Date: Sat, 29 Sep 2018 10:09:02 -0400 From: David Banning <david+dated+1538662145.ae144b@skytracker.ca> To: Polytropon <freebsd@edvax.de> Cc: questions@freebsd.org Subject: Re: dictionary attacks check Message-ID: <20180929140901.GA93349@skytracker.ca> In-Reply-To: <20180927211339.63a65ae6.freebsd@edvax.de> References: <20180926135329.GA24139@skytracker.ca> <20180927211339.63a65ae6.freebsd@edvax.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Sep 27, 2018 at 09:13:39PM +0200, Polytropon wrote: > On Wed, 26 Sep 2018 09:53:29 -0400, David Banning wrote: > > I wonder what the best way is of checking my system to see > > if it is commiting these dictionary attacks. > > > > My system it somewhat older; > > > > FreeBSD 3s1.com 9.3-RELEASE FreeBSD 9.3-RELEASE #0 > > > > Any pointers would be helpful. > > First of all, check the information you have in the logs; > /var/log/security is a good point to start. Also check > the log files for services you run, maybe /var/log/maillog, > /var/log/xfer.log, /var/log/ftpd.log. Checked all my logs - I don't actually see any strange actvity. I have requested that the blacklisting entity remove my IP from the blacklist. All other blacklists continue to show my server as clean. Every now and then a smaller system flags my email as coming from an infected server. It may be left over from a couple of times my server was infected many years past or it could be erroneous - something to which the notifying server admits happens often enough. > > Also check if the services you run start exhibiting > strange behaviour. In case you notice _that_ - problems > have already started... > > > > -- > Polytropon > Magdeburg, Germany > Happy FreeBSD user since 4.0 > Andra moi ennepe, Mousa, ... >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20180929140901.GA93349>