Dictionary attack via IMAP ??

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
User avatar
jasggomes
Advanced member
Advanced member
Posts: 90
Joined: Sat Sep 13, 2014 12:59 am
Location: Lisbon, PT
ZCS/ZD Version: Release 8.7.11.GA.1854.UBUNTU14.64
Contact:

Dictionary attack via IMAP ??

Post by jasggomes »

Hello everyone,

On the last 2 days I'm seeing a pattern attack using IMAP port 143 against my Zimbra 8.8.7.

I've a CSF FW implemented on this server, and it's also behind a PFsense FW, but this continues to going on, although it's not alarming 'much' me its annoying...

On my csf.deny file I've those ::::

220.225.7.49 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 220.225.7.49 (IN/India/-): 1 in the last 3600 secs - Wed Jul 25 07:21:58 2018
182.137.14.229 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 182.137.14.229 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 07:22:13 2018
218.57.237.243 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 218.57.237.243 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 07:22:43 2018
189.59.1.123 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 189.59.1.123 (BR/Brazil/corporativo.static.gvt.net.br): 1 in the last 3600 secs - Wed Jul 25 07:22:58 2018
120.209.31.231 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 120.209.31.231 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 07:23:09 2018
218.23.114.22 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 218.23.114.22 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 07:23:44 2018
221.131.86.182 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 221.131.86.182 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 07:23:55 2018
61.233.18.34 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 61.233.18.34 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 07:23:59 2018
36.7.79.21 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 36.7.79.21 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 07:24:48 2018
218.22.187.66 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 218.22.187.66 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 07:25:19 2018
218.201.14.134 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 218.201.14.134 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 07:27:20 2018
58.210.119.226 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 58.210.119.226 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 07:28:14 2018
120.209.15.120 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 120.209.15.120 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 07:29:53 2018
58.18.170.107 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 58.18.170.107 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 07:39:24 2018
116.228.141.62 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 116.228.141.62 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 07:40:09 2018
112.218.211.227 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 112.218.211.227 (KR/Republic of Korea/-): 1 in the last 3600 secs - Wed Jul 25 07:43:34 2018
120.237.228.16 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 120.237.228.16 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 08:03:11 2018
201.140.110.78 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 201.140.110.78 (MX/Mexico/78.201-140-110.bestel.com.mx): 1 in the last 3600 secs - Wed Jul 25 08:04:45 2018
118.163.135.17 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 118.163.135.17 (TW/Taiwan/118-163-135-17.HINET-IP.hinet.net): 1 in the last 3600 secs - Wed Jul 25 08:10:50 2018
183.224.81.214 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 183.224.81.214 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 08:11:36 2018
60.29.0.49 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 60.29.0.49 (CN/China/no-data): 1 in the last 3600 secs - Wed Jul 25 08:12:20 2018
120.194.212.234 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 120.194.212.234 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 08:13:03 2018
202.107.34.250 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 202.107.34.250 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 08:13:30 2018
61.82.71.36 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 61.82.71.36 (KR/Republic of Korea/-): 1 in the last 3600 secs - Wed Jul 25 08:13:45 2018
195.88.83.34 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 195.88.83.34 (SI/Slovenia/-): 1 in the last 3600 secs - Wed Jul 25 08:14:20 2018
60.161.139.49 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 60.161.139.49 (CN/China/49.139.161.60.broad.lc.yn.dynamic.163data.com.cn): 1 in the last 3600 secs - Wed Jul 25 08:15:05 2018
218.104.234.173 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 218.104.234.173 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 08:21:26 2018
78.25.82.10 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 78.25.82.10 (RU/Russia/megapolis.insystem.ru): 1 in the last 3600 secs - Wed Jul 25 08:22:40 2018
60.255.181.245 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 60.255.181.245 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 08:23:35 2018
112.28.9.26 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 112.28.9.26 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 08:29:02 2018
58.20.55.71 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 58.20.55.71 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 08:29:51 2018
111.12.150.75 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 111.12.150.75 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 08:31:06 2018
189.59.69.3 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 189.59.69.3 (BR/Brazil/trevisan.cba.gvt.net.br): 1 in the last 3600 secs - Wed Jul 25 08:33:36 2018
85.89.165.89 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 85.89.165.89 (PL/Poland/staticline52036.toya.net.pl): 1 in the last 3600 secs - Wed Jul 25 08:37:26 2018
111.39.250.51 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 111.39.250.51 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 08:38:15 2018
182.74.92.178 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 182.74.92.178 (IN/India/-): 1 in the last 3600 secs - Wed Jul 25 08:38:52 2018
186.215.199.69 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 186.215.199.69 (BR/Brazil/labimed.static.gvt.net.br): 1 in the last 3600 secs - Wed Jul 25 08:39:36 2018
106.1.59.190 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 106.1.59.190 (TW/Taiwan/-): 1 in the last 3600 secs - Wed Jul 25 08:40:41 2018
60.173.114.254 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 60.173.114.254 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 08:47:47 2018
124.128.25.147 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 124.128.25.147 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 08:48:58 2018
60.2.211.50 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 60.2.211.50 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 09:00:19 2018
41.58.128.164 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 41.58.128.164 (NG/Nigeria/-): 1 in the last 3600 secs - Wed Jul 25 09:00:28 2018
93.116.201.15 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 93.116.201.15 (MD/Republic of Moldova/host-static-93-116-201-15.moldtelecom.md): 1 in the last 3600 secs - Wed Jul 25 09:00:52 2018
213.213.19.90 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 213.213.19.90 (IT/Italy/h213-213-19-90-static.rm1.albacom.net): 1 in the last 3600 secs - Wed Jul 25 09:01:03 2018
67.237.78.130 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 67.237.78.130 (US/United States/nc-67-237-78-130.sta.embarqhsd.net): 1 in the last 3600 secs - Wed Jul 25 09:01:22 2018
61.153.54.38 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 61.153.54.38 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 09:01:33 2018
222.160.126.34 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 222.160.126.34 (CN/China/34.126.160.222.adsl-pool.jlccptt.net.cn): 1 in the last 3600 secs - Wed Jul 25 09:01:47 2018
177.135.103.25 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 177.135.103.25 (BR/Brazil/ciapetro.static.gvt.net.br): 1 in the last 3600 secs - Wed Jul 25 09:02:03 2018
123.85.175.20 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 123.85.175.20 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 09:02:53 2018
60.166.12.117 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 60.166.12.117 (CN/China/mail.iflytek.com): 1 in the last 3600 secs - Wed Jul 25 09:03:32 2018
60.173.69.118 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 60.173.69.118 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 09:03:33 2018
177.47.239.102 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 177.47.239.102 (BR/Brazil/-): 1 in the last 3600 secs - Wed Jul 25 09:04:28 2018
222.92.142.226 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 222.92.142.226 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 09:04:48 2018
182.190.3.182 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 182.190.3.182 (PK/Pakistan/-): 1 in the last 3600 secs - Wed Jul 25 09:05:33 2018
60.172.231.12 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 60.172.231.12 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 09:05:38 2018
196.218.89.190 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 196.218.89.190 (EG/Egypt/host-196.218.89.190-static.tedata.net): 1 in the last 3600 secs - Wed Jul 25 09:06:13 2018
124.65.64.174 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 124.65.64.174 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 09:06:18 2018
125.77.72.197 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 125.77.72.197 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 09:06:48 2018
46.229.65.152 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 46.229.65.152 (RU/Russia/host-46-229-65-152.avantel.ru): 1 in the last 3600 secs - Wed Jul 25 09:06:58 2018
222.173.242.10 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 222.173.242.10 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 09:06:58 2018
221.176.134.36 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 221.176.134.36 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 09:07:37 2018
58.17.221.4 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 58.17.221.4 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 09:07:43 2018
122.97.16.154 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 122.97.16.154 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 09:15:58 2018
111.30.31.176 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 111.30.31.176 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 09:16:53 2018
177.43.247.77 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 177.43.247.77 (BR/Brazil/AMMANN.static.gvt.net.br): 1 in the last 3600 secs - Wed Jul 25 09:17:34 2018
220.164.2.119 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 220.164.2.119 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 09:18:18 2018
120.194.193.7 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 120.194.193.7 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 09:47:01 2018
221.193.214.166 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 221.193.214.166 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 09:47:49 2018
58.210.126.206 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 58.210.126.206 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 09:48:34 2018
222.87.139.44 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 222.87.139.44 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 09:49:34 2018
58.244.173.130 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 58.244.173.130 (CN/China/130.173.244.58.adsl-pool.jlccptt.net.cn): 1 in the last 3600 secs - Wed Jul 25 09:49:40 2018
179.184.23.195 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 179.184.23.195 (BR/Brazil/noize.static.gvt.net.br): 1 in the last 3600 secs - Wed Jul 25 09:50:14 2018
219.154.66.223 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 219.154.66.223 (CN/China/hn.kd.jz.adsl): 1 in the last 3600 secs - Wed Jul 25 09:51:29 2018
197.51.120.169 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 197.51.120.169 (EG/Egypt/host-197.51.120.169.tedata.net): 1 in the last 3600 secs - Wed Jul 25 09:52:39 2018
60.6.214.48 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 60.6.214.48 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 09:53:30 2018
85.70.69.194 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 85.70.69.194 (CZ/Czechia/194.69.broadband3.iol.cz): 1 in the last 3600 secs - Wed Jul 25 09:59:19 2018
221.228.242.13 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 221.228.242.13 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 09:59:25 2018
200.58.160.67 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 200.58.160.67 (BO/Bolivia/static-ip-adsl-200.58.160.67.cotas.com.bo): 1 in the last 3600 secs - Wed Jul 25 10:00:05 2018
61.164.81.210 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 61.164.81.210 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 10:00:10 2018
188.235.6.85 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 188.235.6.85 (RU/Russia/188x235x6x85.static-business.voronezh.ertelecom.ru): 1 in the last 3600 secs - Wed Jul 25 10:00:55 2018
188.129.172.72 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 188.129.172.72 (GE/Georgia/-): 1 in the last 3600 secs - Wed Jul 25 10:01:10 2018
61.163.229.226 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 61.163.229.226 (CN/China/hn.ly.kd.adsl): 1 in the last 3600 secs - Wed Jul 25 10:01:35 2018
220.176.196.40 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 220.176.196.40 (CN/China/40.196.176.220.broad.sr.jx.dynamic.163data.com.cn): 1 in the last 3600 secs - Wed Jul 25 10:01:55 2018
183.233.169.210 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 183.233.169.210 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 10:11:26 2018
1.255.70.114 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 1.255.70.114 (KR/Republic of Korea/-): 1 in the last 3600 secs - Wed Jul 25 10:12:10 2018
177.135.103.107 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 177.135.103.107 (BR/Brazil/brokerlambert.static.gvt.net.br): 1 in the last 3600 secs - Wed Jul 25 10:13:05 2018
179.184.115.3 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 179.184.115.3 (BR/Brazil/allog.static.gvt.net.br): 1 in the last 3600 secs - Wed Jul 25 10:14:15 2018
122.155.202.169 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 122.155.202.169 (TH/Thailand/-): 1 in the last 3600 secs - Wed Jul 25 10:17:41 2018
186.215.199.219 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 186.215.199.219 (BR/Brazil/CARHOUSE.static.gvt.net.br): 1 in the last 3600 secs - Wed Jul 25 10:18:26 2018
188.255.255.163 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 188.255.255.163 (RS/Serbia/free-255-163.mediaworksit.net): 1 in the last 3600 secs - Wed Jul 25 10:19:05 2018
112.23.7.76 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 112.23.7.76 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 10:19:59 2018
218.62.81.94 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 218.62.81.94 (CN/China/94.81.62.218.adsl-pool.jlccptt.net.cn): 1 in the last 3600 secs - Wed Jul 25 10:43:52 2018
61.163.196.149 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 61.163.196.149 (CN/China/hn.ly.kd.adsl): 1 in the last 3600 secs - Wed Jul 25 10:44:42 2018
189.206.125.171 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 189.206.125.171 (MX/Mexico/static-189-206-125-171.alestra.net.mx): 1 in the last 3600 secs - Wed Jul 25 10:45:46 2018
111.59.53.130 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 111.59.53.130 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 10:46:40 2018
169.239.220.35 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 169.239.220.35 (ZA/South Africa/-): 1 in the last 3600 secs - Wed Jul 25 10:50:08 2018
60.14.36.202 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 60.14.36.202 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 10:50:56 2018
61.50.130.146 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 61.50.130.146 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 10:56:52 2018
211.141.190.206 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 211.141.190.206 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 10:57:40 2018
60.2.136.126 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 60.2.136.126 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 10:58:47 2018
178.75.3.120 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 178.75.3.120 (RU/Russia/120.3.75.178.olympus.ru): 1 in the last 3600 secs - Wed Jul 25 11:04:07 2018
195.81.64.102 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 195.81.64.102 (GB/United Kingdom/static-195-81-64-102.irtnet.net): 1 in the last 3600 secs - Wed Jul 25 11:04:57 2018
112.91.58.238 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 112.91.58.238 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 11:05:02 2018
221.130.130.238 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 221.130.130.238 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 11:05:55 2018
186.215.198.137 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 186.215.198.137 (BR/Brazil/podal.static.gvt.net.br): 1 in the last 3600 secs - Wed Jul 25 11:06:07 2018
113.204.147.26 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 113.204.147.26 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 11:06:13 2018
218.201.101.172 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 218.201.101.172 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 11:07:22 2018
5.101.8.11 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 5.101.8.11 (RU/Russia/5-101-8-11.umnyeseti.ru): 1 in the last 3600 secs - Wed Jul 25 11:08:32 2018
186.215.143.177 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 186.215.143.177 (BR/Brazil/eletronor.static.gvt.net.br): 1 in the last 3600 secs - Wed Jul 25 11:09:12 2018
177.19.165.26 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 177.19.165.26 (BR/Brazil/ciriex-abus.pae.gvt.net.br): 1 in the last 3600 secs - Wed Jul 25 11:14:03 2018
110.123.44.6 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 110.123.44.6 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 11:14:47 2018
177.159.122.251 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 177.159.122.251 (BR/Brazil/funeraria.static.gvt.net.br): 1 in the last 3600 secs - Wed Jul 25 11:15:42 2018
36.67.61.165 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 36.67.61.165 (ID/Indonesia/-): 1 in the last 3600 secs - Wed Jul 25 11:16:06 2018
177.43.251.153 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 177.43.251.153 (BR/Brazil/bancossociais.static.gvt.net.br): 1 in the last 3600 secs - Wed Jul 25 11:17:07 2018
112.24.103.242 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 112.24.103.242 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 11:18:59 2018
220.225.7.55 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 220.225.7.55 (IN/India/-): 1 in the last 3600 secs - Wed Jul 25 11:19:37 2018
112.179.229.247 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 112.179.229.247 (KR/Republic of Korea/-): 1 in the last 3600 secs - Wed Jul 25 11:29:08 2018
58.20.185.12 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 58.20.185.12 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 11:29:58 2018
112.16.203.48 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 112.16.203.48 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 11:30:54 2018
200.175.104.101 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 200.175.104.101 (BR/Brazil/sulmedhospitalar.static.gvt.net.br): 1 in the last 3600 secs - Wed Jul 25 11:31:33 2018
221.210.83.24 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 221.210.83.24 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 11:32:18 2018
41.210.223.10 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 41.210.223.10 (AO/Angola/41-210-223-10.movinet3g.co.ao): 1 in the last 3600 secs - Wed Jul 25 11:33:08 2018
186.249.13.250 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 186.249.13.250 (BR/Brazil/250-13-249-186.telbrax.net.br): 1 in the last 3600 secs - Wed Jul 25 11:42:44 2018
125.32.1.146 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 125.32.1.146 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 11:43:29 2018
124.165.232.138 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 124.165.232.138 (CN/China/138.232.165.124.adsl-pool.sx.cn): 1 in the last 3600 secs - Wed Jul 25 11:44:08 2018
218.57.142.194 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 218.57.142.194 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 11:44:59 2018
218.107.49.71 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 218.107.49.71 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 11:45:49 2018
182.131.125.7 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 182.131.125.7 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 11:53:29 2018
139.199.72.40 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 139.199.72.40 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 11:54:16 2018
111.206.163.56 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 111.206.163.56 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 11:54:54 2018
221.12.137.6 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 221.12.137.6 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 11:56:09 2018
118.223.102.130 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 118.223.102.130 (KR/Republic of Korea/-): 1 in the last 3600 secs - Wed Jul 25 11:59:49 2018
94.253.8.118 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 94.253.8.118 (RU/Russia/-): 1 in the last 3600 secs - Wed Jul 25 12:00:34 2018
112.16.58.21 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 112.16.58.21 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 12:01:31 2018
187.58.134.87 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 187.58.134.87 (BR/Brazil/187.58.134.87.static.host.gvt.net.br): 1 in the last 3600 secs - Wed Jul 25 12:02:14 2018
213.57.176.22 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 213.57.176.22 (IL/Israel/dynamic-213-57-176-22.hotnet.net.il): 1 in the last 3600 secs - Wed Jul 25 12:13:05 2018
41.41.192.157 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 41.41.192.157 (EG/Egypt/host-41.41.192.157.tedata.net): 1 in the last 3600 secs - Wed Jul 25 12:13:44 2018
61.37.150.6 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 61.37.150.6 (KR/Republic of Korea/-): 1 in the last 3600 secs - Wed Jul 25 12:14:35 2018
58.242.164.10 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 58.242.164.10 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 12:15:25 2018
59.39.92.162 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 59.39.92.162 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 12:16:10 2018
60.2.101.221 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 60.2.101.221 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 12:34:21 2018
58.215.78.97 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 58.215.78.97 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 12:35:30 2018
103.249.236.34 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 103.249.236.34 (IN/India/-): 1 in the last 3600 secs - Wed Jul 25 12:36:11 2018
195.162.172.130 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 195.162.172.130 (CH/Switzerland/-): 1 in the last 3600 secs - Wed Jul 25 12:37:20 2018
220.225.7.22 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 220.225.7.22 (IN/India/-): 1 in the last 3600 secs - Wed Jul 25 12:38:05 2018
124.129.30.246 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 124.129.30.246 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 12:38:51 2018
112.26.80.46 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 112.26.80.46 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 12:40:35 2018
197.45.169.204 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 197.45.169.204 (EG/Egypt/host-197.45.169.204.tedata.net): 1 in the last 3600 secs - Wed Jul 25 12:41:20 2018
218.93.232.166 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 218.93.232.166 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 12:45:11 2018
58.42.251.184 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 58.42.251.184 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 12:45:56 2018
121.128.135.73 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 121.128.135.73 (KR/Republic of Korea/-): 1 in the last 3600 secs - Wed Jul 25 12:46:41 2018
85.84.203.9 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 85.84.203.9 (ES/Spain/9.85-84-203.dynamic.clientes.euskaltel.es): 1 in the last 3600 secs - Wed Jul 25 12:47:21 2018
110.80.33.226 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 110.80.33.226 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 12:47:51 2018
120.209.71.14 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 120.209.71.14 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 12:48:16 2018
61.177.60.140 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 61.177.60.140 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 12:49:16 2018
202.137.141.81 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 202.137.141.81 (LA/Laos/-): 1 in the last 3600 secs - Wed Jul 25 12:52:51 2018
186.215.130.242 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 186.215.130.242 (BR/Brazil/joice.static.gvt.net.br): 1 in the last 3600 secs - Wed Jul 25 12:53:46 2018
222.33.117.102 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 222.33.117.102 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 12:54:51 2018
218.22.180.146 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 218.22.180.146 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 12:55:51 2018
117.6.79.192 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 117.6.79.192 (VN/Vietnam/-): 1 in the last 3600 secs - Wed Jul 25 12:55:51 2018
125.46.81.195 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 125.46.81.195 (CN/China/hn.kd.ny.adsl): 1 in the last 3600 secs - Wed Jul 25 12:56:41 2018
182.106.216.4 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 182.106.216.4 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 12:56:41 2018
220.168.205.16 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 220.168.205.16 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 12:57:21 2018
111.38.216.5 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 111.38.216.5 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 12:57:35 2018
218.201.79.71 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 218.201.79.71 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 12:58:15 2018
218.28.164.218 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 218.28.164.218 (CN/China/pc0.zz.ha.cn): 1 in the last 3600 secs - Wed Jul 25 13:08:56 2018
123.232.125.198 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 123.232.125.198 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 13:09:23 2018
109.226.23.26 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 109.226.23.26 (IL/Israel/static.109.226.23.26.ccc.net.il): 1 in the last 3600 secs - Wed Jul 25 13:09:42 2018
82.212.83.154 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 82.212.83.154 (JO/Hashemite Kingdom of Jordan/-): 1 in the last 3600 secs - Wed Jul 25 13:10:32 2018
61.232.0.130 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 61.232.0.130 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 13:10:32 2018
58.22.194.44 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 58.22.194.44 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 13:11:22 2018
218.90.146.246 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 218.90.146.246 (CN/China/mail.gqcpa.com): 1 in the last 3600 secs - Wed Jul 25 13:12:17 2018
118.163.135.18 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 118.163.135.18 (TW/Taiwan/118-163-135-18.HINET-IP.hinet.net): 1 in the last 3600 secs - Wed Jul 25 13:13:22 2018
220.175.154.205 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 220.175.154.205 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 13:15:57 2018
123.7.54.235 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 123.7.54.235 (CN/China/hn.kd.ny.adsl): 1 in the last 3600 secs - Wed Jul 25 13:16:42 2018
190.13.106.112 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 190.13.106.112 (CO/Colombia/-): 1 in the last 3600 secs - Wed Jul 25 13:18:02 2018
31.209.5.124 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 31.209.5.124 (SE/Sweden/31-209-5-124.cust.bredband2.com): 1 in the last 3600 secs - Wed Jul 25 13:18:22 2018
183.64.166.163 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 183.64.166.163 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 13:18:57 2018
220.165.149.168 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 220.165.149.168 (CN/China/168.149.165.220.broad.lc.yn.dynamic.163data.com.cn): 1 in the last 3600 secs - Wed Jul 25 13:19:22 2018
221.10.230.228 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 221.10.230.228 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 13:20:13 2018
183.65.17.118 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 183.65.17.118 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 13:20:57 2018
213.141.135.133 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 213.141.135.133 (RU/Russia/ip-213-141-135-133.bb.netbynet.ru): 1 in the last 3600 secs - Wed Jul 25 13:24:23 2018
60.174.117.67 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 60.174.117.67 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 13:25:08 2018
60.6.227.95 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 60.6.227.95 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 13:25:38 2018
218.28.171.213 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 218.28.171.213 (CN/China/pc0.zz.ha.cn): 1 in the last 3600 secs - Wed Jul 25 13:25:52 2018
60.212.42.56 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 60.212.42.56 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 13:26:28 2018
61.145.228.110 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 61.145.228.110 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 13:26:28 2018
183.161.35.38 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 183.161.35.38 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 13:26:47 2018
221.0.194.23 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 221.0.194.23 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 13:26:48 2018
168.103.20.54 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 168.103.20.54 (US/United States/-): 1 in the last 3600 secs - Wed Jul 25 13:27:03 2018
119.6.162.142 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 119.6.162.142 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 13:27:18 2018
60.28.131.10 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 60.28.131.10 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 13:27:42 2018
218.23.49.154 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 218.23.49.154 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 13:27:48 2018
223.72.168.150 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 223.72.168.150 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 13:27:49 2018
114.119.10.171 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 114.119.10.171 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 13:28:03 2018
122.224.135.138 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 122.224.135.138 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 13:28:23 2018
60.29.145.218 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 60.29.145.218 (CN/China/no-data): 1 in the last 3600 secs - Wed Jul 25 13:28:48 2018
220.164.2.122 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 220.164.2.122 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 13:29:18 2018
189.114.67.195 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 189.114.67.195 (BR/Brazil/levemonte.pae.gvt.net.br): 1 in the last 3600 secs - Wed Jul 25 13:29:58 2018
60.173.143.222 # lfd: (myimapldap143match) Failed IMAP via LDAP port 143 login from 60.173.143.222 (CN/China/-): 1 in the last 3600 secs - Wed Jul 25 13:29:58 2018

And also I see a pattern on an average 4 attempts per minute, or so ... I've tweaked my COS to 8 / 5 mins to block an account in order not to allow the account being blocked so often.

I also receive an email on a external account for every block that happens ...
I'm thinking of removing the CSF rule and see what Zimbra will deal with this sort of attack on its own ...
Or, simply let the attack finishes ... but if this is a dictionary attack, on a given time the will probably crack one of the accounts ... I've some older persons that keep insisting on using simples PWDs ...

But I'm not overlooking this, I'm studying it, learning with it, and see what I can improve on my systems.

What do you think guys ?? Any CC's ??

Regards.
JG
User avatar
ccelis5215
Outstanding Member
Outstanding Member
Posts: 632
Joined: Sat Sep 13, 2014 2:04 am
Location: Caracas - Venezuela
ZCS/ZD Version: 8.8.15.GA.3869.UBUNTU18.64 P12

Re: Dictionary attack via IMAP ??

Post by ccelis5215 »

jasggomes wrote:I also receive an email on a external account for every block that happens ...
I'm thinking of removing the CSF rule and see what Zimbra will deal with this sort of attack on its own ...
Hi, let the CSF working and don't waste Zimbra resources.

ccelis
User avatar
jasggomes
Advanced member
Advanced member
Posts: 90
Joined: Sat Sep 13, 2014 12:59 am
Location: Lisbon, PT
ZCS/ZD Version: Release 8.7.11.GA.1854.UBUNTU14.64
Contact:

Re: Dictionary attack via IMAP ??

Post by jasggomes »

ccelis5215 wrote:
jasggomes wrote:I also receive an email on a external account for every block that happens ...
I'm thinking of removing the CSF rule and see what Zimbra will deal with this sort of attack on its own ...
Hi, let the CSF working and don't waste Zimbra resources.

ccelis
Thank you for your reply.

Last Friday I just closed the 143 external port using PFSense, and it stopped.
I couldn't find any other way of stopping it, and at this rate, probably one of the simplest passwords would be discovered.

Regards.

JG
User avatar
zimico
Outstanding Member
Outstanding Member
Posts: 225
Joined: Mon Nov 14, 2016 8:03 am
Location: Vietnam
ZCS/ZD Version: 8.8.15 P3
Contact:

Re: Dictionary attack via IMAP ??

Post by zimico »

I have the same kind of attack now from India, about 20-30 connections per hours. DosFilter recognizes this access but user is still locked out. (Hence, I have to increase the number of login failure and change to very complex password).
Minh
User avatar
stefaniu.criste
Posts: 41
Joined: Wed Feb 12, 2014 5:40 am
Location: Romania
ZCS/ZD Version: 8.8.8_GA_1728 20180614052922 201806
Contact:

Re: Dictionary attack via IMAP ??

Post by stefaniu.criste »

Besides this, wherever possible, use the 2 factor authentication feature.
Stefaniu Criste - managing partner
Hangar Hosting - a safe place for your business
proudly delivering Zimbra services in Romania
Post Reply