打印

[求助] pop 日志中显示恶意尝试帐户和密码

maxwell

高级会员

Rank: 4

积分: 898
技术积分: 2
5D金币: 2 枚
注册时间: 2005-5-10
最后登录: 2008-8-11

发短消息
加为好友
当前离线

1楼大中小发表于 2008-6-20 10:10 只看该作者

pop 日志中显示恶意尝试帐户和密码

邮件系统MD
在查询pop日志记录的时候，发现如下日志记录：
Mon 2008-06-16 09:31:07: ----------
Mon 2008-06-16 09:31:09: Session 8434; child 2
Mon 2008-06-16 09:31:08: Accepting POP connection from [216.147.161.7 : 63226]
Mon 2008-06-16 09:31:08: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:08: <-- USER root
Mon 2008-06-16 09:31:08: --> +OK root... User ok
Mon 2008-06-16 09:31:09: <-- PASS ******
Mon 2008-06-16 09:31:09: --> -ERR access denied
Mon 2008-06-16 09:31:09: POP session terminated, (Bytes in/out: 22/71)
Mon 2008-06-16 09:31:09: ----------
Mon 2008-06-16 09:31:09: Session 8435; child 3
Mon 2008-06-16 09:31:08: Accepting POP connection from [216.147.161.7 : 63228]
Mon 2008-06-16 09:31:08: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:08: <-- USER admin
Mon 2008-06-16 09:31:08: --> +OK admin... User ok
Mon 2008-06-16 09:31:09: <-- PASS ******
Mon 2008-06-16 09:31:09: --> -ERR access denied
Mon 2008-06-16 09:31:09: POP session terminated, (Bytes in/out: 24/72)
Mon 2008-06-16 09:31:09: ----------
Mon 2008-06-16 09:31:09: Session 8436; child 4
Mon 2008-06-16 09:31:08: Accepting POP connection from [216.147.161.7 : 63230]
Mon 2008-06-16 09:31:08: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:08: <-- USER webmaster
Mon 2008-06-16 09:31:08: --> +OK webmaster... User ok
Mon 2008-06-16 09:31:09: <-- PASS ******
Mon 2008-06-16 09:31:09: --> -ERR access denied
Mon 2008-06-16 09:31:09: POP session terminated, (Bytes in/out: 32/76)
Mon 2008-06-16 09:31:09: ----------
Mon 2008-06-16 09:31:09: Session 8437; child 5
Mon 2008-06-16 09:31:08: Accepting POP connection from [216.147.161.7 : 63234]
Mon 2008-06-16 09:31:08: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:09: <-- USER user
Mon 2008-06-16 09:31:09: --> +OK user... User ok
Mon 2008-06-16 09:31:09: <-- PASS ******
Mon 2008-06-16 09:31:09: --> -ERR access denied
Mon 2008-06-16 09:31:09: POP session terminated, (Bytes in/out: 22/71)
Mon 2008-06-16 09:31:09: ----------
Mon 2008-06-16 09:31:09: Session 8438; child 6
Mon 2008-06-16 09:31:08: Accepting POP connection from [216.147.161.7 : 63236]
Mon 2008-06-16 09:31:08: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:09: <-- USER test
Mon 2008-06-16 09:31:09: --> +OK test... User ok
Mon 2008-06-16 09:31:09: <-- PASS ******
Mon 2008-06-16 09:31:09: --> -ERR access denied
Mon 2008-06-16 09:31:09: POP session terminated, (Bytes in/out: 22/71)
Mon 2008-06-16 09:31:09: ----------
Mon 2008-06-16 09:31:09: Session 8439; child 7
Mon 2008-06-16 09:31:08: Accepting POP connection from [216.147.161.7 : 63237]
Mon 2008-06-16 09:31:08: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:09: <-- USER web
Mon 2008-06-16 09:31:09: --> +OK web... User ok
Mon 2008-06-16 09:31:09: <-- PASS ******
Mon 2008-06-16 09:31:09: --> -ERR access denied
Mon 2008-06-16 09:31:09: POP session terminated, (Bytes in/out: 20/70)
Mon 2008-06-16 09:31:09: ----------
Mon 2008-06-16 09:31:09: Session 8440; child 8
Mon 2008-06-16 09:31:08: Accepting POP connection from [216.147.161.7 : 63239]
Mon 2008-06-16 09:31:08: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:09: <-- USER www
Mon 2008-06-16 09:31:09: --> +OK www... User ok
Mon 2008-06-16 09:31:09: <-- PASS ******
Mon 2008-06-16 09:31:09: --> -ERR access denied
Mon 2008-06-16 09:31:09: POP session terminated, (Bytes in/out: 20/70)
Mon 2008-06-16 09:31:09: ----------
Mon 2008-06-16 09:31:09: Session 8441; child 9
Mon 2008-06-16 09:31:09: Accepting POP connection from [216.147.161.7 : 63241]
Mon 2008-06-16 09:31:09: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:09: <-- USER administrator
Mon 2008-06-16 09:31:09: --> +OK administrator... User ok
Mon 2008-06-16 09:31:09: <-- PASS ******
Mon 2008-06-16 09:31:09: --> -ERR access denied
Mon 2008-06-16 09:31:09: POP session terminated, (Bytes in/out: 40/80)
Mon 2008-06-16 09:31:09: ----------
Mon 2008-06-16 09:31:09: Session 8442; child 9
Mon 2008-06-16 09:31:09: Accepting POP connection from [216.147.161.7 : 63243]
Mon 2008-06-16 09:31:09: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:09: <-- USER oracle
Mon 2008-06-16 09:31:09: --> +OK oracle... User ok
Mon 2008-06-16 09:31:09: <-- PASS ******
Mon 2008-06-16 09:31:09: --> -ERR access denied
Mon 2008-06-16 09:31:09: POP session terminated, (Bytes in/out: 26/73)
Mon 2008-06-16 09:31:09: ----------
Mon 2008-06-16 09:31:10: Session 8443; child 8
Mon 2008-06-16 09:31:09: Accepting POP connection from [216.147.161.7 : 63244]
Mon 2008-06-16 09:31:09: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:09: <-- USER sybase
Mon 2008-06-16 09:31:09: --> +OK sybase... User ok
Mon 2008-06-16 09:31:10: <-- PASS ******
Mon 2008-06-16 09:31:10: --> -ERR access denied
Mon 2008-06-16 09:31:10: POP session terminated, (Bytes in/out: 26/73)
Mon 2008-06-16 09:31:10: ----------
Mon 2008-06-16 09:31:10: Session 8446; child 8
Mon 2008-06-16 09:31:09: Accepting POP connection from [216.147.161.7 : 63249]
Mon 2008-06-16 09:31:09: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:10: <-- USER backup
Mon 2008-06-16 09:31:10: --> +OK backup... User ok
Mon 2008-06-16 09:31:10: <-- PASS ******
Mon 2008-06-16 09:31:10: --> -ERR access denied
Mon 2008-06-16 09:31:10: POP session terminated, (Bytes in/out: 26/73)
Mon 2008-06-16 09:31:10: ----------
Mon 2008-06-16 09:31:10: Session 8444; child 8
Mon 2008-06-16 09:31:09: Accepting POP connection from [216.147.161.7 : 63247]
Mon 2008-06-16 09:31:09: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:10: <-- USER informix
Mon 2008-06-16 09:31:10: --> +OK informix... User ok
Mon 2008-06-16 09:31:10: <-- PASS ******
Mon 2008-06-16 09:31:10: --> -ERR access denied
Mon 2008-06-16 09:31:10: POP session terminated, (Bytes in/out: 30/75)
Mon 2008-06-16 09:31:10: ----------
Mon 2008-06-16 09:31:10: Session 8445; child 9
Mon 2008-06-16 09:31:09: Accepting POP connection from [216.147.161.7 : 63248]
Mon 2008-06-16 09:31:09: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:10: <-- USER oracle8
Mon 2008-06-16 09:31:10: --> +OK oracle8... User ok
Mon 2008-06-16 09:31:10: <-- PASS ******
Mon 2008-06-16 09:31:10: --> -ERR access denied
Mon 2008-06-16 09:31:10: POP session terminated, (Bytes in/out: 28/74)
Mon 2008-06-16 09:31:10: ----------
Mon 2008-06-16 09:31:10: Session 8447; child 8
Mon 2008-06-16 09:31:09: Accepting POP connection from [216.147.161.7 : 63252]
Mon 2008-06-16 09:31:09: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:10: <-- USER lizdy
Mon 2008-06-16 09:31:10: --> +OK lizdy... User ok
Mon 2008-06-16 09:31:10: <-- PASS ******
Mon 2008-06-16 09:31:10: --> -ERR access denied
Mon 2008-06-16 09:31:10: POP session terminated, (Bytes in/out: 24/72)
Mon 2008-06-16 09:31:10: ----------
Mon 2008-06-16 09:31:10: Session 8449; child 8
Mon 2008-06-16 09:31:09: Accepting POP connection from [216.147.161.7 : 63260]
Mon 2008-06-16 09:31:09: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:10: <-- USER data
Mon 2008-06-16 09:31:10: --> +OK data... User ok
Mon 2008-06-16 09:31:10: <-- PASS ******
Mon 2008-06-16 09:31:10: --> -ERR access denied
Mon 2008-06-16 09:31:10: POP session terminated, (Bytes in/out: 22/71)
Mon 2008-06-16 09:31:10: ----------
Mon 2008-06-16 09:31:10: Session 8450; child 9
Mon 2008-06-16 09:31:10: Accepting POP connection from [216.147.161.7 : 63261]
Mon 2008-06-16 09:31:10: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:10: <-- USER root
Mon 2008-06-16 09:31:10: --> +OK root... User ok
Mon 2008-06-16 09:31:10: <-- PASS ******
Mon 2008-06-16 09:31:10: --> -ERR access denied
Mon 2008-06-16 09:31:10: POP session terminated, (Bytes in/out: 24/71)
Mon 2008-06-16 09:31:10: ----------
Mon 2008-06-16 09:31:10: Session 8451; child 10
Mon 2008-06-16 09:31:10: Accepting POP connection from [216.147.161.7 : 63263]
Mon 2008-06-16 09:31:10: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:10: <-- USER admin
Mon 2008-06-16 09:31:10: --> +OK admin... User ok
Mon 2008-06-16 09:31:10: <-- PASS ******
Mon 2008-06-16 09:31:10: --> -ERR access denied
Mon 2008-06-16 09:31:10: POP session terminated, (Bytes in/out: 26/72)
Mon 2008-06-16 09:31:10: ----------
Mon 2008-06-16 09:31:10: Session 8448; child 9
Mon 2008-06-16 09:31:09: Accepting POP connection from [216.147.161.7 : 63256]
Mon 2008-06-16 09:31:09: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:10: <-- USER server
Mon 2008-06-16 09:31:10: --> +OK server... User ok
Mon 2008-06-16 09:31:10: <-- PASS ******
Mon 2008-06-16 09:31:10: --> -ERR access denied
Mon 2008-06-16 09:31:10: POP session terminated, (Bytes in/out: 26/73)
Mon 2008-06-16 09:31:10: ----------
Mon 2008-06-16 09:31:11: Session 8453; child 11
Mon 2008-06-16 09:31:10: Accepting POP connection from [216.147.161.7 : 63267]
Mon 2008-06-16 09:31:10: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:10: <-- USER access
Mon 2008-06-16 09:31:10: --> +OK access... User ok
Mon 2008-06-16 09:31:11: <-- PASS ******
Mon 2008-06-16 09:31:11: --> -ERR access denied
Mon 2008-06-16 09:31:11: POP session terminated, (Bytes in/out: 26/73)
Mon 2008-06-16 09:31:11: ----------
Mon 2008-06-16 09:31:11: Session 8452; child 10
Mon 2008-06-16 09:31:10: Accepting POP connection from [216.147.161.7 : 63264]
Mon 2008-06-16 09:31:10: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:10: <-- USER account
Mon 2008-06-16 09:31:10: --> +OK account... User ok
Mon 2008-06-16 09:31:11: <-- PASS ******
Mon 2008-06-16 09:31:11: --> -ERR access denied
Mon 2008-06-16 09:31:11: POP session terminated, (Bytes in/out: 28/74)
Mon 2008-06-16 09:31:11: ----------
Mon 2008-06-16 09:31:11: Session 8454; child 12
Mon 2008-06-16 09:31:10: Accepting POP connection from [216.147.161.7 : 63270]
Mon 2008-06-16 09:31:10: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:10: <-- USER pwrchute
Mon 2008-06-16 09:31:10: --> +OK pwrchute... User ok
Mon 2008-06-16 09:31:11: <-- PASS ******
Mon 2008-06-16 09:31:11: --> -ERR access denied
Mon 2008-06-16 09:31:11: POP session terminated, (Bytes in/out: 30/75)
Mon 2008-06-16 09:31:11: ----------
Mon 2008-06-16 09:31:11: Session 8455; child 12
Mon 2008-06-16 09:31:10: Accepting POP connection from [216.147.161.7 : 63274]
Mon 2008-06-16 09:31:10: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:11: <-- USER test
Mon 2008-06-16 09:31:11: --> +OK test... User ok
Mon 2008-06-16 09:31:11: <-- PASS ******
Mon 2008-06-16 09:31:11: --> -ERR access denied
Mon 2008-06-16 09:31:11: POP session terminated, (Bytes in/out: 24/71)
Mon 2008-06-16 09:31:11: ----------
Mon 2008-06-16 09:31:11: Session 8456; child 12
Mon 2008-06-16 09:31:10: Accepting POP connection from [216.147.161.7 : 63276]
Mon 2008-06-16 09:31:10: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:11: <-- USER web
Mon 2008-06-16 09:31:11: --> +OK web... User ok
Mon 2008-06-16 09:31:11: <-- PASS ******
Mon 2008-06-16 09:31:11: --> -ERR access denied
Mon 2008-06-16 09:31:11: POP session terminated, (Bytes in/out: 22/70)
Mon 2008-06-16 09:31:11: ----------
Mon 2008-06-16 09:31:11: Session 8458; child 10
Mon 2008-06-16 09:31:10: Accepting POP connection from [216.147.161.7 : 63285]
Mon 2008-06-16 09:31:10: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:11: <-- USER administrator
Mon 2008-06-16 09:31:11: --> +OK administrator... User ok
Mon 2008-06-16 09:31:11: <-- PASS ******
Mon 2008-06-16 09:31:11: --> -ERR access denied
Mon 2008-06-16 09:31:11: POP session terminated, (Bytes in/out: 42/80)
Mon 2008-06-16 09:31:11: ----------
Mon 2008-06-16 09:31:11: Session 8457; child 11
Mon 2008-06-16 09:31:10: Accepting POP connection from [216.147.161.7 : 63279]
Mon 2008-06-16 09:31:10: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:11: <-- USER www
Mon 2008-06-16 09:31:11: --> +OK www... User ok
Mon 2008-06-16 09:31:11: <-- PASS ******
Mon 2008-06-16 09:31:11: --> -ERR access denied
Mon 2008-06-16 09:31:11: POP session terminated, (Bytes in/out: 22/70)
Mon 2008-06-16 09:31:11: ----------
Mon 2008-06-16 09:31:11: Session 8459; child 10
Mon 2008-06-16 09:31:10: Accepting POP connection from [216.147.161.7 : 63286]
Mon 2008-06-16 09:31:10: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:11: <-- USER oracle
Mon 2008-06-16 09:31:11: --> +OK oracle... User ok
Mon 2008-06-16 09:31:11: <-- PASS ******
Mon 2008-06-16 09:31:11: --> -ERR access denied
Mon 2008-06-16 09:31:11: POP session terminated, (Bytes in/out: 28/73)
Mon 2008-06-16 09:31:11: ----------
Mon 2008-06-16 09:31:11: Session 8460; child 10
Mon 2008-06-16 09:31:10: Accepting POP connection from [216.147.161.7 : 63288]
Mon 2008-06-16 09:31:10: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:11: <-- USER sybase
Mon 2008-06-16 09:31:11: --> +OK sybase... User ok
Mon 2008-06-16 09:31:11: <-- PASS ******
Mon 2008-06-16 09:31:11: --> -ERR access denied
Mon 2008-06-16 09:31:11: POP session terminated, (Bytes in/out: 28/73)
Mon 2008-06-16 09:31:11: ----------

怎样杜绝或者限制这样的ip地址呀？

另外还有一个问题，就是有用户反映有时候通过web方式使用邮件系统的时候，出现“请求会话的IP地址不合法”，怎样解决呀？

还有一个问题，就是我想看看用户通过web方式访问邮箱的一些日志信息，从那个日志文件可以看到呀，我在日志文件中找到有个IMAP的log文件，但是里面没有内容，要怎么设置再那里可以看到？

[ 本帖最后由 maxwell 于 2008-6-20 10:29 编辑 ]

TOP

5D金币换奖品活动正式启动　欢迎大家换取喜欢的奖品！

wxhsh

论坛元老

Rank: 8 Rank: 8

积分: 10097
技术积分: 402
5D金币: 723 枚
注册时间: 2006-11-3
最后登录: 2008-8-28

发短消息
加为好友
当前离线

2楼大中小发表于 2008-6-20 11:28 只看该作者

1.这个没啥办法，所以MD加了个强密码验证的功能。不过一般也只能重试3次。
2.这个到如下设置，但会有安全风险

去除此选项
3.WorldClient.log

附件: 您所在的用户组无法下载或查看附件

TOP

本站MSN群开通欢迎大家加入!

maxwell

高级会员

Rank: 4

积分: 898
技术积分: 2
5D金币: 2 枚
注册时间: 2005-5-10
最后登录: 2008-8-11

发短消息
加为好友
当前离线

3楼大中小发表于 2008-6-21 19:14 只看该作者

回复 2楼的帖子

谢谢你的回复，第一个我通过web尝试一个用户名，可以尝试很多次呀，好像没有三次限制。MD里面没有看到WorldClient.log这个日志呀

TOP

《邮件技术周刊》创刊，欢迎订阅!

wxhsh

论坛元老

Rank: 8 Rank: 8

积分: 10097
技术积分: 402
5D金币: 723 枚
注册时间: 2006-11-3
最后登录: 2008-8-28

发短消息
加为好友
当前离线

4楼大中小发表于 2008-6-23 11:27 只看该作者

1.我指的是POP方式下的重试次数，你的问题也是说POP日志。
2.应该是有的吧，没有的话检查下，设置-日志选项：

附件: 您所在的用户组无法下载或查看附件

TOP

如果您的问题找到答案,请给他"技术积分"以示感谢!

maxwell

高级会员

Rank: 4

积分: 898
技术积分: 2
5D金币: 2 枚
注册时间: 2005-5-10
最后登录: 2008-8-11

发短消息
加为好友
当前离线

5楼大中小发表于 2008-6-24 21:31 只看该作者

非常感谢，记录到了http的日志，通过测试尝试通过web方式访问发送邮件，WorldClient.log有日志记录，但是我尝试通过web方式删除邮件，并清空已删除邮件，WorldClient.log里面感觉没有记录相关信息，烦请指教

TOP

想随时知道您的帖子是否有人回复了吗?--请使用"接收新回复邮件通知"(我的订阅)的功能!

		TOP 清除 Cookies - 联系我们 - 邮件技术资讯网 - Archiver - WAP - 繁體中文
	当前时区 GMT+8, 现在时间是 2008-8-29 12:33
本论坛为非盈利中立机构，论坛所有言论纯属发表者个人意见，与《邮件技术资讯网》论坛立场无关。内容所涉及的版权和法律相关事宜请参考各自所有者的条款。如果认定侵犯了您的权利，请联系我们尽快处理。本论坛原创内容请联系本站后再行转载并务必保留我站信息。此声明修改不再另行通知，本论坛保留最终解释权。本论坛QQ群：1#群2233231(已满) 2#群2598254(推荐) 3#群15974064(推荐) 4#群14173252(推荐) * 建议使用 1024×768 模式查看本论坛 * Powered by Discuz! 6.1.0

[求助] pop 日志中显示恶意尝试帐户和密码

pop 日志中显示恶意尝试帐户和密码

回复 2楼 的帖子

回复 2楼的帖子