Tracking activity / Fail2ban - postfix-sasl

Discussion in 'General' started by nygaard91, Jan 26, 2016.

  1. nygaard91

    nygaard91 New Member

    Hello,
    I have a huge problem with a unknown site there is sending out spam, probably hacked... :(
    Is there a way I can track the activity, to determine what site it is coming from?
    Another thing, can I somehow permanently ban Fail2ban bans, as you can see I have a lot. I found a tutorial online but as I can figure out if it's only for brute force attacks...

    Code:
    2016-01-25 23:41:16,133 fail2ban.actions: WARNING [postfix-sasl] Ban 120.141.217.74
2016-01-25 23:51:16,767 fail2ban.actions: WARNING [postfix-sasl] Unban 120.141.217.74
2016-01-26 00:12:38,104 fail2ban.actions: WARNING [postfix-sasl] Ban 182.75.74.106
2016-01-26 00:20:45,617 fail2ban.actions: WARNING [postfix-sasl] Ban 196.20.68.185
2016-01-26 00:22:38,739 fail2ban.actions: WARNING [postfix-sasl] Unban 182.75.74.106
2016-01-26 00:30:46,256 fail2ban.actions: WARNING [postfix-sasl] Unban 196.20.68.185
2016-01-26 00:42:45,091 fail2ban.actions: WARNING [postfix-sasl] Ban 120.141.217.74
2016-01-26 00:50:03,569 fail2ban.actions: WARNING [postfix-sasl] Ban 218.61.46.14
2016-01-26 00:52:45,750 fail2ban.actions: WARNING [postfix-sasl] Unban 120.141.217.74
2016-01-26 00:54:23,865 fail2ban.actions: WARNING [postfix-sasl] Ban 182.187.142.71
2016-01-26 00:55:15,930 fail2ban.actions: WARNING [postfix-sasl] Ban 120.141.217.74
2016-01-26 01:00:04,232 fail2ban.actions: WARNING [postfix-sasl] Unban 218.61.46.14
2016-01-26 01:02:09,374 fail2ban.actions: WARNING [postfix-sasl] Ban 182.75.74.106
2016-01-26 01:04:24,527 fail2ban.actions: WARNING [postfix-sasl] Unban 182.187.142.71
2016-01-26 01:05:16,591 fail2ban.actions: WARNING [postfix-sasl] Unban 120.141.217.74
2016-01-26 01:12:10,036 fail2ban.actions: WARNING [postfix-sasl] Unban 182.75.74.106
2016-01-26 01:13:49,149 fail2ban.actions: WARNING [postfix-sasl] Ban 120.141.217.74
2016-01-26 01:17:04,364 fail2ban.actions: WARNING [postfix-sasl] Ban 106.120.81.123
2016-01-26 01:18:28,462 fail2ban.actions: WARNING [postfix-sasl] Ban 113.160.92.170
2016-01-26 01:23:49,825 fail2ban.actions: WARNING [postfix-sasl] Unban 120.141.217.74
2016-01-26 01:27:05,037 fail2ban.actions: WARNING [postfix-sasl] Unban 106.120.81.123
2016-01-26 01:28:29,138 fail2ban.actions: WARNING [postfix-sasl] Unban 113.160.92.170
2016-01-26 02:09:27,941 fail2ban.actions: WARNING [ssh] Ban 60.173.9.26
2016-01-26 02:12:34,142 fail2ban.actions: WARNING [ssh] Ban 183.3.202.108
2016-01-26 02:18:13,286 fail2ban.actions: WARNING [postfix-sasl] Ban 85.132.79.9
2016-01-26 02:19:28,569 fail2ban.actions: WARNING [ssh] Unban 60.173.9.26
2016-01-26 02:19:44,395 fail2ban.actions: WARNING [postfix-sasl] Ban 175.110.185.64
2016-01-26 02:22:34,772 fail2ban.actions: WARNING [ssh] Unban 183.3.202.108
2016-01-26 02:28:13,943 fail2ban.actions: WARNING [postfix-sasl] Unban 85.132.79.9
2016-01-26 02:29:45,050 fail2ban.actions: WARNING [postfix-sasl] Unban 175.110.185.64
2016-01-26 04:20:57,080 fail2ban.actions: WARNING [postfix-sasl] Ban 189.89.145.26
2016-01-26 04:30:57,719 fail2ban.actions: WARNING [postfix-sasl] Unban 189.89.145.26
2016-01-26 04:31:14,746 fail2ban.actions: WARNING [postfix-sasl] Ban 106.120.81.123
2016-01-26 04:41:15,382 fail2ban.actions: WARNING [postfix-sasl] Unban 106.120.81.123
2016-01-26 05:11:56,314 fail2ban.actions: WARNING [postfix-sasl] Ban 180.211.98.10
2016-01-26 05:21:56,946 fail2ban.actions: WARNING [postfix-sasl] Unban 180.211.98.10
2016-01-26 05:28:05,351 fail2ban.actions: WARNING [ssh] Ban 183.3.202.108
2016-01-26 05:28:34,361 fail2ban.actions: WARNING [postfix-sasl] Ban 196.20.68.185
2016-01-26 05:31:56,578 fail2ban.actions: WARNING [postfix-sasl] Ban 175.45.186.150
2016-01-26 05:38:05,978 fail2ban.actions: WARNING [ssh] Unban 183.3.202.108
2016-01-26 05:38:35,001 fail2ban.actions: WARNING [postfix-sasl] Unban 196.20.68.185
2016-01-26 05:41:57,217 fail2ban.actions: WARNING [postfix-sasl] Unban 175.45.186.150
2016-01-26 05:47:53,592 fail2ban.actions: WARNING [postfix-sasl] Ban 91.187.102.223
2016-01-26 05:55:56,110 fail2ban.actions: WARNING [postfix-sasl] Ban 70.45.94.194
2016-01-26 05:57:54,244 fail2ban.actions: WARNING [postfix-sasl] Unban 91.187.102.223
2016-01-26 06:02:54,573 fail2ban.actions: WARNING [postfix-sasl] Ban 36.78.132.47
2016-01-26 06:05:56,779 fail2ban.actions: WARNING [postfix-sasl] Unban 70.45.94.194
2016-01-26 06:12:55,227 fail2ban.actions: WARNING [postfix-sasl] Unban 36.78.132.47
2016-01-26 06:24:17,867 fail2ban.actions: WARNING [ssh] Ban 61.182.227.182
2016-01-26 06:25:08,990 fail2ban.actions: WARNING [postfix-sasl] Ban 85.25.196.214
2016-01-26 06:29:20,252 fail2ban.actions: WARNING [postfix-sasl] Ban 50.194.235.153
2016-01-26 06:32:57,492 fail2ban.actions: WARNING [postfix-sasl] Ban 180.250.222.133
2016-01-26 06:34:18,515 fail2ban.actions: WARNING [ssh] Unban 61.182.227.182
2016-01-26 06:35:09,641 fail2ban.actions: WARNING [postfix-sasl] Unban 85.25.196.214
2016-01-26 06:39:20,911 fail2ban.actions: WARNING [postfix-sasl] Unban 50.194.235.153
2016-01-26 06:42:58,145 fail2ban.actions: WARNING [postfix-sasl] Unban 180.250.222.133
2016-01-26 06:54:23,859 fail2ban.actions: WARNING [postfix-sasl] Ban 180.250.222.133
2016-01-26 07:02:51,399 fail2ban.actions: WARNING [postfix-sasl] Ban 212.22.173.224
2016-01-26 07:04:24,506 fail2ban.actions: WARNING [postfix-sasl] Unban 180.250.222.133
2016-01-26 07:12:52,040 fail2ban.actions: WARNING [postfix-sasl] Ban 124.158.12.175
2016-01-26 07:12:52,051 fail2ban.actions: WARNING [postfix-sasl] Unban 212.22.173.224
2016-01-26 07:22:52,680 fail2ban.actions: WARNING [postfix-sasl] Unban 124.158.12.175
2016-01-26 07:40:43,793 fail2ban.actions: WARNING [postfix-sasl] Ban 113.205.168.254
2016-01-26 07:50:44,430 fail2ban.actions: WARNING [postfix-sasl] Unban 113.205.168.254
2016-01-26 07:50:48,445 fail2ban.actions: WARNING [postfix-sasl] Ban 77.70.7.206
2016-01-26 08:00:49,090 fail2ban.actions: WARNING [postfix-sasl] Unban 77.70.7.206
2016-01-26 08:15:02,994 fail2ban.actions: WARNING [postfix-sasl] Ban 173.165.112.17
2016-01-26 08:25:03,633 fail2ban.actions: WARNING [postfix-sasl] Unban 173.165.112.17
2016-01-26 08:36:14,347 fail2ban.actions: WARNING [postfix-sasl] Ban 212.22.173.224
2016-01-26 08:38:07,205 fail2ban.actions: WARNING [ssh] Ban 183.3.202.108
2016-01-26 08:41:28,685 fail2ban.actions: WARNING [postfix-sasl] Ban 179.127.166.29
2016-01-26 08:41:39,708 fail2ban.actions: WARNING [postfix-sasl] Ban 122.143.81.39
2016-01-26 08:46:15,007 fail2ban.actions: WARNING [postfix-sasl] Unban 212.22.173.224
2016-01-26 08:48:07,845 fail2ban.actions: WARNING [ssh] Unban 183.3.202.108
2016-01-26 08:50:00,257 fail2ban.actions: WARNING [postfix-sasl] Ban 107.182.20.213
2016-01-26 08:51:29,360 fail2ban.actions: WARNING [postfix-sasl] Unban 179.127.166.29
2016-01-26 08:51:40,383 fail2ban.actions: WARNING [postfix-sasl] Unban 122.143.81.39
2016-01-26 08:56:35,700 fail2ban.actions: WARNING [postfix-sasl] Ban 23.246.250.75
2016-01-26 09:00:00,927 fail2ban.actions: WARNING [postfix-sasl] Unban 107.182.20.213
2016-01-26 09:06:36,357 fail2ban.actions: WARNING [postfix-sasl] Unban 23.246.250.75
2016-01-26 09:11:43,692 fail2ban.actions: WARNING [postfix-sasl] Ban 199.180.114.143
2016-01-26 09:13:34,821 fail2ban.actions: WARNING [postfix-sasl] Ban 201.199.93.157
2016-01-26 09:18:31,147 fail2ban.actions: WARNING [postfix-sasl] Ban 66.138.156.93
2016-01-26 09:21:44,363 fail2ban.actions: WARNING [postfix-sasl] Unban 199.180.114.143
2016-01-26 09:23:35,493 fail2ban.actions: WARNING [postfix-sasl] Unban 201.199.93.157
2016-01-26 09:28:31,817 fail2ban.actions: WARNING [postfix-sasl] Unban 66.138.156.93
2016-01-26 09:29:36,896 fail2ban.actions: WARNING [postfix-sasl] Ban 66.138.156.93
2016-01-26 09:39:37,526 fail2ban.actions: WARNING [postfix-sasl] Unban 66.138.156.93
2016-01-26 09:43:46,796 fail2ban.actions: WARNING [postfix-sasl] Ban 122.143.81.39
2016-01-26 09:53:47,431 fail2ban.actions: WARNING [postfix-sasl] Unban 122.143.81.39
2016-01-26 10:03:11,470 fail2ban.actions: WARNING [ssh] Ban 58.218.211.198
2016-01-26 10:13:12,094 fail2ban.actions: WARNING [ssh] Unban 58.218.211.198
2016-01-26 10:13:32,674 fail2ban.actions: WARNING [postfix-sasl] Ban 199.180.114.143
2016-01-26 10:23:33,314 fail2ban.actions: WARNING [postfix-sasl] Unban 199.180.114.143
2016-01-26 11:36:39,899 fail2ban.actions: WARNING [postfix-sasl] Ban 107.182.20.213
2016-01-26 11:37:49,296 fail2ban.actions: WARNING [ssh] Ban 183.3.202.108
2016-01-26 11:46:40,538 fail2ban.actions: WARNING [postfix-sasl] Unban 107.182.20.213
2016-01-26 11:47:49,939 fail2ban.actions: WARNING [ssh] Unban 183.3.202.108
2016-01-26 11:48:47,681 fail2ban.actions: WARNING [postfix-sasl] Ban 96.53.68.90
2016-01-26 11:58:48,320 fail2ban.actions: WARNING [postfix-sasl] Unban 96.53.68.90
     
    nygaard91, Jan 26, 2016
    #1
  2. Farsus

    Farsus Member

    Farsus, Jan 26, 2016
    #2
  3. nygaard91

    nygaard91 New Member

    Thx, I will try this..
     
    nygaard91, Jan 27, 2016
    #3
  4. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    Check your web logs for requests that keep recurring, and also check the contents of some of the messages for clues (you'll likely find some in your mail queue, just use postcat on the files to dump their contents, and see what you find).
     
    Jesse Norell, Jan 27, 2016
    #4
  5. nygaard91

    nygaard91 New Member

    I didn't know that, thank you very much.
    I will give it a try right away.
     
    nygaard91, Jan 29, 2016
    #5

Share This Page