Best Way to Stop a Spam Attack

In watching my mail logs, I'm seeing pages and pages of smtp login failures.  

I know somebody is just cycling through passwords to try to break into my account (a couple of weeks ago one of my clients had used a weak password on an "orders" account which allowed someone to gain access and send out a bunch of spam.  

What is the best way to stop these? Do I just block that IP for a while. What if that IP is from location where there are valide people attempting to get to my site, do I block them out as well?  Any thoughts would be appreciated.

The following is a listing of ten seconds worth of log lines.


Oct 18 15:51:40 mydom smtp_auth: SMTP connect from unknown [46.149.111.93]
Oct 18 15:51:40 mydom smtp_auth: FAILED: www - password incorrect from (null) [46.149.111.93]
Oct 18 15:51:41 mydom smtp_auth: SMTP connect from unknown [46.149.111.93]
Oct 18 15:51:41 mydom smtp_auth: FAILED: www - password incorrect from (null) [46.149.111.93]
Oct 18 15:51:41 mydom smtp_auth: SMTP connect from unknown [46.149.111.93]
Oct 18 15:51:41 mydom smtp_auth: FAILED: www - password incorrect from (null) [46.149.111.93]
Oct 18 15:51:42 mydom smtp_auth: SMTP connect from unknown [46.149.111.93]
Oct 18 15:51:42 mydom smtp_auth: FAILED: www - password incorrect from (null) [46.149.111.93]
Oct 18 15:51:43 mydom smtp_auth: SMTP connect from unknown [46.149.111.93]
Oct 18 15:51:43 mydom smtp_auth: FAILED: www - password incorrect from (null) [46.149.111.93]
Oct 18 15:51:44 mydom smtp_auth: SMTP connect from unknown [46.149.111.93]
Oct 18 15:51:44 mydom smtp_auth: FAILED: www - password incorrect from (null) [46.149.111.93]
Oct 18 15:51:45 mydom smtp_auth: SMTP connect from unknown [46.149.111.93]
Oct 18 15:51:45 mydom smtp_auth: FAILED: www - password incorrect from (null) [46.149.111.93]
Oct 18 15:51:46 mydom smtp_auth: SMTP connect from unknown [46.149.111.93]
Oct 18 15:51:46 mydom smtp_auth: FAILED: www - password incorrect from (null) [46.149.111.93]
Oct 18 15:51:46 mydom smtp_auth: SMTP connect from unknown [46.149.111.93]
Oct 18 15:51:46 mydom smtp_auth: FAILED: www - password incorrect from (null) [46.149.111.93]
Oct 18 15:51:47 mydom smtp_auth: SMTP connect from unknown [46.149.111.93]
Oct 18 15:51:47 mydom smtp_auth: FAILED: www - password incorrect from (null) [46.149.111.93]
Oct 18 15:51:48 mydom smtp_auth: SMTP connect from unknown [46.149.111.93]
Oct 18 15:51:48 mydom smtp_auth: FAILED: www - password incorrect from (null) [46.149.111.93]
Oct 18 15:51:49 mydom smtp_auth: SMTP connect from unknown [46.149.111.93]
Oct 18 15:51:49 mydom smtp_auth: FAILED: www - password incorrect from (null) [46.149.111.93]
Paul KonstanskiProject SpecialistAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Ken ButtersCommented:
0
COBOLdinosaurCommented:
do I block them out as well?

Of course you do.  The crap coming from that IP is because there is a spammer on it, it has been infected with a botnet virus or it is an open proxy.  If there is legitimate traffic on it and they get blocked then they will complain to their ISP who is responsible for allowing the spamming or has sloppy security.  Either way the ISP is responsible to clean it up and restore the reputation of the IP and if you are not prepared to block then you will get beat up by spammers, hackers and every idiot who finds an exploit script.

That ip in your log is on a server in the Ukraine that is on 3 major blacklists for spamming and is on Netcraft exploits blacklist which may indicate it tries to turn mailservers into zombies. That block if IP in the Ukraine is a known source of botnet control sites.

If you don't block it you are an idiot because you are clearly being targeted and if you do not block it it will break through; guaranteed.


Cd&
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Paul KonstanskiProject SpecialistAuthor Commented:
Direct and to the point. Thanks.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
AntiSpam

From novice to tech pro — start learning today.