Control Web Panel
Security => CSF Firewall => Topic started by: Domains on December 28, 2022, 12:51:41 PM
-
Hello,
It seems someone trying to hack my server from China.
I receive more than 30 emails per day with following kind of message in my inbox:
Time: Tue Dec 27 23:07:47 2022 -0500
IP: 180.125.207.88 (CN/China/-)
Failures: 3 (smtpauth)
Interval: 3600 seconds
Blocked: Permanent Block [LF_SMTPAUTH]
Log entries:
Dec 27 23:07:22 cp postfix/smtpd[53555]: warning: unknown[180.125.207.88]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Dec 27 23:07:30 cp postfix/smtpd[53555]: warning: unknown[180.125.207.88]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Dec 27 23:07:41 cp postfix/smtpd[53555]: warning: unknown[180.125.207.88]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
can you help me how can I get ride of this idiot? He's in china because almost all blocked IPs in firewall come from china .
How can I block all China country in my firewall?
-
edit /etc/csf/csf.conf
CC_DENY = "BG,CN,KP,RU,NG"
(Sorry if it's your country, but this list includes the top 5 hacking countries in my US-based observation.)
service csf restart