最近被一病毒邮件攻击,有类似的吗?
这个系统运行一年多了,这两天,被病毒邮件攻击。有相同的吗?
不过系统到是非常正常,其实所有病毒邮件都被自动删了,而且攻击IP自动BAN。就是太无聊了。唉!
===================================================
# 阻止/自动 IP 屏蔽数据库
#
# 此文件列出了所有会自动屏蔽的 IP 地址,通过
# 阻止/自动 IP 屏蔽系统.
#
# 此格式的条目: IP<空格>分钟
# 如: 192.168.0.1 60 - 这意味着 192.168.0.1 60 分钟
# 内不能连接。
210.65.143.68 1
218.15.145.72 4
218.90.6.185 5
24.201.245.36 7
61.144.173.141 7
211.140.105.84 9
218.6.24.194 9
218.91.111.172 11
61.243.34.147 11
218.27.162.18 12
202.109.129.254 12
218.75.48.174 15
211.19.45.233 16
61.155.112.43 17
61.154.252.186 81
67.85.37.51 82
218.20.115.24 82
221.229.241.26 83
61.177.30.129 83
218.0.124.106 84
61.155.112.42 84
218.28.11.251 85
61.48.76.123 86
202.108.35.192 88
218.0.127.125 90
219.238.159.142 91
202.104.155.176 331
218.72.8.67 332
219.146.32.166 332
61.149.103.126 333
210.51.21.26 333
218.104.129.24 334
61.147.145.200 335
211.157.4.65 335
61.183.69.148 337
218.80.45.187 337
218.17.95.188 340
202.108.255.197 341
210.21.197.26 341
202.96.209.52 342
218.16.42.197 343
61.128.128.118 344
61.185.39.188 344
61.145.153.22 345
218.16.53.167 347
218.59.16.161 348
61.179.12.114 349
218.91.208.58 349
61.149.95.247 353
218.13.162.127 353
202.101.42.5 355
210.243.202.121 356
218.62.33.163 357
218.16.45.38 357
219.234.223.101 357
219.156.111.121 359
====================================================
Thu 2004-01-29 09:43:58: [704:389:2] 接收 SMTP 来自[61.171.209.228 : 65380]的连接
Thu 2004-01-29 09:43:58: [704:389:2] Looking up PTR record for 61.171.209.228 (228.209.171.61.IN-ADDR.ARPA)
Thu 2004-01-29 09:43:58: [704:389:2] 名称服务器报告域名未知。
Thu 2004-01-29 09:43:58: [704:389:2] --> 220 toyoshima.cc ESMTP MDaemon 6.8.5; Thu, 29 Jan 2004 09:43:58 +0800
Thu 2004-01-29 09:43:58: [704:389:2] <-- HELO RsProxy
Thu 2004-01-29 09:43:58: [704:389:2] Performing reverse lookup on RsProxy (looking for 61.171.209.228)
Thu 2004-01-29 09:43:58: [704:389:2] 名称服务器报告域名未知。
Thu 2004-01-29 09:43:58: [704:389:2] --> 501 DNS 说 并不是一个真实的域名。
Thu 2004-01-29 09:44:05: [704:389:2] Socket connection closed by the other side (how rude!)
Thu 2004-01-29 09:44:05: [704:389:2] SMTP 连接异常终止,已发送 14 字节。
Thu 2004-01-29 09:44:05: ----------
Thu 2004-01-29 09:43:45: [820:386:1] 接收 SMTP 来自[211.148.140.93 : 1557]的连接
Thu 2004-01-29 09:43:45: [820:386:1] Looking up PTR record for 211.148.140.93 (93.140.148.211.IN-ADDR.ARPA)
Thu 2004-01-29 09:43:54: [820:386:1] 10 秒等候 DNS 回复,时间已到
Thu 2004-01-29 09:43:54: [820:386:1] --> 220 toyoshima.cc ESMTP MDaemon 6.8.5; Thu, 29 Jan 2004 09:43:54 +0800
Thu 2004-01-29 09:44:15: [820:386:1] <-- EHLO pconline.com.cn
Thu 2004-01-29 09:44:15: [820:386:1] Socket connection closed by the other side (how rude!)
Thu 2004-01-29 09:44:15: [820:386:1] SMTP 连接异常终止,已发送 44 字节。
Thu 2004-01-29 09:44:15: ----------
Thu 2004-01-29 09:44:14: [520:392:4] 接收 SMTP 来自[219.159.1.247 : 1888]的连接
Thu 2004-01-29 09:44:14: [520:392:4] Looking up PTR record for 219.159.1.247 (247.1.159.219.IN-ADDR.ARPA)
Thu 2004-01-29 09:44:14: [520:392:4] 名称服务器报告域名未知。
Thu 2004-01-29 09:44:14: [520:392:4] --> 220 toyoshima.cc ESMTP MDaemon 6.8.5; Thu, 29 Jan 2004 09:44:14 +0800
Thu 2004-01-29 09:44:15: [520:392:4] <-- EHLO tom.com
Thu 2004-01-29 09:44:15: [520:392:4] Performing reverse lookup on tom.com (looking for 219.159.1.247)
Thu 2004-01-29 09:44:15: [520:392:4] D=tom.com TTL=(22) A=[61.135.158.103]
Thu 2004-01-29 09:44:15: [520:392:4] P=010 D=tom.com TTL=(30) MX=[tommx.163.net] {202.108.255.210}
Thu 2004-01-29 09:44:15: [520:392:4] --> 250-toyoshima.cc Hello tom.com(可能被伪造), 很高兴见到你
Thu 2004-01-29 09:44:15: [520:392:4] --> 250-VRFY
Thu 2004-01-29 09:44:15: [520:392:4] --> 250-ETRN
Thu 2004-01-29 09:44:15: [520:392:4] --> 250-AUTH=LOGIN
Thu 2004-01-29 09:44:15: [520:392:4] --> 250-AUTH LOGIN CRAM-MD5
Thu 2004-01-29 09:44:15: [520:392:4] --> 250-8BITMIME
Thu 2004-01-29 09:44:15: [520:392:4] --> 250 SIZE 102400000
Thu 2004-01-29 09:44:17: [520:392:4] <-- MAIL FROM:
Thu 2004-01-29 09:44:17: [520:392:4] Performing reverse lookup on tom.com (looking for 219.159.1.247)
Thu 2004-01-29 09:44:17: [520:392:4] D=tom.com TTL=(22) A=[61.135.158.106]
Thu 2004-01-29 09:44:17: [520:392:4] P=010 D=tom.com TTL=(30) MX=[tommx.163.net] {202.108.255.210}
Thu 2004-01-29 09:44:17: [520:392:4] 垃圾邮件封锁器正在检查 219.159.1.247 (正在连接 IP)
Thu 2004-01-29 09:44:26: [520:392:4] Spam Blocker 10 秒等候 DNS 回复,时间已到
Thu 2004-01-29 09:44:26: [520:392:4] --> 250 ,发信人完成。
Thu 2004-01-29 09:44:27: [520:392:4] Socket connection closed by the other side (how rude!)
Thu 2004-01-29 09:44:27: [520:392:4] SMTP 连接异常终止,已发送 44 字节。
Thu 2004-01-29 09:44:27: ----------
Thu 2004-01-29 09:44:10: [680:391:3] 接收 SMTP 来自[211.150.214.148 : 4484]的连接
Thu 2004-01-29 09:44:10: [680:391:3] Looking up PTR record for 211.150.214.148 (148.214.150.211.IN-ADDR.ARPA)
Thu 2004-01-29 09:44:10: [680:391:3] 名称服务器报告域名未知。
Thu 2004-01-29 09:44:10: [680:391:3] --> 220 toyoshima.cc ESMTP MDaemon 6.8.5; Thu, 29 Jan 2004 09:44:10 +0800
Thu 2004-01-29 09:44:10: [680:391:3] <-- EHLO 21cn.com
Thu 2004-01-29 09:44:10: [680:391:3] Performing reverse lookup on 21cn.com (looking for 211.150.214.148)
Thu 2004-01-29 09:44:10: [680:391:3] D=21cn.com TTL=(47) A=[61.140.60.21]
Thu 2004-01-29 09:44:10: [680:391:3] P=010 D=21cn.com TTL=(108) MX=[mta2.21cn.com] {61.140.60.70}
Thu 2004-01-29 09:44:10: [680:391:3] P=010 D=21cn.com TTL=(108) MX=[mta.21cn.com] {61.140.60.20}
Thu 2004-01-29 09:44:10: [680:391:3] --> 250-toyoshima.cc Hello 21cn.com(可能被伪造), 很高兴见到你
Thu 2004-01-29 09:44:10: [680:391:3] --> 250-VRFY
Thu 2004-01-29 09:44:10: [680:391:3] --> 250-ETRN
Thu 2004-01-29 09:44:10: [680:391:3] --> 250-AUTH=LOGIN
Thu 2004-01-29 09:44:10: [680:391:3] --> 250-AUTH LOGIN CRAM-MD5
Thu 2004-01-29 09:44:10: [680:391:3] --> 250-8BITMIME
Thu 2004-01-29 09:44:10: [680:391:3] --> 250 SIZE 102400000
Thu 2004-01-29 09:44:11: [680:391:3] <-- MAIL FROM:
Thu 2004-01-29 09:44:11: [680:391:3] Performing reverse lookup on 21cn.com (looking for 211.150.214.148)
Thu 2004-01-29 09:44:11: [680:391:3] D=21cn.com TTL=(47) A=[61.140.60.66]
Thu 2004-01-29 09:44:11: [680:391:3] P=010 D=21cn.com TTL=(108) MX=[mta2.21cn.com] {61.140.60.70}
Thu 2004-01-29 09:44:11: [680:391:3] P=010 D=21cn.com TTL=(108) MX=[mta.21cn.com] {61.140.60.20}
Thu 2004-01-29 09:44:11: [680:391:3] 垃圾邮件封锁器正在检查 211.150.214.148 (正在连接 IP)
Thu 2004-01-29 09:44:20: [680:391:3] Spam Blocker 10 秒等候 DNS 回复,时间已到
Thu 2004-01-29 09:44:20: [680:391:3] --> 250 ,发信人完成。
Thu 2004-01-29 09:44:23: [680:391:3] <-- RCPT TO:
Thu 2004-01-29 09:44:23: [680:391:3] 遇到超过 1 个 RCPT 命令; 此连接被阻止 9999 秒延迟
Thu 2004-01-29 09:44:23: [680:391:3] --> 250 ,收信人完成。
Thu 2004-01-29 09:44:35: [680:391:3] Socket connection closed by the other side (how rude!)
Thu 2004-01-29 09:44:35: [680:391:3] SMTP 连接异常终止,已发送 75 字节。
Thu 2004-01-29 09:44:35: ----------
================================================================
