Back to Community Threads
2
Blacklist range of IPs... not blocking the entire range
Problem reported by Rod Strumbel - 12/3/2019 at 7:31 AM
Submitted
So on 11/21/19 I blacklisted   46.38.144.0 - 46.38.144.255   because over 80 IPs in that range were using dictionary attacks against our SM machine.

Yet today (12/3/19) I am still seeing hacking attempts from   46.38.144.17,  46.38.144.32,  46.38.144.57

They are not getting thru, but still my understanding is that the blacklist should be dropping connections from these IPs IMMEDIATELY and not even communicate with them.  So... I should not be seeing all these attempts.

Something wrong with the blacklist when specifying a range like the above?

Rod

1 Reply

Reply to Thread
0
Rod Strumbel Replied
12/3/2019 at 7:37 AM
In fact... I just ran across a single IP instance doing the same thing.

This one was detected by IDS    92.118.38.38  ( no date applied info, which is something missing IMO when these get shifted from IDS listing to blacklisted)

But I am still seeing hacking on that same IP in last nights log file analysis... obvious dictionary attack.

Something is up with the blacklist process not really blacklisting.

Rod
Back to Community Threads

Reply to Thread

Related Knowledge Base Articles

Find a Compromised AccountSmarterMail > Troubleshooting
554 Error - MTA Poor Reputation FixesSmarterMail > Troubleshooting
Configure SmarterMail as a Free Gateway ServerSmarterMail > Server Configuration and Management
Slow 250 response after Mail From command is issued during an SMTP session.SmarterMail > Troubleshooting
Recommended SPAM SettingsSmarterMail > Antispam and Antivirus