SMTP Audit / Compromised account detection
Idea shared by thnetcoder - 12/19/2014 at 7:02 AM
Completed
My company created an internal system to detect compromised accounts in real time. We call it 'SMTPAudit' and we have released it as a free hosted service available at https://smtpaudit.com. It logs all of your authentication sessions to a web service, determines the IP address, the country the IP address is from, and allows you to query the data. You can then optionally configure the alerting feature that allows you to be notified of authentications from countries outside of your user base as well as alerts for accounts authenticating from too many unique IP addresses. 
 
The whole purpose of this project is to find compromised accounts that are in use by spammer botnets. The new tactic being used by spammers is to send very low volumes of spam so that it does not trigger other alerting methods. The only way we've found to catch these issues is to find accounts authenticating from countries outside of the user base or that use too many unique IP addresses.
 
The project is in active development and we look forward to any comments or feature requests that can help improve the usefulness to system admins.
 
Our software is different than other log analyzers in that logs are analyzed in near real time and reported to a hosted service for analyis against rules you have defined. It has provided our system admins with peace of mind and a huge time savings.
SMTPAudit.com - A free real time SMTP log file analysis / auditing / alerting service focusing on detection of compromised accounts in use by spammer botnets.

3 Replies

Reply to Thread
0
I'm interested in taking a look at this but I see that it sends data to your servers. That's a violation of our policies, but I'm interested in your policy. Do you data mine to use the information collected for any other purpose or provide any data to any third parties?

Thanks,
-Joe
Thanks,
-Joe
0
I typed out a nice detailed response to your question but it seems to have disappeared after i clicked to post it.

To answer your question, we do not data mine or otherwise share any of the information collected. It's not made very clear on the website but we only store data for 7 days maximum at this time.
SMTPAudit.com - A free real time SMTP log file analysis / auditing / alerting service focusing on detection of compromised accounts in use by spammer botnets.
0
Would be nice to see this integrated into SM!
 

Reply to Thread