yuby
Beginner 2.0
Hallo para master ,
saya mau menanyakan , apakah ada yang pernah mengalami serangan ddos via smtp di cpanel .
log nya seperti berikut :
2014-01-21 22:07:46 H=dhcp46-187-131-87.eaw.com.pl [46.187.131.87]:1775 F=<[email protected]> rejected RCPT <[email protected]>:
2014-01-21 22:07:46 H=([190.253.123.218]) [190.253.123.218]:3297 F=<[email protected]> rejected RCPT <[email protected]>:
2014-01-21 22:07:47 H=([186.114.32.164]) [186.114.32.164]:22759 F=<[email protected]> rejected RCPT <[email protected]>:
2014-01-21 22:07:47 H=93-62-240-137.ip24.fastwebnet.it [93.62.240.137]:47772 F=<[email protected]> rejected RCPT <[email protected]>:
2014-01-21 22:07:47 H=cpc2-nmal20-2-0-cust907.19-2.cable.virginm.net [92.239.187.140]:54662 F=<[email protected]> rejected RCPT <[email protected]>:
2014-01-21 22:07:50 H=(116-78-190-190.cab.prima.net.ar) [190.190.78.116]:3204 F=<[email protected]> rejected RCPT <[email protected]>:
2014-01-21 22:07:50 H=([190.40.81.206]) [190.40.81.206]:41976 F=<[email protected]> rejected RCPT <[email protected]>:
2014-01-21 22:07:51 H=181-162-34-204.baf.movistar.cl [181.162.34.204]:4878 F=<[email protected]> rejected RCPT <[email protected]>:
2014-01-21 22:07:55 H=(dbe2638e0.dslam-172-17-192-245-256-347-may-04.dsl.cantv.net) [190.38.56.224]:49904 F=<[email protected]> rejected RCPT <[email protected]>:
2014-01-21 22:07:57 H=([190.233.227.100]) [190.233.227.100]:10368 F=<[email protected]> rejected RCPT <[email protected]>:
2014-01-21 22:07:57 H=(182-12-166-181.fibertel.com.ar) [181.166.12.182]:2518 F=<[email protected]> rejected RCPT <[email protected]>:
2014-01-21 22:08:01 H=dslb-178-008-040-094.pools.arcor-ip.net [178.8.40.94]:2175 F=<[email protected]> rejected RCPT <[email protected]>:
2014-01-21 22:08:03 H=(host-176-221-120-189.dynamic.mm.pl) [176.221.120.213]:9189 F=<[email protected]> rejected RCPT <[email protected]>:
saya cek serangan ddos nya lewat port 25 .
Problem :
- ddos tersbut mengirim email ke domain internal , namun alamat email nya sembarang sehinggal failed bouncback
- bisa membuat cpu high process , dan overload
- membuat hang server cpanel
- sumber pengirim ( alamat / IP tidak di ada ) sehingga susah untuk melacaknya
Solusi yang sudah di coba :
- sudah coba blok port 25 di csf , hasilnya ddos berhenti , namun tidak bisa menerima email dari luar ( domain luar ) karena antar smtp berhubungan lewat port 25.
- sudah mengubah blackhole menjadi fail untuk settingan bouncback email nya, sehingga cpu tidak terlalu berat.
Mungkin para suhu mempunyai solusi lain ?
Salam hangat,
Yuby
saya mau menanyakan , apakah ada yang pernah mengalami serangan ddos via smtp di cpanel .
log nya seperti berikut :
2014-01-21 22:07:46 H=dhcp46-187-131-87.eaw.com.pl [46.187.131.87]:1775 F=<[email protected]> rejected RCPT <[email protected]>:
2014-01-21 22:07:46 H=([190.253.123.218]) [190.253.123.218]:3297 F=<[email protected]> rejected RCPT <[email protected]>:
2014-01-21 22:07:47 H=([186.114.32.164]) [186.114.32.164]:22759 F=<[email protected]> rejected RCPT <[email protected]>:
2014-01-21 22:07:47 H=93-62-240-137.ip24.fastwebnet.it [93.62.240.137]:47772 F=<[email protected]> rejected RCPT <[email protected]>:
2014-01-21 22:07:47 H=cpc2-nmal20-2-0-cust907.19-2.cable.virginm.net [92.239.187.140]:54662 F=<[email protected]> rejected RCPT <[email protected]>:
2014-01-21 22:07:50 H=(116-78-190-190.cab.prima.net.ar) [190.190.78.116]:3204 F=<[email protected]> rejected RCPT <[email protected]>:
2014-01-21 22:07:50 H=([190.40.81.206]) [190.40.81.206]:41976 F=<[email protected]> rejected RCPT <[email protected]>:
2014-01-21 22:07:51 H=181-162-34-204.baf.movistar.cl [181.162.34.204]:4878 F=<[email protected]> rejected RCPT <[email protected]>:
2014-01-21 22:07:55 H=(dbe2638e0.dslam-172-17-192-245-256-347-may-04.dsl.cantv.net) [190.38.56.224]:49904 F=<[email protected]> rejected RCPT <[email protected]>:
2014-01-21 22:07:57 H=([190.233.227.100]) [190.233.227.100]:10368 F=<[email protected]> rejected RCPT <[email protected]>:
2014-01-21 22:07:57 H=(182-12-166-181.fibertel.com.ar) [181.166.12.182]:2518 F=<[email protected]> rejected RCPT <[email protected]>:
2014-01-21 22:08:01 H=dslb-178-008-040-094.pools.arcor-ip.net [178.8.40.94]:2175 F=<[email protected]> rejected RCPT <[email protected]>:
2014-01-21 22:08:03 H=(host-176-221-120-189.dynamic.mm.pl) [176.221.120.213]:9189 F=<[email protected]> rejected RCPT <[email protected]>:
saya cek serangan ddos nya lewat port 25 .
Problem :
- ddos tersbut mengirim email ke domain internal , namun alamat email nya sembarang sehinggal failed bouncback
- bisa membuat cpu high process , dan overload
- membuat hang server cpanel
- sumber pengirim ( alamat / IP tidak di ada ) sehingga susah untuk melacaknya
Solusi yang sudah di coba :
- sudah coba blok port 25 di csf , hasilnya ddos berhenti , namun tidak bisa menerima email dari luar ( domain luar ) karena antar smtp berhubungan lewat port 25.
- sudah mengubah blackhole menjadi fail untuk settingan bouncback email nya, sehingga cpu tidak terlalu berat.
Mungkin para suhu mempunyai solusi lain ?
Salam hangat,
Yuby