search for: attackerip

Hey All, I'm just wondering whether this is what caused my server to crash. Started last night in NZ land. Jun 20 19:22:11 elm dovecot: imap-login: Disconnected (tried to use disallowed plaintext auth): user=<>, rip=attackerip, lip=10.0.0.3, session=<0C8LzpDfZQDINsQC> occasionally get Jun 20 19:22:52 elm dovecot: imap-login: Disconnected (no auth attempts in 1 secs): user=<>, rip=attackerip, lip=10.0.0.3, session=<bHdz0JDfpwDINsQC> or in 0 secs last at Jun 20 19:26:24 elm dovecot: imap-login: Disc...

Hey All, I'm just wondering whether this is what caused my server to crash. Started last night in NZ land. Jun 20 19:22:11 elm dovecot: imap-login: Disconnected (tried to use disallowed plaintext auth): user=<>, rip=attackerip, lip=10.0.0.3, session=<0C8LzpDfZQDINsQC> occasionally get Jun 20 19:22:52 elm dovecot: imap-login: Disconnected (no auth attempts in 1 secs): user=<>, rip=attackerip, lip=10.0.0.3, session=<bHdz0JDfpwDINsQC> or in 0 secs last at Jun 20 19:26:24 elm dovecot: imap-login: Disc...

...quot;,Severity="Informational",Servic e="PJSIP",EventVersion="1",AccountID="<unknown>", SessionID="56b0ca9-d967a90d16411209-a1b0fae1 at 188.165.222.17",LocalAddress="IPV4/UDP/<MyAddress>/5060", RemoteAddress="IPV4/UDP/<attackerIP>/5213",Challenge="" We have a lot of such tries coming from IPs not allowed and fail2ban fail to ban them because of SecurityEvent not treated and Severity Informational. We add a fail2ban filter to ban those IPs which is OK on our side but also means that attacker knows that...

...mational",Servic >> e="PJSIP",EventVersion="1",AccountID="<unknown>", >> SessionID="56b0ca9-d967a90d16411209-a1b0fae1 at 188.165.222.17",LocalAddress="IPV4/UDP/<MyAddress>/5060", >> RemoteAddress="IPV4/UDP/<attackerIP>/5213",Challenge="" >> >> We have a lot of such tries coming from IPs not allowed and fail2ban >> fail to ban them because of SecurityEvent not treated and Severity >> Informational. >> >> We add a fail2ban filter to ban those IPs which is OK on...