Email account hacked: mwatts@dimentech.com

Posted byDan Watts Leave a comment on Email account hacked: mwatts@dimentech.com

Got a warning from surgemail about mwatts@dimentech.com sending over 500 messages. Uh oh 🙁

Hacking started at:

2014-05-15 07:12:51.00 [786463] Rcpt 31.25.142.51 <mwatts@dimentech.com> <270098@tearoha-college.school.nz> 0  ""
2014-05-15 07:12:53.00 [786463] Rcpt 31.25.142.51 <mwatts@dimentech.com> <26612974@qq.com> 0  ""
2014-05-15 07:12:54.00 [786463] Rcpt 31.25.142.51 <mwatts@dimentech.com> <81silvia@live.com.ar> 0  ""
2014-05-15 07:12:56.00 [786463] Rcpt 31.25.142.51 <mwatts@dimentech.com> <a.schaefer@ritter-starkstromtechnik.de> 0  ""
2014-05-15 07:12:57.00 [786463] Rcpt 31.25.142.51 <mwatts@dimentech.com> <a.sotillio@yahoo.com> 0  ""
2014-05-15 07:12:57.00 [786463] Rcpt 31.25.142.51 <mwatts@dimentech.com> <1_399244@sunshinenetmail.net> 0  ""
2014-05-15 07:12:57.00 [786463] Rcpt 31.25.142.51 <mwatts@dimentech.com> <18267833053@139.com> 0  ""
2014-05-15 07:12:58.00 [786463] Rcpt 31.25.142.51 <mwatts@dimentech.com> <651413@lrstudents.org> 0  ""

List of valid logins from hackers:

2014-05-14 17:49:25.00:-566372608: 187.134.177.227 187.134.177.227 SMTP mwatts@dimentech.com
2014-05-15 07:12:50.00:-567765248: 31.25.142.51 31.25.142.51 SMTP mwatts@dimentech.com
2014-05-15 08:10:11.00:-551274752: 189.72.120.189 189.72.120.189 SMTP mwatts@dimentech.com
2014-05-15 09:55:25.00:-559917312: 200.85.95.51 200.85.95.51 SMTP mwatts@dimentech.com
2014-05-15 11:24:22.00:-600066304: 58.186.28.54 58.186.28.54 SMTP mwatts@dimentech.com

Some other attempted logins:

2014-05-15 07:46:48.00:-566372608: 503 Too many  4>=4(G_BAD_LOGIN_ALLOW), set g_bad_login_ip_ignore 178.33.154.174 retry in 5 minutes
2014-05-15 12:04:49.00:-559352064: 503 Too many  4>=4(G_BAD_LOGIN_ALLOW), set g_bad_login_ip_ignore 93.115.175.105 retry in 5 minutes
2014-05-15 14:06:34.00:122980096: smtp: auth (dimentech.com) (mwatts) (181.31.233.159) Login incorrect -ERR mwatts@dimentech.com password wrong or not a valid user

Blocking entire networks:

-A INPUT -s 119.0.0.0/8   -p tcp -m tcp -j DROP
-A INPUT -s 178.0.0.0/8   -p tcp -m tcp -j DROP
-A INPUT -s 187.0.0.0/8   -p tcp -m tcp -j DROP
-A INPUT -s 188.0.0.0/8   -p tcp -m tcp -j DROP
-A INPUT -s 189.0.0.0/8   -p tcp -m tcp -j DROP
-A INPUT -s 200.0.0.0/8   -p tcp -m tcp -j DROP
-A INPUT -s 31.0.0.0/8    -p tcp -m tcp -j DROP
-A INPUT -s 58.0.0.0/8    -p tcp -m tcp -j DROP
-A INPUT -s 93.0.0.0/8    -p tcp -m tcp -j DROP

That should take care of things

Leave a comment

Your email address will not be published. Required fields are marked *