dictionary attacks check

David Banning david+dated+1538662145.ae144b at skytracker.ca
Sat Sep 29 14:09:14 UTC 2018

On Thu, Sep 27, 2018 at 09:13:39PM +0200, Polytropon wrote:
> On Wed, 26 Sep 2018 09:53:29 -0400, David Banning wrote:
> > I wonder what the best way is of checking my system to see
> > if it is commiting these dictionary attacks.
> > 
> > My system it somewhat older;
> > 
> > FreeBSD 3s1.com 9.3-RELEASE FreeBSD 9.3-RELEASE #0
> > 
> > Any pointers would be helpful.
> First of all, check the information you have in the logs;
> /var/log/security is a good point to start. Also check
> the log files for services you run, maybe /var/log/maillog,
> /var/log/xfer.log, /var/log/ftpd.log.

Checked all my logs - I don't actually see any strange actvity.
I have requested that the blacklisting entity remove my IP from the
blacklist. All other blacklists continue to show my server as clean.

Every now and then a smaller system flags my email as coming from
an infected server.

It may be left over from a couple of times my server was infected
many years past or it could be erroneous - something to which the notifying
server admits happens often enough.

> Also check if the services you run start exhibiting
> strange behaviour. In case you notice _that_ - problems
> have already started...
> -- 
> Polytropon
> Magdeburg, Germany
> Happy FreeBSD user since 4.0
> Andra moi ennepe, Mousa, ...

More information about the freebsd-questions mailing list