Apr 17 2014
We have noticed an increase in the number of attempts from different IPs to get access to some of our email clients. The malicious activity is not targeting specific accounts but any email account which has a “week” password!
While we do have implemented a softlayer in the firewall that attempts to ban these IPs, it is critical that all the emails avoid simple passwords like “123456” or “testtest” and similar cases. The firewall will ban the malicious IP within 5 wrong attempts but we cannot avoid the guessing of the very simple passwords.
Time: Thu Apr 17 06:29:37 2014 +0200
IP: 22.214.171.124 (RU/Russian Federation/126.96.36.199.stbur.ru)
Failures: 5 (smtpauth)
Interval: 3600 seconds
Blocked: Permanent Block
2014-04-17 06:09:08 dovecot_plain authenticator failed for (AVN1) [188.8.131.52]:62001: 535 Incorrect authentication data (set_id=admin@XXXXXX.net)
2014-04-17 06:09:14 dovecot_login authenticator failed for (AVN1) [184.108.40.206]:62001: 535 Incorrect authentication data (set_id=admin@XXXXX.net)
2014-04-17 06:29:35 dovecot_plain authenticator failed for (AVN1) [220.127.116.11]:62079: 535 Incorrect authentication data (set_id=info@XXXX.net)
If you want to have a strong password, there are different websites which provide a password generator (we can recommend this one: http://shqiperia.com/webmaster/gjenerofjalekalim/). Change your weak password today to avoid your headache of tomorrow. And if you have a large number of passwords, there are some applications like LastPass which can help you in dealing with the problem.