Welcome to Soft32 Linux Forums!
FAQFAQ    SearchSearch      ProfileProfile    Private MessagesPrivate Messages   Log inLog in

[gentoo-user] Can't block pop3 attack

  
   Soft32 Home -> Linux -> User RSS
Next:  [gentoo-dev] how to become a package maintainer  
Author Message
Robin Atwood

External


Since: Feb 07, 2006
Posts: 19



(Msg. 1) Posted: Sat Oct 24, 2009 1:21 pm
Post subject: [gentoo-user] Can't block pop3 attack
Archived from groups: linux>gentoo>user (more info?)
My syslog is showing zillions of messages:

Oct 24 02:25:58 opal xinetd[8054]: START: pop-3 pid=16534 from=61.134.64.199
Oct 24 02:25:59 opal xinetd[16534]: warning: /etc/hosts.allow, line 7: can't
verify hostname: gethostbyname(199.64.134.61.broad.gs.dynamic.163data.com.cn)
failed
Oct 24 02:26:09 opal xinetd[8054]: EXIT: pop-3 status=0 pid=16534
duration=11(sec)

I run denyhosts but don't trap pop3 messages so I manually added the IP
address to /etc/hosts.deny and..., it made absolutely no difference. I run
qpopper which is compiled with xinetd support and xinetd uses tcpd, so I
assumed the address would be blocked. Apparently not so. Any ideas?

TIA
-Robin
--
----------------------------------------------------------------------
Robin Atwood.

"Ship me somewheres east of Suez, where the best is like the worst,
Where there ain't no Ten Commandments an' a man can raise a thirst"
from "Mandalay" by Rudyard Kipling
----------------------------------------------------------------------
Back to top
Login to vote
kashani

External


Since: Jun 16, 2005
Posts: 194



(Msg. 2) Posted: Sat Oct 24, 2009 7:20 pm
Post subject: Re: [gentoo-user] Can't block pop3 attack [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Robin Atwood wrote:
> On Saturday 24 October 2009, Alan McKinnon wrote:
>> On Friday 23 October 2009 21:49:42 Robin Atwood wrote:
>>> My syslog is showing zillions of messages:
>>>
>>> Oct 24 02:25:58 opal xinetd[8054]: START: pop-3 pid=16534
>>> from=61.134.64.199 Oct 24 02:25:59 opal xinetd[16534]: warning:
>>> /etc/hosts.allow, line 7: can't verify hostname:
>>> gethostbyname(199.64.134.61.broad.gs.dynamic.163data.com.cn) failed
>>> Oct 24 02:26:09 opal xinetd[8054]: EXIT: pop-3 status=0 pid=16534
>>> duration=11(sec)
>>>
>>> I run denyhosts but don't trap pop3 messages so I manually added the IP
>>> address to /etc/hosts.deny and..., it made absolutely no difference. I
>>> run qpopper which is compiled with xinetd support and xinetd uses tcpd,
>>> so I assumed the address would be blocked. Apparently not so. Any ideas?
>> You have allow ALL ALL early in hosts.allow, or
>> you have allow pop3 all earlier in hosts.allow
>
> The second! I had forgotten about that. The trouble I set it up that way so I
> could pick up email from arbitrary locations while travelling. It seems the
> price of that is allowing idiots to spam your logs.
>
> Thanks for the pointer.
> -Robin

You might think about moving to pop3-ssl or imap-ssl and dropping the
unencrypted protocols. Usually keeps people from banging on the servers
and much safer if you use the occasional unsecured wireless network.

kashani
Back to top
Login to vote
Display posts from previous:   
Related Topics:
[gentoo-user] python: stack smashing attack - Dear my friends, i just try to issue '#emerge -e world' but it stoped by giving following error... please help me to..

[gentoo-user] python stack smashing attack - dear friends, yesterday i sync my portage. but after it completed i can't compile some applications, its always saying...

[gentoo-user] python: stack smashing attack in function sh.. - I have this problem on emerge package and I don't know the cause. emerge --oneshot subversion Calculating dependencies...

[gentoo-user] Emerge -v portage performs sneak attack on e.. - The subject line is half joke... but I just did an sync and then emerged portage as suggested. After the emerge of..

[gentoo-user] fetchmail not flushing yahoo pop3 - Hi, Following the guide, I set up .fetchmailrc as poll pop.mail.yahoo.co.uk protocol pop3 user "$userna...

[gentoo-user] pop3+imapd with xinetd-support? - Hi, I'm looking for some pop3+imap daemon, with xinetd support. Is there something worth trying (+/~amd64)? Maybe..
       Soft32 Home -> Linux -> User All times are: Pacific Time (US & Canada) (change)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Categories:
 Windows
  Linux
 Mac
 PDA

[ Contact us | Terms of Service/Privacy Policy ]