HELO |http://mail.oldartero.com:8888/cgi-bin/put
Hey Everyone... I have seen this constantly in my Exim logs for days now. I have Googled it and have seen some references to it possibly being some type of attack. The entries are showing up under "Bad Hosts." I can start including the IP's in my KISS block list but they are all over the board. Mostly from outside the US (I am inside). Have any of you seen this pattern and if so, can you give me some advice on what it is and the best way to stop it?
Here is a log segment... notice the pattern of IP's coming in twos:
2006-11-09 00:00:29 : IP:85.250.195.116 (EHLO |http://mail.oldartero.com:8888/cgi-bin/put)
2006-11-09 00:00:29 : IP:85.250.195.116 (HELO |http://mail.oldartero.com:8888/cgi-bin/put)
2006-11-09 00:01:03 : IP:59.182.30.64 (EHLO |http://mail.oldartero.com:8888/cgi-bin/put)
2006-11-09 00:01:04 : IP:59.182.30.64 (HELO |http://mail.oldartero.com:8888/cgi-bin/put)
2006-11-09 00:01:49 : IP:221.229.91.44 (EHLO |http://mail.oldartero.com:8889/cgi-bin/put)
2006-11-09 00:01:49 : IP:221.229.91.44 (HELO |http://mail.oldartero.com:8889/cgi-bin/put)
2006-11-09 00:03:18 : IP:203.198.132.135 (EHLO http://mail.oldartero.com:8888/cgi-bin/put)
2006-11-09 00:03:18 : IP:203.198.132.135 (HELO http://mail.oldartero.com:8888/cgi-bin/put)
2006-11-09 00:05:18 : IP:61.12.9.67 (EHLO |http://mail.oldartero.com:8888/cgi-bin/put)
2006-11-09 00:05:18 : IP:61.12.9.67 (HELO |http://mail.oldartero.com:8888/cgi-bin/put)
2006-11-09 00:06:16 : IP:62.231.178.171 (EHLO |http://mail.oldartero.com:8889/cgi-bin/put)
2006-11-09 00:06:16 : IP:62.231.178.171 (HELO |http://mail.oldartero.com:8889/cgi-bin/put)
I appreciate your wisdom.
Hey Everyone... I have seen this constantly in my Exim logs for days now. I have Googled it and have seen some references to it possibly being some type of attack. The entries are showing up under "Bad Hosts." I can start including the IP's in my KISS block list but they are all over the board. Mostly from outside the US (I am inside). Have any of you seen this pattern and if so, can you give me some advice on what it is and the best way to stop it?
Here is a log segment... notice the pattern of IP's coming in twos:
2006-11-09 00:00:29 : IP:85.250.195.116 (EHLO |http://mail.oldartero.com:8888/cgi-bin/put)
2006-11-09 00:00:29 : IP:85.250.195.116 (HELO |http://mail.oldartero.com:8888/cgi-bin/put)
2006-11-09 00:01:03 : IP:59.182.30.64 (EHLO |http://mail.oldartero.com:8888/cgi-bin/put)
2006-11-09 00:01:04 : IP:59.182.30.64 (HELO |http://mail.oldartero.com:8888/cgi-bin/put)
2006-11-09 00:01:49 : IP:221.229.91.44 (EHLO |http://mail.oldartero.com:8889/cgi-bin/put)
2006-11-09 00:01:49 : IP:221.229.91.44 (HELO |http://mail.oldartero.com:8889/cgi-bin/put)
2006-11-09 00:03:18 : IP:203.198.132.135 (EHLO http://mail.oldartero.com:8888/cgi-bin/put)
2006-11-09 00:03:18 : IP:203.198.132.135 (HELO http://mail.oldartero.com:8888/cgi-bin/put)
2006-11-09 00:05:18 : IP:61.12.9.67 (EHLO |http://mail.oldartero.com:8888/cgi-bin/put)
2006-11-09 00:05:18 : IP:61.12.9.67 (HELO |http://mail.oldartero.com:8888/cgi-bin/put)
2006-11-09 00:06:16 : IP:62.231.178.171 (EHLO |http://mail.oldartero.com:8889/cgi-bin/put)
2006-11-09 00:06:16 : IP:62.231.178.171 (HELO |http://mail.oldartero.com:8889/cgi-bin/put)
I appreciate your wisdom.