Is someone trying to break into my mailserver?

Similar Messages

• Someone's trying to break into server

  Hello,
  According to my directory service log, someone is trying to break into our server by trying to log in as 'root' and 'admin'. DirectoryServices senses this and delays the failed authentication return.
  Okay, how do we backtrace this fellow's IP and where do I get a detailed log of this apparent hacker's attempts?
  Thanks!

  In my strongly felt opinion, using denyhosts is mostly a bandaid to a problem, rather than properly addressing it.
  The one and only time I have used it was when I was battling a situation not entirely under my control. No need to go into those specifics, but it was indeed a bandaid to a situation in which I could not properly secure the server. That has since changed.
  I can't state this with enough emphasis: the proper maintenance of server security should totally negate the need for DenyHosts.
  1) Shut off ssh access ("remote login") completely if that is an option
  1) Shut off root access via ssh entirely
  Said quickly: edit /etc/sshd_config and change the section to appear as follows:
  # Authentication:
  PermitRootLogin no
  AllowUsers myserveradmin
  where "myserveradmin" is the shortname of a desired user, and should categorically not be "admin" "administrator" "test" or anything else painfully obvious.
  Restart ssh.
  Furthermore !
  3) Shut off password access via ssh completely. Use access by ssh keys only.
  See the tutorial by Mike Bombich (of Apple) here:
  http://www.bombich.com/mactips/rsync.html
  starting with "Before you start: Security Briefing"
  Or this article at another excellent resource:
  http://www.afp548.com/article.php?story=20040816224717742
  note the further information about how to limit commands available via ssh.
  Having done this, edit /etc/sshd_config and add:
  # To disable tunneled clear text passwords, change to no here!
  PasswordAuthentication no
  PermitEmptyPasswords no
  and restart ssh.
  4) Set the shell ("login shell") for every and any account that does not need shell access to your server, to: None
  5) Limit ssh access at your firewall, to known-viable IP ranges or even specific static IPs.
  Better yet, (while still observing the other steps above) don't allow ssh traffic across your firewall, and setup VPN, and then use ssh access via VPN only.
  Do all of this at your own "risk" meaning understand the consequences, the first of which will be a server that is more secure in terms of ssh access. This does little to prevent problematic php (phpBB) or other mismanaged or poor 3rd-party packages and their impact on your server.

• AT MY INTERNET BANK SITE, I'M GETTING A MESSAGE THAT THE PAGE IS BEING REDIRECTED TO A NEW LOCATION - IS THIS SOMEONE TRYING TO HACK INTO MY BANK ACCOUNT? I DON'T GET THAT MESSAGE ON INTERNET EXPLORER.

  I AM CONCERNED THAT SOMEONE IS TRYING TO HACK INTO MY BANK ACCOUNT

  Thanks,  I did and they gave me the code to unlock my SIM card. Everything is working fine now.

• Who's trying to break into my account?

  Is anyone else getting responses from iTunes, when you did not send in a request, for help resetting your password. I got several responses, and today I received one that whoever wasn't able to answer my security questions. Someone's really trying to get in.
  I sent in a support request to Apple with all pertinent info, including some all caps on the important stuff, but is there anywhere else I should submit a help request? Anything else I should do?

  For general advice see Troubleshooting issues with iTunes for Windows updates.
  The steps in the second box are a guide to removing everything related to iTunes and then rebuilding it which is often a good starting point unless the symptoms indicate a more specific approach. Review the other boxes and the list of support documents further down page in case one of them applies.
  Your library should be unaffected by these steps but there is backup and recovery advice elsewhere in the user tip.
  tt2

• Is someone trying to hack into my computer via the app store?

  Apple alerted me that my ID and password have been hacked into by someone in the US downloading a free app - which arrived on my i-pad.
  I've changed my password - is this sufficient - or should I change my Apple ID as well.
  Since then - all my emails indicate the time as an hour behind the actual time - is this related - or just a mal-functioning coincidence?
  Is it possible for someone to hack into my computer using my Apple details as a way in?
  Any advice - gratefully received!

  Apple alerted me that my ID and password have been hacked into by someone in the US downloading a free app - which arrived on my i-pad.
  That certainly sounds like the symptoms of a hacked Apple ID. Note that you should not click on any of the links in the e-mail you received. Instead, go straight here:
  http://appleid.apple.com
  Change your password, making sure to select a strong one that cannot be guessed. Then, I'd strongly encourage you to turn on two-factor authentication to prevent people from taking total control of your Apple ID:
  Apple introduces two-factor authentication
  should I change my Apple ID as well.
  Changing your Apple ID would mean losing all purchases you have made with your current Apple ID. That's not a solution to this problem, and will cause you other headaches.
  Since then - all my emails indicate the time as an hour behind the actual time - is this related - or just a mal-functioning coincidence?
  Coincidence, most likely. I can't see any reasonable way for these things to be related.
  Is it possible for someone to hack into my computer using my Apple details as a way in?
  If someone gets access to your iCloud account (which, for most people, is their Apple ID), they certainly may be able to hack your computer in a variety of ways. If you have turned on Back to My Mac, they can get access to your computer that way through your iCloud account. If you have turned on Find My Mac, they can locate, lock or even remotely erase your computer using your iCloud account. Both of these would be enabled - and can be disabled - in System Preferences -> iCloud.

• HT1212 My ipod has been disabled due to someone trying to get into it. It is saying that it will be 222 million minutes. My computer crashed and I had to replace my hard drive, therefore my itunes program wasn't saved. What do I do?

  How can I get into my disabled ipod if I can't connect it to the original computer?

  Download and install iTunes: http://www.apple.com/itunes/download/
  Restore iPod in recovery mode: http://support.apple.com/kb/ht1808
  These steps do not require the original computer the iPod synced with.

• Is someone trying to hack my computer through my Bluetooth File Exchange?

  While I was surfing with Safari, my Bluetooth File Exchange suddenly opened and my hard drive seemed to be reading/writing. I force quit Safari and closed BT File Exchange. I then checked my BT preferences. They were Apple default and I noticed "Require pairing" was not clicked. "Folder other devices can browse" is set to "Public". Why would Bluetooth File Exchange open on its own? Was someone trying to hack into my computer? What can I do to prevent this?
  I am new to Apple Computers (very happy so far) and this Discussion board so I apologize if my questions are newbie silly.
  iBook G4   Mac OS X (10.4.6)  

  Perhaps. However, when your folder was set to your user's Public folder and you have the latest Mac OS X, not much can happen.
  The Apple Bluetooth defaults are horrible. Make sure you computer is not visible, require pairing for all services and I would even recommend to tun all off. Normally, you do not need them and when you need them, turn them on for this short time period.

• Someone is trying to hack into my Apple account

  I just wanted to make mention of some forum questions I saw similar from earlier, like in June and July. It is now mid-October.
  In the past couple weeks, on at least 3 occassions, I have received similar messages from apple, probably 3 each occassion.
  Hello.
  To reset your Apple ID security questions and answers, simply click the link below. It will take you to a web page where you can create a new set of security questions and answers.
  Please note that the link will expire three hours after this email was sent.
  Reset your Apple ID security questions and answers
  Didn’t request to reset your security information? Someone may be attempting to claim c•••••@gmx.net as their own Apple ID. Please go to appleid.apple.com to reset your password immediately.
  For more information, visit the Apple ID Support site.
  Thanks,
  Apple Support
  They have all referenced the same c******@gmx.net mail adddress. Two of the 3 messages I received last night were in German.
  First time: I have a strong, unique password on my appleid account:  a password more than 16 random upper/lower alpha, numeric and symbols, I keep in a password safe application.
  The second time I got these messages last weekend, I added 2-step authentication to my Apple account.
  Last night, after getting more regarding my challenge questions, I got concerned, so I changed my strong password to another, in case they had acquired my password when Apple's Developer servers got hacked in the recent past.
  As far as I can tell, I am doing everything "right" about creating, using and protecting my account.
  But do you know what a pain in the rear end this is, to change a single appleid password? Each of my devices - 2 macs, iPad, iPhone - I have to change the iCloud login under settings. I have to change the logins in third party apps - my email program for example. This is a freaking nightmare.
  And what really ****** me off is you hear nothing from Apple on this. They don't mention squat about what got hacked, and who's vulnerable. But someone got a hold of my account some how and is trying to complete the job and break into it.
  Is there something else I should do?

  Is there something else I should do?
  You are doing everything right and you haven't been hacked. The only action you have not yet taken is to change your Apple ID.
  It is very likely that someone is convinced your Apple ID is really theirs, and they're repeatedly attempting to reset their password. They click on the link to send an email to have it reset. You get the email with the link to reset it. If you did not request your password to be reset, the obvious thing to do is to ignore it.
  Far from concluding this is a security flaw, it validates Apple's account security. By not responding to the email, you effectively prevented whoever is initiating the password reset request from getting any further.
  It's a good idea to change your Apple ID password once in a while, but you do not have to change your password every time you get an email like that. Ignore it, but you will continue to get the email every time some hapless individual thinks your email address is their Apple ID. This can occur to anyone, as long as Apple uses email addresses for Apple IDs.
  Safeguard your Apple ID just like you would any other personal information. It's probably not a good idea to use the usual email address you publicly use.

• Someone is breaking into my email account.

  Can anything be done to catch a person who breaks into an email account?
  == This happened ==
  Not sure how often

  Firefox is not an email program, so your problem depends on what site you are using for email. What site are you using?

• Can host hacker break into guest that uses full disk encryption?

  I know it is unlikely but let us say host has got owned, ie a hacker has managed to break into the host.
  How would they go about breaking into a linux VM that uses full disk encryption?
  They can't mess with the .vmdk without damaging it - it is encrypted by the guest.
  They can't use vmrun because they do not know the guest passwords.
  They can't attach to processes in the guest with debugging tools because they cannot see individual guest processes.
  What can they do?  And crucially, what can I do as a countermeasure?

  What really matters is WHERE you do the encryption. If the encryption is too low, data in the guest appears unencrypted. If it is in the guest, then the keys live in the guest and since SGX is not around at the moment, keys are somewhere in guest memory even for a little bit of time.
  So the real question is what are you trying to achieve?
  If you are trying to meet encryption at rest requirements then it makes no difference where you encrypt as the data on the disk will be encrypted and without the key no one can decrypt it. Now if you have keys generated within a VM without using DRNGD or some other high quatlity randomness source, then your keys could be predictable and you need to guard against making it easy for a brute force attack.
  If you need to encrypt data in motion?
  Then you need to consider how the VM is protected itself, how an application interacts with data to determine during 'motion' if someone should not be accessing the data even though they are already supposedly allowed to do so. Keys are in memory, so therefore you need to guard memory access for those keys to only the application in question. This is the hard part, and requires you to think seriously about logging, key management, etc.
  So really what are you trying to achieve?
  Best regards,
  Edward L. Haletky
  VMware Communities User Moderator, VMware vExpert 2009-2015
  Author of the books 'VMWare ESX and ESXi in the Enterprise: Planning Deployment Virtualization Servers', Copyright 2011 Pearson Education. 'VMware vSphere and Virtual Infrastructure Security: Securing the Virtual Environment', Copyright 2009 Pearson Education.
  Virtualization and Cloud Security Analyst: The Virtualization Practice, LLC -- vSphere Upgrade Saga -- Virtualization Security Round Table Podcast

• How can I import a movie into iMovie 09 from a hard drive?  The movie will open and play in idvd but breaks into separate files that can't be downloaded when I try to import.  Can it be done?

  How can I import a movie into iMovie 09 from a hard drive?  The movie will open and play in idvd but breaks into separate files that can't be downloaded when I try to import.  Can it be done? I am trying to create a disc of player highlights for a collegiate coach, and I am using movie files downloaded to my hard drive from a DVD created on a PC. 

  No unfortunately it won't open in quicktime either.  It does the same thing that Imovie does, separates it into two file folders audio and video, and if i select video it opens to reveal 8 files that cannot be selected.  VIDEO_TS.BUP, VIDEO_TS.IFO, VIDEO_TS.VOB,VTS_01_0.BUP, VTS_01_0.IFO, VTS_01_1.VOB, VTS_01_2.VB, VTS_01_3.VOB.  All of which cannot be opened or selected.
  Opening it in Idvd and folllowing your suggestion works and I get a format code of NTSC.  Is that the same?  Thank you for your time and response.
  CaCanuck

• I can't see my country name when I tried to log into iTunes Store for first time

  Hi,
  Couple of days ago, I successfully registered in iOS Developer Program. All of the process is completed. Today I tried to log into iTunes Strore from my mac. But it asked me "This Apple ID has not been used with the iTuens Store" Please review your account information.
  I clicked on review.
  I am not in United Kingdom, so I need to select my country for a valid billing information. But my country name isn't listed there. :-(
  I am from Bangladesh, and I believe that we do not have payment processing problem. So I don't know why Bangladesh isn't included there! Can someone give me any suggession? Should I contact with Apple Support Team?
  I have already Purchased iOS Developer Program Using my Credit Card. If my credit card is acceptable, then why can't I get registered in iTunes Store? I want to connect with it and all of you know that iTunes Store is the worlds best store for applications/games/.................... and more......
  Please help someone
  thanks.

  Ohemod,
  There are 120+ countries that have iTunes Stores, but that leaves many that do not.  You can consult this document:  iTunes Store: Which types of items can I buy in my country?
  Opening in a new country requires a tremendous amount of legal, commercial and financial investment, but I am sure Apple would be interested in knowing where there is unmet demand.  If you wish to make suggestions to Apple, you can use the iTunes Feedback page.

• HT204053 What do you do when you get the message when trying to sign into iCloud.. The maximum number of free accounts have been activated on this ipad.. ? Not allowing me to sign in.

  Can someone please tell me. When trying to sign into icloud. i get the message.. Cannot sign in . The maximum number of free accounts have been activated on this ipad. What do I do ? Hope someone can help.

  Use one of the previous accounts that you activated in this iPad or use another iOS device to activate the new one.

• Getting an error message trying to sign into Blackberry App World

  Good day
  Can anybody help us, we are trying to log into the Blackberry App World, and every time it just says "An error as occurred. Please try again later".  No error code is given.
  Please help!!!!!
  Chantell/Bernie

  Hello Bernie 1965,
  Welcome to the BlackBerry Community.
  First can you tell me do you have any Specific Blackberry Data services from your Carrier Vodacom.Do let us know.
  GOOD LUCK. 
  Click " Like " if you want to Thank someone.
  If Problem Resolves mark the post(s) as " Solution ", so that other can make use of it.

• Run Time Error when trying to get into the organizer

  Does anyone know when I keep getting a run time error when I'm trying to go into the organizer and how I get it to go away?

  The answer is that maybe someone does know ... but unless you give us the basic details of what you are doing, we probably can't help.
  So ...
  What version of PSE?
  What operating system?
  What is the EXACT word-for-word verbatim error you are seeing?
  Does any part of PSE (like the "splash" screen) pop up before this error? If so, describe it or give us a screen capture.
  Please provide all requested information.