On Mon, 2 May 2005, Robert S wrote: > There seem to be bursts of this sort of activity every day or two, from > different addresses.
good .. consider it a free server audit by script kiddies > What concerns me is that the attackers seem to be able to retrieve the names > of users on my system. How do they do that, and how can I prevent it? lucky guess ... or plain ole (trivial) network sniffing - sniff any/all of the emails and follow that email into the server and try to guess their passwords - never use the same email addy ( john ) as your any of your loginID ( john ) .. one of it should be "jsmith" or some other non-guessible loginid ... and aliase [EMAIL PROTECTED] in your /etc/alias files back to j1z3k5 so that j1z3k5 can read/delete/reply their emails addressed to john > I am running Woody, with up-to-date patches, behind a cheap hardware > firewall-router. Open ports are 22 (sshd), 25 (sendmail), 80 (apache), 443 > (apache-ssl), 993 (courier-imap over ssl) and 995 (courier-pop over ssl). pretty good :-) .. except do not depend on the firewall .. assume its cracked and protect everything else ... ( full and incremental and encrypted backups .. dating back months.. ) c ya alvin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
