Botnet stopped…

Either its been taken off line or I’ve blocked all its IPs.

No more new additions for over 24 hours:


Status for the jail: dovecot-disconnect
|- filter
| |- File list: /var/log/mail.log
| |- Currently failed: 0
| `- Total failed: 718
`- action
|- Currently banned: 699
| `- IP list:
`- Total banned: 699

This entry was posted in Uncategorized and tagged , . Bookmark the permalink.

2 Responses to Botnet stopped…

  1. Bobby Krupczak says:

    Hey! I’m under a slow speed botnet attack to my email server. The problem I’m seeing is that the IP addresses are never used twice. So, fail2ban won’t really help. Any other suggestions as to how to block this attack?

    • Steve says:

      Are you sure you’re never seeing the same address twice? As you can see from my posts I was lucky because the bot net was trying to break into an email server using IDs that aren’t actually valid for the server so I was basically able to put the invalid user check in to basically dump it after one attempt.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.