Re: Host attempting to log in constantly via POP3
From: Alan Connor (zzzzzz_at_xxx.yyy)
Date: Mon, 01 Mar 2004 01:28:20 GMT
On Sun, 29 Feb 2004 17:15:15 -0600, Mark Hittinger <email@example.com> wrote:
> firstname.lastname@example.org (Alan Baker) writes:
>>My logs show some computer attempting to log into my Linux server via
>>POP3 every 5-10 seconds using the same userid. Apparently they do not
>>have the password so the attempts always fail. There have been about
>>100,000 attempts this month.
> Are you hosting a domain on that Linux server that may have belonged to
> someone else awhile back? The owner of this PC might have set up their
> PC to look for email on that domain when it belonged to the person before
> Anyway instead of blocking it another idea is to put up a pop server and
> an account that matches what the pest is trying to do. Put some mail in
> there for them asking them to fix their configuration. You could hand them
> one message a day for a few days and then firewall it off. It might be
> too much work for one but I'd bet there are others.
> When you get a domain these days you have to be careful about where its
> been. :-)
> Mark Hittinger
I gather you DO run a POPserver...
So create an account for them and fill it with mail, but don't accept
any OUTSIDE mail delivery.
A thousand copies of this, each time it is emptied:
Subject: PLEASE QUIT!
Please stop trying to log into my pop server, you knucklehead!