Sponsored Links

How Can I Stop This?

Last night from 22:08 to 08:03 this morning I had some idiot from an IP address of 58.215.176.110 trying every name they could think of to log in to my mail server - unsucessfully I might add. Is there any way to stop things like this happening as I hate to think how much my poor server had to work for what was 10 hours of continuous rubbish flying at it? The IP address "seems" to resolve to somewhere in China which would account for the stupid names that were being tried. It would be nice to think that I could do something to prevent this happening to me or others again.
 
No it's a standard mail server running on a Windows 7 PC - just run it for the family and as a means of hosting my own domain name. There is little chance (I hope) of anyone actually breaking into it as the passwords are VERY obscure, however, it is more the nuisance factor and even the fact that someone is trying to hack into it that concerns/annoys me.
 
Sponsored Links
Block the IP range at router level, would probably be the easiest way, they would not even get to a stage to try random usernames etc as has been happening then.
 
You can usually block IP's through your firewall, ideally at the router as truth4free suggests, or locally on the PC software. How you do this depends upon the hardware or software that you're using.
 
... it is more the nuisance factor and even the fact that someone is trying to hack into it that concerns/annoys me.

When I used to run a cheap dedicated server the logs were full of daily attempts by hackers to log in. They used to try lists of weak user-name/passwords(admin,test - that sort of thing). There was zero chance of them being successful but they used to try anyway. Apart from moving ssh to a non-standard port, or maybe setting up some kind of port-knocker, there didn't seem to be much I could do. :shrug:
 
Thanks for all the suggestions - gives me plenty of things to try, especially as today it seems a dot cz address is trying to get in:mad:
 
Sponsored Links
cz is Czech Republic, not China (cn)
 
I'd be cautious about IP "range" blocking. It can result in a lot of problems as not everybody in the UK connects via a geographically related IP (e.g. VPN, Proxy servers, satellite connections etc.). Sadly hackers are always going to try and access secure sections; indeed they're often attacks that are conducted by robots looking for easy ways in. Just remember to keep a regular backup and always have security in mind with everything you do.
 
Hi Captain - aware of the difference between and China & Czech Republic, was just saying it was a different location. Lat night I got 86.105.68.176 which would "appear" to be Netherlands. Think somebody may be using a vpn to "manufacture" different locations just for their enjoyment! Still whatever makes them happy, everytime I get a new IP address it now just goes in the router - don't know who will get tired first
 
Sponsored Links
If you use your mail server only from a few static IP addresses just block everything except the IPs you want to access it with, if using a decent router should be an option to only allow specified addresses.
 
Worth pointing out that most of these "attacks" don't involve someone malicious sitting at their PC trying to get into yours, they're "bots", often parasites in that they "infect" other machines and use them to do the "hacking". Should they get a "hit" (crack a user/pass combination) they report that back to whoever set it up and they can then see what's been found and what access they have. More than 9 times out of 10 there's little of value unless you really enjoy reading emails to and from a complete stranger in another part of the world.

If you open up Windows Firewall and turn on full logging, you'll see far more than just your mail server being targetted. The attacks will be more or less continuous and running all the time. By default the firewall should lock down all the ports except those that are needed e.g. 110 and 587 for mail and 80 and/or 443 for webmail (I think, do check)
 
Top
Cheap BIG ISPs for 100Mbps+
Community Fibre UK ISP Logo
150Mbps
Gift: None
Virgin Media UK ISP Logo
Virgin Media £22.99
132Mbps
Gift: None
Vodafone UK ISP Logo
Vodafone £24.00 - 26.00
150Mbps
Gift: None
NOW UK ISP Logo
NOW £24.00
100Mbps
Gift: None
Plusnet UK ISP Logo
Plusnet £25.99
145Mbps
Gift: £50 Reward Card
Large Availability | View All
Cheapest ISPs for 100Mbps+
Gigaclear UK ISP Logo
Gigaclear £17.00
200Mbps
Gift: None
Community Fibre UK ISP Logo
150Mbps
Gift: None
Virgin Media UK ISP Logo
Virgin Media £22.99
132Mbps
Gift: None
Hey! Broadband UK ISP Logo
150Mbps
Gift: None
Youfibre UK ISP Logo
Youfibre £23.99
150Mbps
Gift: None
Large Availability | View All
Sponsored Links
The Top 15 Category Tags
  1. FTTP (6026)
  2. BT (3639)
  3. Politics (2721)
  4. Business (2439)
  5. Openreach (2405)
  6. Building Digital UK (2330)
  7. Mobile Broadband (2146)
  8. FTTC (2083)
  9. Statistics (1901)
  10. 4G (1816)
  11. Virgin Media (1764)
  12. Ofcom Regulation (1582)
  13. Fibre Optic (1467)
  14. Wireless Internet (1462)
  15. 5G (1407)
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms  ,  Privacy and Cookie Policy  ,  Links  ,  Website Rules