:24:02 2013
37.115.74.114 # lfd: 37.115.74.114 (UA/Ukraine/37-115-74-114-broadband.kyivstar.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 03:24:02 2013
46.211.219.134 # lfd: 46.211.219.134 (UA/Ukraine/-), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 03:33:11 2013
109.162.72.234 # lfd: 109.162.72.234 (UA/Ukraine/109-162-72-234-blts.broadband.kyivstar.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 03:33:12 2013
138.110.174.145 # lfd: 138.110.174.145 (US/United States/-), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 03:33:12 2013
178.151.37.196 # lfd: 178.151.37.196 (UA/Ukraine/196.37.151.178.triolan.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 03:33:12 2013
46.118.109.157 # lfd: 46.118.109.157 (UA/Ukraine/SOL-FTTB.157.109.118.46.sovam.net.ua), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 03:33:13 2013
46.219.61.27 # lfd: 46.219.61.27 (UA/Ukraine/46.219.61.27.freenet.com.ua), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 03:36:47 2013
37.115.32.128 # lfd: 37.115.32.128 (UA/Ukraine/37-115-32-128-broadband.kyivstar.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 03:36:47 2013
93.95.185.26 # lfd: 93.95.185.26 (UA/Ukraine/-), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 03:36:47 2013
46.118.241.37 # lfd: 46.118.241.37 (UA/Ukraine/SOL-FTTB.37.241.118.46.sovam.net.ua), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 03:36:48 2013
77.123.82.64 # lfd: 77.123.82.64 (UA/Ukraine/-), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 03:43:28 2013
77.122.146.74 # lfd: 77.122.146.74 (UA/Ukraine/dynamic-77-122-146-074.ricona.net.ua), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 03:43:29 2013
212.2.137.93 # lfd: 212.2.137.93 (UA/Ukraine/-), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 03:43:29 2013
176.8.22.121 # lfd: 176.8.22.121 (UA/Ukraine/176-8-22-121-brdn.broadband.kyivstar.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 03:43:30 2013
46.185.98.93 # lfd: 46.185.98.93 (UA/Ukraine/-), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 03:55:41 2013
37.57.165.249 # lfd: 37.57.165.249 (UA/Ukraine/249.165.57.37.triolan.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 03:55:42 2013
5.250.218.149 # lfd: 5.250.218.149 (AZ/Azerbaijan/-), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 03:55:42 2013
37.57.249.94 # lfd: 37.57.249.94 (UA/Ukraine/94.249.57.37.triolan.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 03:55:43 2013
98.192.8.245 # lfd: (mod_security) mod_security (id:960032) triggered by 98.192.8.245 (US/United States/c-98-192-8-245.hsd1.ga.comcast.net): 5 in the last 300 secs - Fri Nov 15 04:03:43 2013
188.230.1.30 # lfd: 188.230.1.30 (UA/Ukraine/ip-188-230-1-30.airbites.net.ua), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 04:09:29 2013
5.248.206.164 # lfd: 5.248.206.164 (UA/Ukraine/5-248-206-164-broadband.kyivstar.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 04:09:29 2013
74.135.38.33 # lfd: 74.135.38.33 (US/United States/-), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 04:09:31 2013
31.170.151.17 # lfd: 31.170.151.17 (UA/Ukraine/ip-31-170-151-17.kichkas.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 04:09:31 2013
178.150.90.238 # lfd: 178.150.90.238 (UA/Ukraine/238.90.150.178.triolan.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 04:14:34 2013
217.9.250.89 # lfd: 217.9.250.89 (LT/Lithuania/89.250.9.217.static.lrtc.lt), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 04:14:35 2013
61.56.176.76 # lfd: 61.56.176.76 (TW/Taiwan/-), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 04:14:35 2013
109.87.125.195 # lfd: 109.87.125.195 (UA/Ukraine/195.125.87.109.triolan.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 04:14:36 2013
222.107.33.198 # lfd: 222.107.33.198 (KR/Korea, Republic of/-), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 04:19:00 2013
92.112.42.201 # lfd: 92.112.42.201 (UA/Ukraine/201-42-112-92.pool.ukrtel.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 04:19:00 2013
221.133.64.51 # lfd: 221.133.64.51 (JP/Japan/kct07a-051.spacelan.ne.jp), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 04:19:01 2013
77.123.11.116 # lfd: 77.123.11.116 (UA/Ukraine/-), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 04:19:02 2013
77.244.37.243 # lfd: 77.244.37.243 (UA/Ukraine/77-244.37-243.dynamic-FTTB.kharkov.volia.com), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 04:23:30 2013
93.79.154.15 # lfd: 93.79.154.15 (UA/Ukraine/-), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 04:23:31 2013
37.229.81.239 # lfd: 37.229.81.239 (UA/Ukraine/37-229-81-239-broadband.kyivstar.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 04:23:31 2013
94.153.52.215 # lfd: 94.153.52.215 (UA/Ukraine/94-153-52-215-dpdz.broadband.kyivstar.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 04:23:32 2013
212.66.58.220 # lfd: 212.66.58.220 (UA/Ukraine/-), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 04:23:32 2013
94.153.14.241 # lfd: 94.153.14.241 (UA/Ukraine/94-153-14-241-rov.broadband.kyivstar.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 04:30:51 2013
125.142.213.25 # lfd: 125.142.213.25 (KR/Korea, Republic of/-), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 04:30:52 2013
178.158.145.220 # lfd: 178.158.145.220 (UA/Ukraine/-), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 04:30:53 2013
178.236.48.46 # lfd: 178.236.48.46 (GE/Georgia/-), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 04:30:53 2013
190.230.137.208 # lfd: 190.230.137.208 (AR/Argentina/host208.190-230-137.telecom.net.ar), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 04:34:52 2013
5.248.83.196 # lfd: 5.248.83.196 (UA/Ukraine/5-248-83-196-broadband.kyivstar.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 04:34:52 2013
109.251.75.235 # lfd: 109.251.75.235 (UA/Ukraine/109.251.75.235.freenet.com.ua), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 04:34:53 2013
77.123.196.39 # lfd: 77.123.196.39 (UA/Ukraine/dhcp-pool.net-77.123.196.host-39.sev.crimea.volia.ua), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 04:34:53 2013
201.215.155.169 # lfd: 201.215.155.169 (CL/Chile/pc-169-155-215-201.cm.vtr.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 04:50:45 2013
178.136.121.97 # lfd: 178.136.121.97 (UA/Ukraine/178-136-121-97.dynamic.vega-ua.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 04:50:46 2013
109.254.74.66 # lfd: 109.254.74.66 (UA/Ukraine/-), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 04:50:46 2013
118.44.200.13 # lfd: 118.44.200.13 (KR/Korea, Republic of/-), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 04:50:47 2013
109.72.118.241 # lfd: 109.72.118.241 (UA/Ukraine/CPE180241.tvcom.net.ua), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 04:50:47 2013
46.252.57.140 # lfd: 46.252.57.140 (BG/Bulgaria/area1-57-140.balchik.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 04:58:51 2013
5.248.137.224 # lfd: 5.248.137.224 (UA/Ukraine/5-248-137-224-broadband.kyivstar.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 04:58:51 2013
77.236.187.17 # lfd: 77.236.187.17 (BG/Bulgaria/-), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 04:58:52 2013
93.78.24.167 # lfd: 93.78.24.167 (UA/Ukraine/-), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 04:58:52 2013
183.13.245.211 # lfd: (smtpauth) Failed SMTP AUTH login from 183.13.245.211 (CN/China/-): 5 in the last 300 secs - Fri Nov 15 05:38:10 2013
14.55.197.45 # lfd: 14.55.197.45 (KR/Korea, Republic of/-), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 05:40:40 2013
84.252.56.59 # lfd: 84.252.56.59 (BG/Bulgaria/84-252-56-59.2073299381.ddns-lan.lom.ekk.bg), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 05:40:40 2013
77.121.93.203 # lfd: 77.121.93.203 (UA/Ukraine/77-121-93-203.dynamic.kits.zp.ua), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 05:40:41 2013
72.179.149.97 # lfd: 72.179.149.97 (US/United States/cpe-72-179-149-97.satx.res.rr.com), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 05:40:41 2013
112.165.253.166 # lfd: 112.165.253.166 (KR/Korea, Republic of/-), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 05:47:21 2013
176.121.227.65 # lfd: 176.121.227.65 (UA/Ukraine/-), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 05:47:21 2013
31.134.215.233 # lfd: 31.134.215.233 (UA/Ukraine/31-134-215-233.city-net.net.ua), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 05:47:21 2013
199.114.242.70 # lfd: (ftpd) Failed FTP login from 199.114.242.70 (US/United States/-): 10 in the last 300 secs - Fri Nov 15 05:54:36 2013
94.153.32.16 # lfd: 94.153.32.16 (UA/Ukraine/94-153-32-16-gprs.kyivstar.net), 5 distributed smtpauth attacks on account [info] in the last 300 secs - Fri Nov 15 06:06:13 2013
77.71.16.37 # lfd: 77.71.16.37 (BG/Bulgaria/ip-37-16-71-77.bgwan.com), 5 distributed smtpauth attacks on account [info] in the last 300 secs - Fri Nov 15 06:06:13 2013
75.144.250.67 # lfd: (ftpd) Failed FTP login from 75.144.250.67 (US/United States/75-144-250-67-SFBA.hfc.comcastbusiness.net): 10 in the last 300 secs - Fri Nov 15 06:31:20 2013
112.111.160.10 # lfd: (ftpd) Failed FTP login from 112.111.160.10 (CN/China/-): 10 in the last 300 secs - Fri Nov 15 06:38:02 2013
94.23.253.45 # lfd: (ftpd) Failed FTP login from 94.23.253.45 (FR/France/ns383500.ovh.net): 10 in the last 300 secs - Fri Nov 15 07:17:30 2013
188.230.82.12 # lfd: 188.230.82.12 (UA/Ukraine/ip-188-230-82-12.airbites.net.ua), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 07:50:33 2013
62.122.62.63 # lfd: 62.122.62.63 (UA/Ukraine/pptp-62-63.vnet.dn.ua), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 07:50:33 2013
118.128.185.73 # lfd: 118.128.185.73 (KR/Korea, Republic of/-), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 07:50:34 2013
66.168.190.132 # lfd: 66.168.190.132 (US/United States/66-168-190-132.dhcp.gwnt.ga.charter.com), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 07:50:34 2013
187.243.255.169 # lfd: 187.243.255.169 (MX/Mexico/customer-CLN-255-169.megared.net.mx), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 07:50:34 2013
183.13.244.33 # lfd: (smtpauth) Failed SMTP AUTH login from 183.13.244.33 (CN/China/-): 5 in the last 300 secs - Fri Nov 15 08:28:47 2013
208.84.146.60 # lfd: (CT) IP 208.84.146.60 (US/United States/server1.moreworld.com) found to have 314 connections - Fri Nov 15 08:31:13 2013
24.217.205.20 # lfd: 24.217.205.20 (US/United States/24-217-205-20.dhcp.stls.mo.charter.com), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 09:04:28 2013
118.113.228.72 # lfd: 118.113.228.72 (CN/China/-), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 09:04:28 2013
5.248.135.191 # lfd: 5.248.135.191 (UA/Ukraine/5-248-135-191-broadband.kyivstar.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 09:04:29 2013
159.224.35.90 # lfd: 159.224.35.90 (UA/Ukraine/90.35.224.159.triolan.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 09:04:29 2013
176.101.193.179 # lfd: 176.101.193.179 (UA/Ukraine/-), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 09:04:30 2013
184.170.141.71 # lfd: (CT) IP 184.170.141.71 (CA/Canada/-) found to have 347 connections - Fri Nov 15 09:20:50 2013
81.169.150.171 # lfd: (CT) IP 81.169.150.171 (DE/Germany/h2008817.stratoserver.net) found to have 308 connections - Fri Nov 15 09:22:20 2013
37.115.1.82 # lfd: 37.115.1.82 (UA/Ukraine/37-115-1-82-broadband.kyivstar.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 09:50:34 2013
37.57.183.95 # lfd: 37.57.183.95 (UA/Ukraine/95.183.57.37.triolan.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 09:50:34 2013
37.115.48.56 # lfd: 37.115.48.56 (UA/Ukraine/37-115-48-56-broadband.kyivstar.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 09:50:35 2013
37.252.92.249 # lfd: 37.252.92.249 (AM/Armenia/host-249.92.252.37.ucom.am), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 09:50:35 2013
203.187.228.224 # lfd: (mod_security) mod_security (id:950004) triggered by 203.187.228.224 (IN/India/224-228-187-203.static.youbroadband.in): 5 in the last 300 secs - Fri Nov 15 09:53:04 2013
109.86.179.129 # lfd: 109.86.179.129 (UA/Ukraine/129.179.86.109.triolan.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 10:27:39 2013
178.90.73.62 # lfd: 178.90.73.62 (KZ/Kazakhstan/178.90.73.62.megaline.telecom.kz), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 10:27:39 2013
93.79.71.166 # lfd: 93.79.71.166 (UA/Ukraine/93-79-71-166.sumy.volia.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 10:27:40 2013
92.52.168.201 # lfd: 92.52.168.201 (UA/Ukraine/-), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 10:27:40 2013
66.7.214.192 # lfd: (cpanel) Failed cPanel login from 66.7.214.192 (US/United States/rin1.dizinc.com): 5 in the last 300 secs - Fri Nov 15 10:30:34 2013
219.131.13.6 # lfd: (smtpauth) Failed SMTP AUTH login from 219.131.13.6 (CN/China/6.13.131.219.broad.hz.gd.dynamic.163data.com.cn): 5 in the last 300 secs - Fri Nov 15 10:36:24 2013
113.193.32.251 # lfd: (mod_security) mod_security (id:950004) triggered by 113.193.32.251 (IN/India/-): 5 in the last 300 secs - Fri Nov 15 10:40:59 2013
89.149.105.234 # lfd: 89.149.105.234 (MD/Moldova, Republic of/-), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 11:14:56 2013
89.45.221.61 # lfd: 89.45.221.61 (RO/Romania/free-89.45.221.61.acx.ro), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 11:14:56 2013
190.48.163.76 # lfd: 190.48.163.76 (AR/Argentina/190-48-163-76.speedy.com.ar), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 11:14:56 2013
81.95.176.79 # lfd: 81.95.176.79 (UA/Ukraine/81.95.176.79.freenet.com.ua), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 11:14:58 2013
138.110.243.71 # lfd: 138.110.243.71 (US/United States/n243-071.mtholyoke.edu), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 11:14:58 2013
37.57.48.19 # lfd: 37.57.48.19 (UA/Ukraine/19.48.57.37.triolan.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 11:27:54 2013
5.105.117.161 # lfd: 5.105.117.161 (UA/Ukraine/5-105-117-161.mytrinity.com.ua), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 11:27:54 2013
46.36.153.67 # lfd: 46.36.153.67 (KZ/Kazakhstan/-), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 11:27:55 2013
91.235.224.154 # lfd: 91.235.224.154 (UA/Ukraine/-), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 11:27:55 2013
77.122.243.181 # lfd: 77.122.243.181 (UA/Ukraine/dynamic-77-122-243-181.ricona.net.ua), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 11:27:55 2013
183.13.241.91 # lfd: (smtpauth) Failed SMTP AUTH login from 183.13.241.91 (CN/China/-): 5 in the last 300 secs - Fri Nov 15 11:30:34 2013
178.151.2.88 # lfd: 178.151.2.88 (UA/Ukraine/88.2.151.178.triolan.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 11:34:30 2013
89.185.24.238 # lfd: 89.185.24.238 (UA/Ukraine/CPE1970238.tvcom.net.ua), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 11:34:30 2013
109.162.11.8 # lfd: 109.162.11.8 (UA/Ukraine/109-162-11-8-kzts.broadband.kyivstar.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 11:34:31 2013
178.150.105.11 # lfd: 178.150.105.11 (UA/Ukraine/11.105.150.178.triolan.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 11:34:32 2013
91.225.221.55 # lfd: 91.225.221.55 (UA/Ukraine/-), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 11:34:32 2013
46.98.68.36 # lfd: 46.98.68.36 (UA/Ukraine/36.68.PPPoE.fregat.ua), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 11:44:09 2013
46.211.106.31 # lfd: 46.211.106.31 (UA/Ukraine/46-211-106-31-gprs.kyivstar.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 11:44:09 2013
37.252.92.185 # lfd: 37.252.92.185 (AM/Armenia/host-185.92.252.37.ucom.am), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 11:44:10 2013
188.190.51.83 # lfd: 188.190.51.83 (UA/Ukraine/-), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 11:44:10 2013
202.146.217.130 # lfd: (smtpauth) Failed SMTP AUTH login from 202.146.217.130 (HK/Hong Kong/-): 5 in the last 300 secs - Fri Nov 15 11:54:53 2013
37.115.53.213 # lfd: 37.115.53.213 (UA/Ukraine/37-115-53-213-broadband.kyivstar.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 12:22:40 2013
95.57.231.251 # lfd: 95.57.231.251 (KZ/Kazakhstan/95.57.231.251.metro.online.kz), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 12:22:40 2013
176.120.39.16 # lfd: 176.120.39.16 (UA/Ukraine/-), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 12:22:41 2013
46.118.219.205 # lfd: 46.118.219.205 (UA/Ukraine/SOL-FTTB.205.219.118.46.sovam.net.ua), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 12:22:41 2013
77.123.33.181 # lfd: 77.123.33.181 (UA/Ukraine/-), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 12:22:42 2013
85.15.235.15 # lfd: 85.15.235.15 (LV/Latvia/-), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 12:28:46 2013
37.229.176.198 # lfd: 37.229.176.198 (UA/Ukraine/37-229-176-198-broadband.kyivstar.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 12:28:46 2013
121.152.227.48 # lfd: 121.152.227.48 (KR/Korea, Republic of/-), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 12:28:46 2013
77.122.240.180 # lfd: 77.122.240.180 (UA/Ukraine/dynamic-77-122-240-180.ricona.net.ua), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 12:28:47 2013
93.79.176.195 # lfd: 93.79.176.195 (UA/Ukraine/-), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 12:28:47 2013
109.162.59.69 # lfd: 109.162.59.69 (UA/Ukraine/109-162-59-69-nkpl.broadband.kyivstar.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 12:34:03 2013
109.254.130.25 # lfd: 109.254.130.25 (UA/Ukraine/-), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 12:34:03 2013
159.224.82.185 # lfd: 159.224.82.185 (UA/Ukraine/185.82.224.159.triolan.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 12:34:04 2013
159.224.98.230 # lfd: 159.224.98.230 (UA/Ukraine/230.98.224.159.triolan.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 12:34:05 2013
46.118.207.40 # lfd: 46.118.207.40 (UA/Ukraine/SOL-FTTB.40.207.118.46.sovam.net.ua), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 12:34:06 2013
194.28.7.42 # lfd: 194.28.7.42 (UA/Ukraine/42.7.28.194.pppoe.itk.sumy.ua), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 12:38:02 2013
70.123.92.136 # lfd: 70.123.92.136 (US/United States/-), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 12:38:04 2013
176.8.5.193 # lfd: 176.8.5.193 (UA/Ukraine/176-8-5-193-broadband.kyivstar.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 12:38:05 2013
37.115.161.48 # lfd: 37.115.161.48 (UA/Ukraine/37-115-161-48-broadband.kyivstar.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 12:45:38 2013
178.158.211.66 # lfd: 178.158.211.66 (UA/Ukraine/-), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 12:45:39 2013
212.2.153.131 # lfd: 212.2.153.131 (UA/Ukraine/-), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 12:45:39 2013
37.139.108.182 # lfd: 37.139.108.182 (UA/Ukraine/182-108-139-37.host.sevstar.net), 5 distributed smtpauth attacks on account [info@akshayengineering.com] in the last 300 secs - Fri Nov 15 12:45:39 2013
and how can i stop such process ?
Sergio
Junior Member
Posts: 1685
Joined: 12 Dec 2006, 14:56

Re: distributed SMTP Logins on account

Post by Sergio »

This type of attack is very common, some hackers tries to get access to the email account if your CSF doesn't block the IP they will keep trying to find the password or if the computer has a virus, it will get the password and send it to a hacker. If the access to the account is granted, the hacker post the password in his wall and in a few seconds thousands of hackers around the world will be trying to access the account, all of them with one goal in mind, send spam from that account. As the account doesn't appear in any black list, the email will be delivered and accepted in any server around the world. If your CSF is not well configured or if you don't have MailScanner installed (or any software alike) your server will be sending thousands of emails and in a short time your server will appear in RBLs.

Even if you change credentials you can't stop this, at least until the hackers got tired of trying and see that the account can't be accessed and that will take some time. In my servers I collect this type of attacks and all the IPs that got banned goes to an special IPTABLE where I add them, so, in the next attack they will not access my servers anymore.

What you have done is good, changing passwords is ok. One more thing that you can do with an account that has been compromised is to delete the account and create forwarder. So, if the email account has been used for a long time, changing to a new account will not matter as the forwarder will be active and the user will never lost any email and the best thing is that hackers will try to access an account that is no longer active and you can add all the IPs to your firewall.

Sergio
crazyaboutlinux
Junior Member
Posts: 36
Joined: 21 Mar 2009, 14:48

Re: distributed SMTP Logins on account

Post by crazyaboutlinux »

Hi,

Thank you so much for the detail explanation, In my other server i have found below 5 distributed smtpauth attacks entries

Code: Select all

113.87.48.133 # lfd: 113.87.48.133 (CN/China/-), 5 distributed smtpauth attacks on account [contact] in the last 300 secs - Sun Nov 17 20:24:03 2013
119.136.180.181 # lfd: 119.136.180.181 (CN/China/-), 5 distributed smtpauth attacks on account [contact] in the last 300 secs - Sun Nov 17 20:24:03 2013
it is showing only this entry "5 distributed smtpauth attacks on account [contact]" i am not able to FQDN what can be done further ?

regards,
Nilesh
Sergio
Junior Member
Posts: 1685
Joined: 12 Dec 2006, 14:56

Re: distributed SMTP Logins on account

Post by Sergio »

This is very common, that IP is trying to get access to the account, some times hackers are just fishing, they don't know if the account or user exist. You can safely block any IP that is doing this on your server.

Sergio
crazyaboutlinux
Junior Member
Posts: 36
Joined: 21 Mar 2009, 14:48

Re: distributed SMTP Logins on account

Post by crazyaboutlinux »

thanks for details explanation

as you said
If your CSF is not well configured or if you don't have MailScanner installed (or any software alike) your server will be sending thousands of emails and in a short time your server will appear in RBLs.
>> could you please assist me to configure CSF well so that it blocker attackers IP immediately ?,

do let me know require CSF configuration which needs to be enabled on the server..

also are you talking about this mail scanner ? http://configserver.com/free/mailscanner.html
Sergio
Junior Member
Posts: 1685
Joined: 12 Dec 2006, 14:56

Re: distributed SMTP Logins on account

Post by Sergio »

I will suggest the other one:
http://configserver.com/cp/mailscanner.html
It is payed but, believe me, it is worth it.

Sergio
crazyaboutlinux
Junior Member
Posts: 36
Joined: 21 Mar 2009, 14:48

Re: distributed SMTP Logins on account

Post by crazyaboutlinux »

HI Sergio,

Thank for your for proving URL, i have read details description and come to know that this tool is useless for me as This service is designed to help protect your users' mailboxes from incoming spam and viruses. If your problem is with outgoing spam being sent from your server,

Source URL http://configserver.com/cp/mailscanner.html
Important: This service is designed to help protect your users' mailboxes from incoming spam and viruses. If your problem is with outgoing spam being sent from your server, please look at one of our other services, such as the Exploit Scan Service or the cPanel Server Service Package.
kepes
Junior Member
Posts: 1
Joined: 06 Feb 2014, 10:21
Location: Hungary
Contact:

Re: distributed SMTP Logins on account

Post by kepes »

Hi,

we faced "distributed SMTP Logins on account" problem many of our servers. I think "LF_DISTSMTP" option is useless and should be zero. My explanation:

- LF_DISTSMTP "track of successful SMTP logins" as comment say in configuration file. So this option is useless for password quessing attack where many server try to bruteforce mail account with bad passwords.

- Your customers maybe use Google mail or similar online mailer (task list, bug tracking etc.) service where many server from a distributed service log in to your server with good password. This is normal use shouldn't be restricted.

- In our case some customer use Google mail where google log in with many IP address (with good password). With LF_DISTSMTP we blocked hundreds of Google Ip addresses.

- If you try to stop password hacking with bad SMTP authentication you have many other options from exim connection throttling to "LF_SMTPAUTH" option or custom regexp.

Regards, Peter
Post Reply