Recently, my wordpress website has been experiencing a spike in hack attempts by various IPs but they all have the same user Hostname:
A user with IP address xxx.xxx.xx.x has been locked out from the signing in or using the password recovery form for the following reason: Used an invalid username to try to sign in.
User IP: 91.121.156.62
User hostname: ks359219.badhost.com
A user with IP address xxx.xxx.xx.x has been locked out from the signing in or using the password recovery form for the following reason: Used an invalid username to try to sign in.
User IP: 5.135.182.147
User hostname: ks3289006.badhost.com
A user with IP address xxx.xxx.xx.x has been locked out from the signing in or using the password recovery form for the following reason: Used an invalid username to try to sign in.
User IP: 5.135.185.89
User hostname: ks3290602.badhost.com
A user with IP address xxx.xxx.xx.x has been locked out from the signing in or using the password recovery form for the following reason: Used an invalid username to try to sign in.
User IP: 5.39.86.162
User hostname: ks3273571.badhost.com
The security plugin I am using seems to be fending them off, but I would like to be able to block all requests from ANY IP that is associated with the user hostname using a wildcard like xxx.badhost.com
The plugin lets me block a range of IPs such as 123.12.1.* but not hostnames. What would be the best way to block these hacking attempts? .htaccess? Thanks
Refer to this Apache doc page for examples of what you might want to do. It covers most cases of redirecting, blocking, etc. from direct domains and referring sites.
http://httpd.apache.org/docs/2.2/rewrite/access.html#blocked-inline-images
For WordPress you can use VSF Simple block http://wordpress.org/plugins/vsf-simple-block/
In Block Rules settings enter the part of the hostname string you want to block e.g. badhost.com
Bear in mind this is an active plugin, so does use some server resources and database queries for each lookup request, but we haven't found it too heavy.
PS - from the ks. part of the example I have a good idea of the hosts you wantto ban - I agree with you, these hosts are bad news - Ban them.... :)
If you do whois ks3273571.badhost.com, it'll tell you the NetRange and CIDR for that ISP's netblock.
For example, whois 69.59.197.21 (StackOverflow) reports:
NetRange: 69.59.192.0 - 69.59.223.255
CIDR: 69.59.192.0/19
Related
This question already has answers here:
Sending email in .NET through Gmail
(26 answers)
Closed 2 years ago.
I'm working on building a contact form for my new Web site and want to send mail through Google's SMTP relay server (smtp-relay.gmail.com) because I want to set up a "dummy", "no-reply" address from which to send the mail. Also, I tried sending it through the regular SMTP server (smtp.gmail.com) using my own actual Gmail credentials for that account and it got blocked as an insecure app. I'd rather not turn on the "Less secure app access" option (it's not really an option for me anyway because I use 2FA on this account), so this seems like the best way to get there - if I can get it working.
The domain's mail is hosted in G Suite and I've configured the SMTP relay service in the Google Admin Console for my domain as per the instructions in the support article, SMTP relay: Route outgoing non-Gmail messages through Google. I have the relay configured using both the public static IP address of my Web site, as well as the static IP address of the firewall behind which the Web server lies. I configured the relay to accept mail from my domain(s) to allow for the "dummy" address that doesn't actually have a mailbox, and set it to require SMTP Authentication and TLS encryption:
I've set up DNS records for MX, SPF, and DKIM with my domain registrar.
I've waited over 24-hours for the changes to take effect (as per the notification when making the changes in the Google Admin Console)
I've even set up an app password for my Web site to use for my domain e-mail address:
I'm using an ASP.NET (VB) Web site on IIS. My code for sending looks like this:
Dim NewContact As New System.Net.Mail.MailMessage()
With NewContactMessage
.From = New System.Net.Mail.MailAddress("no-reply#mydomain.com")
.To.Add("myaddress#mydomain.com")
.Subject= "TEST MESSAGE"
.IsBodyHtml= True
.BodyEncoding = System.Text.Encoding.UTF8
.Body = "This is a test."
.Priority = System.Net.Mail.MailPriority.Normal
End With
Dim Server As New System.Net.Mail.SmtpClient()
With Server
.Port= 587
.Host= "smtp-relay.gmail.com"
.EnableSsl= True
.Send(NewContactMessage)
End With
However, when I try to submit my contact form, I get an error, Mailbox unavailable. The server response was: 5.7.1 Invalid credentials for relay [X.X.X.X]. The IP address you've:
It looks like there should definitely be more to that actual error message, but it's apparently being truncated somewhere along the way.
I've tried feeding the credentials in the SmtpClient block:
With Server
.Credentials = New System.Net.NetworkCredential("myaddress#mydomain.com", "my_app_password")
.Port= 587
.Host= "smtp-relay.gmail.com"
.EnableSsl= True
.Send(NewContactMessage)
End With
In this case, I get a different error: The SMTP server requires a secure connection or the client was not authenticated. The server response was: 5.7.0 Authentication Required. Learn more at. (If I use the credentials with the "default" Gmail SMTP server (smtp.gmail.com), I get the same error.)
According to the Audit Logs, it appears that all of my configuration setting changes have completed. Everything appears to be correct for this to work, but what am I missing?
Just before posting this question, I found this Q&A - Send mail via google app with smtp relay - with the simple fix to my issue: Turn off the Require SMTP Authentication option in the SMTP relay service configuration settings.
Once I disabled that setting and tried again, everything is flowing normally. I suppose I should have figured that out on my own, but according to Google's support article for setting up the SMTP relay (emphasis mine in the first sentence):
In the Authentication section, check one or both boxes to set an authentication method:
Only accept mail from the specified IP addresses — The system only accepts mail sent from these IP addresses as coming from your domains.
Require SMTP Authentication — Enforces the use of SMTP authentication to identify the sending domain. Using this option requires your clients to connect via TLS.
The wording here seems a bit misleading and appears to indicate that you can have both of these options enabled without one "interfering" with the other. As I said, I probably should have figured this out on my own - especially since I'm trying to send from a "dummy" e-mail account - but I guess it just didn't occur to me.
I considered deleting this question, but I had done a fair amount of searching before writing this question up and somehow never ran across that particular post. I'm not sure how I could have missed it, but I'm leaving my question here in hopes that someone else has an easier time of finding this solution in the future.
In our production a user sent an email to the following address "xxx" (Literally the email is address xxx). This address is within our companies organization (xxx#company.com.ph), I am being asked how it was sent without "#company.com.ph".
I told them it was probably the configuration of our SMTP server as I am sure the application I made is not appending "#company.com.ph" to mails without (hostName/domainName).
Our SMTP server is Qmail in a Unix box. Can anyone tell me what configurations we could check to explain how this happened?
Unfortunately, I do not have a Qmail or Unixbox so I cant test it myself and I don't have access to our production servers so I could really use some help.
PS. Can anyone also give me the correct term for "#company.com.ph" is it the hostName/domainName?
Checks Done
1) According to the administrator - "defaultdomain" is set to "mail.company"
Yes by default qmail will add defaultdomain to any recipient address missing the domain part.
#company.com.ph is the domain name part of the email address.
defaultdomain file by default is in /var/qmail/control directory as from documentation: http://www.lifewithqmail.org/lwq.html#config-files
I am getting 555 syntax error in mailfrom
SendData(tcpSocket, string.Format("MAIL From: {0}\r\n", MailFrom));
if (!CheckResponse(tcpSocket, 220))
{
tcpSocket.Close();
return false;
}
is it the problem in my local system because of localhost?
Please help me. I am using this code from below link.
http://www.codeproject.com/Articles/5189/End-to-end-Email-Address-Verification-for-Applicat
Please don't try to implement your own SMTP client, use the one that comes with .NET: System.Net.Mail.SmtpClient.
Many SMTP servers require TLS, for example, which your code does not account for.
Furthermore, for security reasons most mailservers will not reveal if an email address in an RCPT TO line is valid or not. If a system can positively reveal an address exists then it can be used by spam harvesters. Consequently using a dry-run of an SMTP client should only be used to validate an email address (because of the complicated rules regarding valid email addresses). The verification (a separate concept from validation) must be performed manually by requiring the user to respond to an email sent to that address, there is no other way to be sure.
I'm using
Configure SMTP plugin for wordpress, when I used it in a local server (localhost) it works properly and send me the test email which confirms that it is working. But when I used it in a hosting site (I used Hostgator) it gives me an STMP error.
What is the possible cause of this error? and what is the possible solution?
Thank you.
Based on the second error, and the words "verification failed", and "sender verify" failed, my guess would be that you have not set up SMTP authentication correctly. You are relaying your mail through Hostgator, so they may have specific hostnames / ports that you need to authenticate correctly with to get your mail to flow. I'd suggest syncing with Hostgator on this.
I am trying to get a better understanding of what is going on with Windows Auth in our ASP.NET MVC 4 application.
It's just using standard Windows auth, and when I access the application via the machine name, from a workstation on the domain:
http://product/
Then authentication occurs automatically, and I am allowed through.
However, if I access the SAME machine, using a host-name that has been mapped in our DNS (to the exact same internal IP):
http://product.company.com
then I am presented with the basic authentication box for my Windows credentials. I can type them in and proceed, but I want to know - why am I being prompted to enter my credentials in the former, but not the latter, and how would I correct this?
[EDIT]
Here are some results of NSLOOKUP
C:\Users\me>nslookup
Default Server: dnsserver.company.com
Address: 192.168.4.250
> product.company.com
Server: dnsserver.company.com
Address: 192.168.4.250
Name: producttest.company.com
Address: 192.168.5.106
Aliases: product.company.com
> product
Server: dnsserver.company.com
Address: 192.168.4.250
Name: producttest.company.com
Address: 192.168.5.106
Aliases: product.company.com
Just add your site to the local intranet zone in browser options.