邮件服务器-邮件系统-邮件技术论坛(BBS)

标题: pop 日志中显示恶意尝试帐户和密码 [打印本页]

---

作者: maxwell    时间: 2008-6-20 10:10
标题: pop 日志中显示恶意尝试帐户和密码
邮件系统MD
在查询pop日志记录的时候，发现如下日志记录：
Mon 2008-06-16 09:31:07: ----------
Mon 2008-06-16 09:31:09: Session 8434; child 2
Mon 2008-06-16 09:31:08: Accepting POP connection from [216.147.161.7 : 63226]
Mon 2008-06-16 09:31:08: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:08: <-- USER root
Mon 2008-06-16 09:31:08: --> +OK root... User ok
Mon 2008-06-16 09:31:09: <-- PASS ******
Mon 2008-06-16 09:31:09: --> -ERR access denied
Mon 2008-06-16 09:31:09: POP session terminated, (Bytes in/out: 22/71)
Mon 2008-06-16 09:31:09: ----------
Mon 2008-06-16 09:31:09: Session 8435; child 3
Mon 2008-06-16 09:31:08: Accepting POP connection from [216.147.161.7 : 63228]
Mon 2008-06-16 09:31:08: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:08: <-- USER admin
Mon 2008-06-16 09:31:08: --> +OK admin... User ok
Mon 2008-06-16 09:31:09: <-- PASS ******
Mon 2008-06-16 09:31:09: --> -ERR access denied
Mon 2008-06-16 09:31:09: POP session terminated, (Bytes in/out: 24/72)
Mon 2008-06-16 09:31:09: ----------
Mon 2008-06-16 09:31:09: Session 8436; child 4
Mon 2008-06-16 09:31:08: Accepting POP connection from [216.147.161.7 : 63230]
Mon 2008-06-16 09:31:08: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:08: <-- USER webmaster
Mon 2008-06-16 09:31:08: --> +OK webmaster... User ok
Mon 2008-06-16 09:31:09: <-- PASS ******
Mon 2008-06-16 09:31:09: --> -ERR access denied
Mon 2008-06-16 09:31:09: POP session terminated, (Bytes in/out: 32/76)
Mon 2008-06-16 09:31:09: ----------
Mon 2008-06-16 09:31:09: Session 8437; child 5
Mon 2008-06-16 09:31:08: Accepting POP connection from [216.147.161.7 : 63234]
Mon 2008-06-16 09:31:08: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:09: <-- USER user
Mon 2008-06-16 09:31:09: --> +OK user... User ok
Mon 2008-06-16 09:31:09: <-- PASS ******
Mon 2008-06-16 09:31:09: --> -ERR access denied
Mon 2008-06-16 09:31:09: POP session terminated, (Bytes in/out: 22/71)
Mon 2008-06-16 09:31:09: ----------
Mon 2008-06-16 09:31:09: Session 8438; child 6
Mon 2008-06-16 09:31:08: Accepting POP connection from [216.147.161.7 : 63236]
Mon 2008-06-16 09:31:08: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:09: <-- USER test
Mon 2008-06-16 09:31:09: --> +OK test... User ok
Mon 2008-06-16 09:31:09: <-- PASS ******
Mon 2008-06-16 09:31:09: --> -ERR access denied
Mon 2008-06-16 09:31:09: POP session terminated, (Bytes in/out: 22/71)
Mon 2008-06-16 09:31:09: ----------
Mon 2008-06-16 09:31:09: Session 8439; child 7
Mon 2008-06-16 09:31:08: Accepting POP connection from [216.147.161.7 : 63237]
Mon 2008-06-16 09:31:08: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:09: <-- USER web
Mon 2008-06-16 09:31:09: --> +OK web... User ok
Mon 2008-06-16 09:31:09: <-- PASS ******
Mon 2008-06-16 09:31:09: --> -ERR access denied
Mon 2008-06-16 09:31:09: POP session terminated, (Bytes in/out: 20/70)
Mon 2008-06-16 09:31:09: ----------
Mon 2008-06-16 09:31:09: Session 8440; child 8
Mon 2008-06-16 09:31:08: Accepting POP connection from [216.147.161.7 : 63239]
Mon 2008-06-16 09:31:08: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:09: <-- USER www
Mon 2008-06-16 09:31:09: --> +OK www... User ok
Mon 2008-06-16 09:31:09: <-- PASS ******
Mon 2008-06-16 09:31:09: --> -ERR access denied
Mon 2008-06-16 09:31:09: POP session terminated, (Bytes in/out: 20/70)
Mon 2008-06-16 09:31:09: ----------
Mon 2008-06-16 09:31:09: Session 8441; child 9
Mon 2008-06-16 09:31:09: Accepting POP connection from [216.147.161.7 : 63241]
Mon 2008-06-16 09:31:09: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:09: <-- USER administrator
Mon 2008-06-16 09:31:09: --> +OK administrator... User ok
Mon 2008-06-16 09:31:09: <-- PASS ******
Mon 2008-06-16 09:31:09: --> -ERR access denied
Mon 2008-06-16 09:31:09: POP session terminated, (Bytes in/out: 40/80)
Mon 2008-06-16 09:31:09: ----------
Mon 2008-06-16 09:31:09: Session 8442; child 9
Mon 2008-06-16 09:31:09: Accepting POP connection from [216.147.161.7 : 63243]
Mon 2008-06-16 09:31:09: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:09: <-- USER oracle
Mon 2008-06-16 09:31:09: --> +OK oracle... User ok
Mon 2008-06-16 09:31:09: <-- PASS ******
Mon 2008-06-16 09:31:09: --> -ERR access denied
Mon 2008-06-16 09:31:09: POP session terminated, (Bytes in/out: 26/73)
Mon 2008-06-16 09:31:09: ----------
Mon 2008-06-16 09:31:10: Session 8443; child 8
Mon 2008-06-16 09:31:09: Accepting POP connection from [216.147.161.7 : 63244]
Mon 2008-06-16 09:31:09: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:09: <-- USER sybase
Mon 2008-06-16 09:31:09: --> +OK sybase... User ok
Mon 2008-06-16 09:31:10: <-- PASS ******
Mon 2008-06-16 09:31:10: --> -ERR access denied
Mon 2008-06-16 09:31:10: POP session terminated, (Bytes in/out: 26/73)
Mon 2008-06-16 09:31:10: ----------
Mon 2008-06-16 09:31:10: Session 8446; child 8
Mon 2008-06-16 09:31:09: Accepting POP connection from [216.147.161.7 : 63249]
Mon 2008-06-16 09:31:09: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:10: <-- USER backup
Mon 2008-06-16 09:31:10: --> +OK backup... User ok
Mon 2008-06-16 09:31:10: <-- PASS ******
Mon 2008-06-16 09:31:10: --> -ERR access denied
Mon 2008-06-16 09:31:10: POP session terminated, (Bytes in/out: 26/73)
Mon 2008-06-16 09:31:10: ----------
Mon 2008-06-16 09:31:10: Session 8444; child 8
Mon 2008-06-16 09:31:09: Accepting POP connection from [216.147.161.7 : 63247]
Mon 2008-06-16 09:31:09: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:10: <-- USER informix
Mon 2008-06-16 09:31:10: --> +OK informix... User ok
Mon 2008-06-16 09:31:10: <-- PASS ******
Mon 2008-06-16 09:31:10: --> -ERR access denied
Mon 2008-06-16 09:31:10: POP session terminated, (Bytes in/out: 30/75)
Mon 2008-06-16 09:31:10: ----------
Mon 2008-06-16 09:31:10: Session 8445; child 9
Mon 2008-06-16 09:31:09: Accepting POP connection from [216.147.161.7 : 63248]
Mon 2008-06-16 09:31:09: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:10: <-- USER oracle8
Mon 2008-06-16 09:31:10: --> +OK oracle8... User ok
Mon 2008-06-16 09:31:10: <-- PASS ******
Mon 2008-06-16 09:31:10: --> -ERR access denied
Mon 2008-06-16 09:31:10: POP session terminated, (Bytes in/out: 28/74)
Mon 2008-06-16 09:31:10: ----------
Mon 2008-06-16 09:31:10: Session 8447; child 8
Mon 2008-06-16 09:31:09: Accepting POP connection from [216.147.161.7 : 63252]
Mon 2008-06-16 09:31:09: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:10: <-- USER lizdy
Mon 2008-06-16 09:31:10: --> +OK lizdy... User ok
Mon 2008-06-16 09:31:10: <-- PASS ******
Mon 2008-06-16 09:31:10: --> -ERR access denied
Mon 2008-06-16 09:31:10: POP session terminated, (Bytes in/out: 24/72)
Mon 2008-06-16 09:31:10: ----------
Mon 2008-06-16 09:31:10: Session 8449; child 8
Mon 2008-06-16 09:31:09: Accepting POP connection from [216.147.161.7 : 63260]
Mon 2008-06-16 09:31:09: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:10: <-- USER data
Mon 2008-06-16 09:31:10: --> +OK data... User ok
Mon 2008-06-16 09:31:10: <-- PASS ******
Mon 2008-06-16 09:31:10: --> -ERR access denied
Mon 2008-06-16 09:31:10: POP session terminated, (Bytes in/out: 22/71)
Mon 2008-06-16 09:31:10: ----------
Mon 2008-06-16 09:31:10: Session 8450; child 9
Mon 2008-06-16 09:31:10: Accepting POP connection from [216.147.161.7 : 63261]
Mon 2008-06-16 09:31:10: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:10: <-- USER root
Mon 2008-06-16 09:31:10: --> +OK root... User ok
Mon 2008-06-16 09:31:10: <-- PASS ******
Mon 2008-06-16 09:31:10: --> -ERR access denied
Mon 2008-06-16 09:31:10: POP session terminated, (Bytes in/out: 24/71)
Mon 2008-06-16 09:31:10: ----------
Mon 2008-06-16 09:31:10: Session 8451; child 10
Mon 2008-06-16 09:31:10: Accepting POP connection from [216.147.161.7 : 63263]
Mon 2008-06-16 09:31:10: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:10: <-- USER admin
Mon 2008-06-16 09:31:10: --> +OK admin... User ok
Mon 2008-06-16 09:31:10: <-- PASS ******
Mon 2008-06-16 09:31:10: --> -ERR access denied
Mon 2008-06-16 09:31:10: POP session terminated, (Bytes in/out: 26/72)
Mon 2008-06-16 09:31:10: ----------
Mon 2008-06-16 09:31:10: Session 8448; child 9
Mon 2008-06-16 09:31:09: Accepting POP connection from [216.147.161.7 : 63256]
Mon 2008-06-16 09:31:09: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:10: <-- USER server
Mon 2008-06-16 09:31:10: --> +OK server... User ok
Mon 2008-06-16 09:31:10: <-- PASS ******
Mon 2008-06-16 09:31:10: --> -ERR access denied
Mon 2008-06-16 09:31:10: POP session terminated, (Bytes in/out: 26/73)
Mon 2008-06-16 09:31:10: ----------
Mon 2008-06-16 09:31:11: Session 8453; child 11
Mon 2008-06-16 09:31:10: Accepting POP connection from [216.147.161.7 : 63267]
Mon 2008-06-16 09:31:10: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:10: <-- USER access
Mon 2008-06-16 09:31:10: --> +OK access... User ok
Mon 2008-06-16 09:31:11: <-- PASS ******
Mon 2008-06-16 09:31:11: --> -ERR access denied
Mon 2008-06-16 09:31:11: POP session terminated, (Bytes in/out: 26/73)
Mon 2008-06-16 09:31:11: ----------
Mon 2008-06-16 09:31:11: Session 8452; child 10
Mon 2008-06-16 09:31:10: Accepting POP connection from [216.147.161.7 : 63264]
Mon 2008-06-16 09:31:10: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:10: <-- USER account
Mon 2008-06-16 09:31:10: --> +OK account... User ok
Mon 2008-06-16 09:31:11: <-- PASS ******
Mon 2008-06-16 09:31:11: --> -ERR access denied
Mon 2008-06-16 09:31:11: POP session terminated, (Bytes in/out: 28/74)
Mon 2008-06-16 09:31:11: ----------
Mon 2008-06-16 09:31:11: Session 8454; child 12
Mon 2008-06-16 09:31:10: Accepting POP connection from [216.147.161.7 : 63270]
Mon 2008-06-16 09:31:10: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:10: <-- USER pwrchute
Mon 2008-06-16 09:31:10: --> +OK pwrchute... User ok
Mon 2008-06-16 09:31:11: <-- PASS ******
Mon 2008-06-16 09:31:11: --> -ERR access denied
Mon 2008-06-16 09:31:11: POP session terminated, (Bytes in/out: 30/75)
Mon 2008-06-16 09:31:11: ----------
Mon 2008-06-16 09:31:11: Session 8455; child 12
Mon 2008-06-16 09:31:10: Accepting POP connection from [216.147.161.7 : 63274]
Mon 2008-06-16 09:31:10: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:11: <-- USER test
Mon 2008-06-16 09:31:11: --> +OK test... User ok
Mon 2008-06-16 09:31:11: <-- PASS ******
Mon 2008-06-16 09:31:11: --> -ERR access denied
Mon 2008-06-16 09:31:11: POP session terminated, (Bytes in/out: 24/71)
Mon 2008-06-16 09:31:11: ----------
Mon 2008-06-16 09:31:11: Session 8456; child 12
Mon 2008-06-16 09:31:10: Accepting POP connection from [216.147.161.7 : 63276]
Mon 2008-06-16 09:31:10: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:11: <-- USER web
Mon 2008-06-16 09:31:11: --> +OK web... User ok
Mon 2008-06-16 09:31:11: <-- PASS ******
Mon 2008-06-16 09:31:11: --> -ERR access denied
Mon 2008-06-16 09:31:11: POP session terminated, (Bytes in/out: 22/70)
Mon 2008-06-16 09:31:11: ----------
Mon 2008-06-16 09:31:11: Session 8458; child 10
Mon 2008-06-16 09:31:10: Accepting POP connection from [216.147.161.7 : 63285]
Mon 2008-06-16 09:31:10: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:11: <-- USER administrator
Mon 2008-06-16 09:31:11: --> +OK administrator... User ok
Mon 2008-06-16 09:31:11: <-- PASS ******
Mon 2008-06-16 09:31:11: --> -ERR access denied
Mon 2008-06-16 09:31:11: POP session terminated, (Bytes in/out: 42/80)
Mon 2008-06-16 09:31:11: ----------
Mon 2008-06-16 09:31:11: Session 8457; child 11
Mon 2008-06-16 09:31:10: Accepting POP connection from [216.147.161.7 : 63279]
Mon 2008-06-16 09:31:10: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:11: <-- USER www
Mon 2008-06-16 09:31:11: --> +OK www... User ok
Mon 2008-06-16 09:31:11: <-- PASS ******
Mon 2008-06-16 09:31:11: --> -ERR access denied
Mon 2008-06-16 09:31:11: POP session terminated, (Bytes in/out: 22/70)
Mon 2008-06-16 09:31:11: ----------
Mon 2008-06-16 09:31:11: Session 8459; child 10
Mon 2008-06-16 09:31:10: Accepting POP connection from [216.147.161.7 : 63286]
Mon 2008-06-16 09:31:10: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:11: <-- USER oracle
Mon 2008-06-16 09:31:11: --> +OK oracle... User ok
Mon 2008-06-16 09:31:11: <-- PASS ******
Mon 2008-06-16 09:31:11: --> -ERR access denied
Mon 2008-06-16 09:31:11: POP session terminated, (Bytes in/out: 28/73)
Mon 2008-06-16 09:31:11: ----------
Mon 2008-06-16 09:31:11: Session 8460; child 10
Mon 2008-06-16 09:31:10: Accepting POP connection from [216.147.161.7 : 63288]
Mon 2008-06-16 09:31:10: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:11: <-- USER sybase
Mon 2008-06-16 09:31:11: --> +OK sybase... User ok
Mon 2008-06-16 09:31:11: <-- PASS ******
Mon 2008-06-16 09:31:11: --> -ERR access denied
Mon 2008-06-16 09:31:11: POP session terminated, (Bytes in/out: 28/73)
Mon 2008-06-16 09:31:11: ----------


怎样杜绝或者限制这样的ip地址呀？


另外还有一个问题，就是有用户反映有时候通过web方式使用邮件系统的时候，出现“请求会话的IP地址不合法”，怎样解决呀？

还有一个问题，就是我想看看用户通过web方式访问邮箱的一些日志信息，从那个日志文件可以看到呀，我在日志文件中找到有个IMAP的log文件，但是里面没有内容，要怎么设置再那里可以看到？

[ 本帖最后由 maxwell 于 2008-6-20 10:29 编辑 ]

---

作者: wxhsh    时间: 2008-6-20 11:28
1.这个没啥办法，所以MD加了个强密码验证的功能。不过一般也只能重试3次。
2.这个到如下设置，但会有安全风险
[attach]5034[/attach]
去除此选项
3.WorldClient.log

---

作者: maxwell    时间: 2008-6-21 19:14
标题: 回复 2楼 的帖子
谢谢你的回复，第一个我通过web尝试一个用户名，可以尝试很多次呀，好像没有三次限制。MD里面没有看到WorldClient.log这个日志呀

---

作者: wxhsh    时间: 2008-6-23 11:27
1.我指的是POP方式下的重试次数，你的问题也是说POP日志。
2.应该是有的吧，没有的话检查下，设置-日志选项：
[attach]5054[/attach]

---

作者: maxwell    时间: 2008-6-24 21:31
非常感谢，记录到了http的日志，通过测试尝试通过web方式访问发送邮件，WorldClient.log有日志记录，但是我尝试通过web方式删除邮件，并清空已删除邮件，WorldClient.log里面感觉没有记录相关信息，烦请指教

---

欢迎光临 邮件服务器-邮件系统-邮件技术论坛(BBS) (http://news.5dmail.net/bbs/)

Powered by Discuz! X3.2