7 Dec
2012
7 Dec
'12
2:56 p.m.
Hi,
I got hit by a dictionary attack on SMTP AUTH (well it
looked like that
was how they got the login) that was then used to send out spam.
Thankfully the volume was fairly low.
My lessons:
a) SMTP AUTH actually does get attacked - keep an eye on it and use
solid passwords.
Yes: these are real. I've also seen "reverse dictionary attacks" where
an attacker chooses a handful of popular passwords and then tries to
brute-force the username.
Almost all the attacks I have seen involve "unqualified" usernames such
as "andyjpb" rather than "andyjpb(a)ashurst.eu.org".org". For this and many
other reasons, I'd recommend using fully qualified usernames for SMTP AUTH.
Regards,
@ndy
--
andyjpb(a)ashurst.eu.org
http://www.ashurst.eu.org/
0x7EBA75FF