BBM
Verified User
Just implemented some of the above custom regex-lines and all seems to work perfectly. Thanks!
2017-01-31 11:44:56 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=test@###########.net)
2017-01-31 11:44:56 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=test@###########.net)
2017-01-31 11:44:56 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=test@###########.net)
2017-01-31 11:44:56 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=test@###########.net)
2017-01-31 11:44:56 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=test@###########.net)
2017-01-31 11:44:56 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=test@###########.net)
2017-01-31 11:44:56 SMTP call from (just-TESTING) [80.82.64.136] dropped: too many nonmail commands (last was "RSET")
2017-01-31 11:44:56 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=test@###########.net)
2017-01-31 11:44:56 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=test@###########.net)
2017-01-31 11:44:56 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=test@###########.net)
2017-01-31 11:44:56 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=test@###########.net)
2017-01-31 11:44:56 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=test@###########.net)
2017-01-31 11:44:56 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=test@###########.net)
2017-01-31 11:44:56 SMTP call from (just-TESTING) [80.82.64.136] dropped: too many nonmail commands (last was "RSET")
2017-01-31 11:44:56 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=test@###########.net)
2017-01-31 11:44:56 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=test@###########.net)
2017-01-31 11:44:56 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=test@###########.net)
2017-01-31 11:44:56 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=test@###########.net)
2017-01-31 11:44:56 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=test@###########.net)
2017-01-31 11:44:56 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=test@###########.net)
2017-01-31 11:44:56 SMTP call from (just-TESTING) [80.82.64.136] dropped: too many nonmail commands (last was "RSET")
2017-01-31 11:44:56 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=test@###########.net)
2017-01-31 11:44:56 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=test@###########.net)
2017-01-31 11:44:56 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=test@###########.net)
2017-01-31 11:44:56 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=test@###########.net)
2017-01-31 11:44:56 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=sales@###########.net)
2017-01-31 11:44:56 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=sales@###########.net)
2017-01-31 11:44:56 SMTP call from (just-TESTING) [80.82.64.136] dropped: too many nonmail commands (last was "RSET")
2017-01-31 11:44:56 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=sales@###########.net)
2017-01-31 11:44:56 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=sales@###########.net)
2017-01-31 11:44:56 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=sales@###########.net)
2017-01-31 11:44:56 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=sales@###########.net)
2017-01-31 11:44:56 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=sales@###########.net)
2017-01-31 11:44:56 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=sales@###########.net)
2017-01-31 11:44:56 SMTP call from (just-TESTING) [80.82.64.136] dropped: too many nonmail commands (last was "RSET")
2017-01-31 11:44:56 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=sales@###########.net)
2017-01-31 11:44:56 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=sales@###########.net)
2017-01-31 11:44:56 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=sales@###########.net)
2017-01-31 11:44:56 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=sales@###########.net)
2017-01-31 11:44:56 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=sales@###########.net)
2017-01-31 11:44:56 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=sales@###########.net)
2017-01-31 11:44:56 SMTP call from (just-TESTING) [80.82.64.136] dropped: too many nonmail commands (last was "RSET")
2017-01-31 11:44:56 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=sales@###########.net)
2017-01-31 11:44:56 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=sales@###########.net)
2017-01-31 11:44:56 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=sales@###########.net)
2017-01-31 11:44:56 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=sales@###########.net)
2017-01-31 11:44:56 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=sales@###########.net)
2017-01-31 11:44:56 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=sales@###########.net)
2017-01-31 11:44:56 SMTP call from (just-TESTING) [80.82.64.136] dropped: too many nonmail commands (last was "RSET")
2017-01-31 11:44:56 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=sales@###########.net)
2017-01-31 11:44:56 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=sales@###########.net)
2017-01-31 11:44:56 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=info@###########.net)
2017-01-31 11:44:56 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=info@###########.net)
2017-01-31 11:44:56 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=info@###########.net)
2017-01-31 11:44:56 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=info@###########.net)
2017-01-31 11:44:56 SMTP call from (just-TESTING) [80.82.64.136] dropped: too many nonmail commands (last was "RSET")
2017-01-31 11:44:56 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=info@###########.net)
2017-01-31 11:44:56 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=info@###########.net)
2017-01-31 11:44:57 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=info@###########.net)
2017-01-31 11:44:57 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=info@###########.net)
2017-01-31 11:44:57 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=info@###########.net)
2017-01-31 11:44:57 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=info@###########.net)
2017-01-31 11:44:57 SMTP call from (just-TESTING) [80.82.64.136] dropped: too many nonmail commands (last was "RSET")
2017-01-31 11:44:57 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=info@###########.net)
2017-01-31 11:44:57 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=info@###########.net)
2017-01-31 11:44:57 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=info@###########.net)
2017-01-31 11:44:57 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=info@###########.net)
2017-01-31 11:44:57 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=info@###########.net)
2017-01-31 11:44:57 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=info@###########.net)
2017-01-31 11:44:57 SMTP call from (just-TESTING) [80.82.64.136] dropped: too many nonmail commands (last was "RSET")
2017-01-31 11:44:57 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=info@###########.net)
2017-01-31 11:44:57 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=info@###########.net)
2017-01-31 11:44:57 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=info@###########.net)
2017-01-31 11:44:57 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=info@###########.net)
2017-01-31 11:44:57 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=info@###########.net)
2017-01-31 11:44:57 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=info@###########.net)
2017-01-31 11:44:57 SMTP call from (just-TESTING) [80.82.64.136] dropped: too many nonmail commands (last was "RSET")
2017-01-31 11:44:57 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=office@###########.net)
2017-01-31 11:44:57 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=office@###########.net)
2017-01-31 11:44:57 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=office@###########.net)
2017-01-31 11:44:57 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=office@###########.net)
2017-01-31 11:44:57 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=office@###########.net)
2017-01-31 11:44:57 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=office@###########.net)
2017-01-31 11:44:57 SMTP call from (just-TESTING) [80.82.64.136] dropped: too many nonmail commands (last was "RSET")
2017-01-31 11:44:57 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=office@###########.net)
2017-01-31 11:44:57 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=office@###########.net)
2017-01-31 11:44:57 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=office@###########.net)
2017-01-31 11:44:57 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=office@###########.net)
2017-01-31 11:44:57 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=office@###########.net)
2017-01-31 11:44:57 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=office@###########.net)
2017-01-31 11:44:57 SMTP call from (just-TESTING) [80.82.64.136] dropped: too many nonmail commands (last was "RSET")
2017-01-31 11:44:57 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=office@###########.net)
2017-01-31 11:44:57 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=office@###########.net)
2017-01-31 11:44:57 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=office@###########.net)
2017-01-31 11:44:57 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=office@###########.net)
2017-01-31 11:44:57 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=office@###########.net)
2017-01-31 11:44:57 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=office@###########.net)
2017-01-31 11:44:57 SMTP call from (just-TESTING) [80.82.64.136] dropped: too many nonmail commands (last was "RSET")
2017-01-31 11:44:57 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=office@###########.net)
2017-01-31 11:44:57 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=office@###########.net)
2017-01-31 11:44:57 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=office@###########.net)
2017-01-31 11:44:57 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=office@###########.net)
2017-01-31 11:44:57 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=guest@###########.net)
2017-01-31 11:44:57 login authenticator failed for (just-TESTING) [80.82.64.136]: 535 Incorrect authentication data (set_id=guest@###########.net)
2017-01-31 11:44:57 SMTP call from (just-TESTING) [80.82.64.136] dropped: too many nonmail commands (last was "RSET")
2017-01-31 11:53:53 H=(mata.com) [185.29.9.133] F=<[email protected]> rejected RCPT <otha@######.com>:
2017-01-31 11:54:30 H=(mata.com) [185.29.8.198] F=<[email protected]> rejected RCPT <abram@######.com>:
2017-01-31 11:56:10 H=(mata.com) [185.29.9.135] F=<[email protected]> rejected RCPT <giuseppe@######.com>:
2017-01-31 12:22:58 H=(mata.com) [185.29.9.133] F=<[email protected]> rejected RCPT <otha@####.com>:
2017-01-31 12:23:21 H=(mata.com) [185.29.8.198] F=<[email protected]> rejected RCPT <abram@####.com>:
2017-01-31 12:24:11 H=(mata.com) [185.29.8.196] F=<[email protected]> rejected RCPT <enoch@####.com>:
2017-01-31 12:24:55 H=(mata.com) [185.29.9.135] F=<[email protected]> rejected RCPT <giuseppe@####.com>:
2017-01-31 12:30:58 H=(mata.com) [46.183.217.162] F=<[email protected]> rejected RCPT <raymon@####.com>:
2017-01-31 12:30:58 H=(mata.com) [46.183.217.165] F=<[email protected]> rejected RCPT <ezequiel@####.com>:
2017-01-31 12:33:07 H=(mata.com) [46.183.220.137] F=<[email protected]> rejected RCPT <shayne@####.com>:
2017-01-31 12:34:03 H=(mata.com) [46.183.217.169] F=<[email protected]> rejected RCPT <buster@####.com>:
2017-01-31 12:38:49 H=(mata.com) [46.183.223.239] F=<[email protected]> rejected RCPT <florentino@####.com>:
2017-01-31 12:40:44 H=(mata.com) [46.183.220.139] F=<[email protected]> rejected RCPT <omer@####.com>:
2017-01-31 12:41:46 H=(mata.com) [46.183.217.174] F=<[email protected]> rejected RCPT <barrett@####.com>:
2017-01-31 12:45:09 H=(mata.com) [46.183.220.138] F=<[email protected]> rejected RCPT <columbus@####.com>:
2017-01-31 13:02:53 H=rrcs-97-77-96-99.sw.biz.rr.com (ylmf-pc) [97.77.96.99] rejected EHLO or HELO ylmf-pc: Bad HELO - Blocked due to abuse
2017-01-31 13:02:54 H=rrcs-97-77-96-99.sw.biz.rr.com (ylmf-pc) [97.77.96.99] rejected EHLO or HELO ylmf-pc: Bad HELO - Blocked due to abuse
2017-01-31 13:02:55 H=rrcs-97-77-96-99.sw.biz.rr.com (ylmf-pc) [97.77.96.99] rejected EHLO or HELO ylmf-pc: Bad HELO - Blocked due to abuse
2017-01-31 13:02:55 H=rrcs-97-77-96-99.sw.biz.rr.com (ylmf-pc) [97.77.96.99] rejected EHLO or HELO ylmf-pc: Bad HELO - Blocked due to abuse
2017-01-31 13:02:56 H=rrcs-97-77-96-99.sw.biz.rr.com (ylmf-pc) [97.77.96.99] rejected EHLO or HELO ylmf-pc: Bad HELO - Blocked due to abuse
2017-01-31 13:02:57 H=rrcs-97-77-96-99.sw.biz.rr.com (ylmf-pc) [97.77.96.99] rejected EHLO or HELO ylmf-pc: Bad HELO - Blocked due to abuse
2017-01-31 13:02:57 H=rrcs-97-77-96-99.sw.biz.rr.com (ylmf-pc) [97.77.96.99] rejected EHLO or HELO ylmf-pc: Bad HELO - Blocked due to abuse
2017-01-31 13:02:58 H=rrcs-97-77-96-99.sw.biz.rr.com (ylmf-pc) [97.77.96.99] rejected EHLO or HELO ylmf-pc: Bad HELO - Blocked due to abuse
2017-01-31 13:02:59 H=rrcs-97-77-96-99.sw.biz.rr.com (ylmf-pc) [97.77.96.99] rejected EHLO or HELO ylmf-pc: Bad HELO - Blocked due to abuse
2017-01-31 15:21:52 H=(ylmf-pc) [217.160.142.22] rejected EHLO or HELO ylmf-pc: Bad HELO - Blocked due to abuse
2017-01-31 15:21:52 H=(ylmf-pc) [217.160.142.22] rejected EHLO or HELO ylmf-pc: Bad HELO - Blocked due to abuse
2017-01-31 15:21:52 H=(ylmf-pc) [217.160.142.22] rejected EHLO or HELO ylmf-pc: Bad HELO - Blocked due to abuse
2017-01-31 15:21:52 H=(ylmf-pc) [217.160.142.22] rejected EHLO or HELO ylmf-pc: Bad HELO - Blocked due to abuse
2017-01-31 15:21:52 H=(ylmf-pc) [217.160.142.22] rejected EHLO or HELO ylmf-pc: Bad HELO - Blocked due to abuse
2017-01-31 15:21:52 H=(ylmf-pc) [217.160.142.22] rejected EHLO or HELO ylmf-pc: Bad HELO - Blocked due to abuse
2017-01-31 15:21:52 H=(ylmf-pc) [217.160.142.22] rejected EHLO or HELO ylmf-pc: Bad HELO - Blocked due to abuse
2017-01-31 15:21:52 H=(ylmf-pc) [217.160.142.22] rejected EHLO or HELO ylmf-pc: Bad HELO - Blocked due to abuse
2017-01-31 15:21:52 H=(ylmf-pc) [217.160.142.22] rejected EHLO or HELO ylmf-pc: Bad HELO - Blocked due to abuse
2017-01-31 15:21:52 H=(ylmf-pc) [217.160.142.22] rejected EHLO or HELO ylmf-pc: Bad HELO - Blocked due to abuse
2017-01-31 15:21:52 H=(ylmf-pc) [217.160.142.22] rejected EHLO or HELO ylmf-pc: Bad HELO - Blocked due to abuse
2017-01-31 15:21:52 H=(ylmf-pc) [217.160.142.22] rejected EHLO or HELO ylmf-pc: Bad HELO - Blocked due to abuse
2017-01-31 15:21:52 H=(ylmf-pc) [217.160.142.22] rejected EHLO or HELO ylmf-pc: Bad HELO - Blocked due to abuse
2017-01-31 15:21:52 H=(ylmf-pc) [217.160.142.22] rejected EHLO or HELO ylmf-pc: Bad HELO - Blocked due to abuse
2017-01-31 15:21:54 H=(ylmf-pc) [217.160.142.22] rejected EHLO or HELO ylmf-pc: Bad HELO - Blocked due to abuse
2017-01-31 15:21:54 H=(ylmf-pc) [217.160.142.22] rejected EHLO or HELO ylmf-pc: Bad HELO - Blocked due to abuse
2017-01-31 15:21:54 H=(ylmf-pc) [217.160.142.22] rejected EHLO or HELO ylmf-pc: Bad HELO - Blocked due to abuse
2017-01-31 15:21:54 H=(ylmf-pc) [217.160.142.22] rejected EHLO or HELO ylmf-pc: Bad HELO - Blocked due to abuse
2017-01-31 15:21:54 H=(ylmf-pc) [217.160.142.22] rejected EHLO or HELO ylmf-pc: Bad HELO - Blocked due to abuse
2017-01-31 15:21:54 H=(ylmf-pc) [217.160.142.22] rejected EHLO or HELO ylmf-pc: Bad HELO - Blocked due to abuse
2017-01-31 15:21:54 H=(ylmf-pc) [217.160.142.22] rejected EHLO or HELO ylmf-pc: Bad HELO - Blocked due to abuse
2017-01-31 15:21:54 H=(ylmf-pc) [217.160.142.22] rejected EHLO or HELO ylmf-pc: Bad HELO - Blocked due to abuse
2017-01-31 15:21:54 H=(ylmf-pc) [217.160.142.22] rejected EHLO or HELO ylmf-pc: Bad HELO - Blocked due to abuse
2017-01-31 15:21:54 H=(ylmf-pc) [217.160.142.22] rejected EHLO or HELO ylmf-pc: Bad HELO - Blocked due to abuse
2017-01-31 15:21:54 H=(ylmf-pc) [217.160.142.22] rejected EHLO or HELO ylmf-pc: Bad HELO - Blocked due to abuse
2017-01-31 15:21:54 H=(ylmf-pc) [217.160.142.22] rejected EHLO or HELO ylmf-pc: Bad HELO - Blocked due to abuse
2017-01-31 15:21:54 H=(ylmf-pc) [217.160.142.22] rejected EHLO or HELO ylmf-pc: Bad HELO - Blocked due to abuse
2017-01-31 15:21:54 H=(ylmf-pc) [217.160.142.22] rejected EHLO or HELO ylmf-pc: Bad HELO - Blocked due to abuse
2017-01-31 15:21:54 H=(ylmf-pc) [217.160.142.22] rejected EHLO or HELO ylmf-pc: Bad HELO - Blocked due to abuse
2017-01-31 15:21:54 H=(ylmf-pc) [217.160.142.22] rejected EHLO or HELO ylmf-pc: Bad HELO - Blocked due to abuse
2017-01-31 15:21:54 H=(ylmf-pc) [217.160.142.22] rejected EHLO or HELO ylmf-pc: Bad HELO - Blocked due to abuse
2017-01-31 15:21:54 H=(ylmf-pc) [217.160.142.22] rejected EHLO or HELO ylmf-pc: Bad HELO - Blocked due to abuse
2017-01-31 15:21:54 H=(ylmf-pc) [217.160.142.22] rejected EHLO or HELO ylmf-pc: Bad HELO - Blocked due to abuse
2017-01-31 15:21:54 H=(ylmf-pc) [217.160.142.22] rejected EHLO or HELO ylmf-pc: Bad HELO - Blocked due to abuse
2017-01-31 15:21:55 H=(ylmf-pc) [217.160.142.22] rejected EHLO or HELO ylmf-pc: Bad HELO - Blocked due to abuse
2017-01-31 15:21:55 H=(ylmf-pc) [217.160.142.22] rejected EHLO or HELO ylmf-pc: Bad HELO - Blocked due to abuse
2017-01-31 15:21:55 H=(ylmf-pc) [217.160.142.22] rejected EHLO or HELO ylmf-pc: Bad HELO - Blocked due to abuse
2017-01-31 15:21:55 H=(ylmf-pc) [217.160.142.22] rejected EHLO or HELO ylmf-pc: Bad HELO - Blocked due to abuse
2017-01-31 15:21:55 H=(ylmf-pc) [217.160.142.22] rejected EHLO or HELO ylmf-pc: Bad HELO - Blocked due to abuse
But I'm not sure if the custom regexp uses the same or is using something else to time or check logfiles.# This is the interval during which a distributed FTP or SMTP attack is
# measured
LF_DIST_INTERVAL =
I think this might be a time-span issue, as the hack IPs probably spread out their logins over time, thereby flying under the Brute Force-radar?
Hey BBMI've got BFM already blocking IP's but I'm not sure how effective this (still) is.
I seem to recall at the time I installed this (some years ago), it didn't work smoothly and I focussed more on CSF on doing the job.
The scripts are undoubtedly outdated by now.
Ok let us know. You can use his guide to look at it all manually as well.I used the auto-installer from Alex's site and re-installed the files over my old ones. That alone seemed to help a lot.
Will keep an eye on it for awhile.
A brute force attack has been detected in one of your service logs.
IP 94.177.252.4 has 188 failed login attempts: exim2=188
Just noticed a lot IP's are blocked twice in the block list at DA's Brute force page;
Did you have a look at the DA block settings? It could be blocks are temp 2 hour or 4 hour blocks, which could indeed cause them to be blocked multiple times.Just noticed a lot IP's are blocked twice in the block list at DA's Brute force page;
Maybe @Zeiter can help.
Alex help us out here buddy.
IP 37.49.227.49 has 204 failed login attempts: exim2=204
IP 78.157.210.66 has 12 failed login attempts: wordpress1=12
User hostmaster has 51 failed login attempts: exim2=51
# Example:
# if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /^\S+\s+\d+\s+\S+ \S+ pure-ftpd: \(\?\@(\d+\.\d+\.\d+\.\d+)\) \[WARNING\] Authentication failed for user/)) {
# return ("Failed myftpmatch login from",$1,"myftpmatch","5","20,21","1");
# }
#
# The return values from this example are as follows:
#
# "Failed myftpmatch login from" = text for custom failure message
# $1 = the offending IP address
# "myftpmatch" = a unique identifier for this custom rule, must be alphanumeric and have no spaces
# "5" = the trigger level for blocking
# "20,21" = the ports to block the IP from in a comma separated list, only used if LF_SELECT enabled. To specify the protocol use 53;udp,53;tcp
# "1" = n/temporary (n = number of seconds to temporarily block) or 1/permanant IP block, only used if LF_TRIGGER is disabled
[root@server]# grep '91.243.45.40' /root/blocked_ips.txt
91.243.45.40=dateblocked=1611598622
2021-01-28 11:52:13 login authenticator failed for ([91.243.45.40]) [91.243.45.40]: 535 Incorrect authentication data (set_id=[email protected])
2021-01-28 11:52:16 login authenticator failed for ([91.243.45.40]) [91.243.45.40]: 535 Incorrect authentication data (set_id=pvdleij)
2021-01-28 11:52:16 login authenticator failed for ([91.243.45.40]) [91.243.45.40]: 535 Incorrect authentication data (set_id=[email protected])
2021-01-28 11:52:20 login authenticator failed for ([91.243.45.40]) [91.243.45.40]: 535 Incorrect authentication data (set_id=pvdleij)
if (($globlogs{HTACCESS_LOG}{$lgfile})