Butuh saran, mail server diserang dari luar negeri mulu

Discussion in 'Masalah Teknik dan Keamanan' started by pasaisea, 26 May 2016.

Thread Status:
Not open for further replies.
  1. pasaisea

    pasaisea Beginner 2.0

    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    Halo, saya butuh bantuan, saran maupun pendapat nih para masta. Saya kan ada mail server buatan sendiri, tapi hampir setiap hari diserang dari luar negeri mulu. Jadi saya perhatiin di postfix selalu ada connection attempt dari luar negeri kayak gini

    May 26 20:36:39 server postfix/smtpd[7233]: connect from unknown[65.157.76.177]
    May 26 20:36:43 server postfix/smtpd[7233]: warning: unknown[65.157.76.177]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
    May 26 20:36:43 server postfix/smtpd[7233]: disconnect from unknown[65.157.76.177]

    Dan kalau IP nya saya blokir-blokirin mereka langsung ganti IP dari negara lain dan begitu terus. Kadang mereka berhasil login entah darimana dan oleh karena itu beberapa email account di webmail server saya ngirim email spam sendiri.

    May 26 20:52:49 server postfix/smtpd[7865]: connect from unknown[178.135.80.139]
    May 26 20:52:50 server postfix/smtpd[7865]: NOQUEUE: reject: RCPT from unknown[178.135.80.139]: 554 5.7.1 <dsldevice.lan>: Helo command rejected: ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (dsldevice.lan); from=<xxx@xxx.com> to=<xxx@xxx.com> proto=ESMTP helo=<dsldevice.lan>
    May 26 20:52:50 server postfix/smtpd[7865]: disconnect from unknown[178.135.80.139]
    May 26 20:54:15 server postfix/smtpd[7865]: warning: hostname triband-del-59.178.48.123.bol.net.in does not resolve to address 59.178.48.123: Name or service not known

    Gimana ya cara menghentikannya, udah pusing nih. Please help, any advice will be greatly appriciated
     
  2. PusatHosting

    PusatHosting Hosting Guru Web Hosting

    Messages:
    3,345
    Likes Received:
    326
    Trophy Points:
    83
    Sepertinya ini biasa saja dan setiap hari begitu, tinggal install saja CSF
     
  3. pasaisea

    pasaisea Beginner 2.0

    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    masa sih Tuan setiap hari di serang hacker yg mo nyoba login SASL Authentication dan HELLO Command mulu? Normal inikah?
     
  4. perdhanahost

    perdhanahost Expert 1.0

    Messages:
    986
    Likes Received:
    147
    Trophy Points:
    43
    Sepakat dengan sarannya om @PusatHosting pasang CSF atau software lain yang sejenisnya, misalnya fail2ban. Normal itu mas @pasaisea untuk server-server public (ter-expose ke internet). Percobaan-percobaan seperti itu sudah seperti nafas, terjadi sepanjang waktu :D
     
  5. HostingMurahAja

    HostingMurahAja Apprentice 2.0

    Messages:
    556
    Likes Received:
    61
    Trophy Points:
    28
    Hal yang sudah biasa terjadi, setuju dengan para master juga :D. Coba saja dulu dengan install csf aja menurut saya fiturnya udah lengkap itu tinggal diklik juga link dari master @PusatHosting
     
  6. dhyhost

    dhyhost Hosting Guru Web Hosting

    Messages:
    3,950
    Likes Received:
    615
    Trophy Points:
    113
    udah biasa itu mah, udah ga heran :D
    tinggal pasang firewall aja biar otomatis diblokir
     
  7. hendranata

    hendranata Hosting Guru

    Messages:
    1,122
    Likes Received:
    85
    Trophy Points:
    48
    Btw ini mail server di cpanel atau bukan ya?
     
  8. idnix

    idnix Hosting Guru

    Messages:
    1,003
    Likes Received:
    189
    Trophy Points:
    63
  9. pasaisea

    pasaisea Beginner 2.0

    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    Bukan mastah, saya pake webmin
     
  10. IDreg.Net

    IDreg.Net Expert 2.0 Web Hosting (Company)

    Messages:
    818
    Likes Received:
    226
    Trophy Points:
    43
    pasang CSF nya di webmin, entr akan lihat hasilnya
     
Loading...
Thread Status:
Not open for further replies.

Share This Page

Loading...