Protect your mail server from ylmf-pc bruteforce

If you have been getting regular brute force attacks which has cmd: EHLO ylmf-pc from different IPs. These bruteforce can be blocked and it’s easy to do it with Exim mail server on cPanel.

1) Create a file with a list of the HELOs that you want to block. For example, create and edit /etc/heloblocks

2) Go to WHM > Exim Configuration Manager > Advanced Editor.

3) Scroll down until you find “acl_smtp_helo”

4) Below that, you will find a box titled “custom_begin_smtp_helo”. In that box, paste the following code:

 condition = ${lookup{$sender_helo_name}lsearch{/etc/heloblocks}{yes}{no}}
 log_message = HELO/EHLO - HELO on heloblocks Blocklist
 message = HELO is on our blocklist

Check your exim_mainlog, you will see similar result using when you to telnet and helo ylmf-pc.


Windows Cloud Servers and Dedicated Servers are protected from RDP Bruteforce

Windows Cloud Servers and Dedicated Servers are protected from RDP Bruteforce

kaspersky endpoint comes default with every cloud servers and dedicated servers. You might not have been aware that Kaspersky Endpoint Security comes default for our Microsoft Windows Cloud Servers and Dedicated servers  which included Intrusion Detection System, and now it has an ability to detect RDP (Remote Desktop Protocol) bruteforce attack attempts.
Hacking an RDP-connection is very lucrative: once an attacker gets login-password pair for RDP, he or she effectively owns the system where the RDP server is installed. Attackers can then plant malicious software in the affected system, exfiltrate data, etc. He (or she) also can gain access to your company internal network, given that the “penetrated” workstation is connected to it, or attempt to check out all of the passwords in the browser installed on the affected system. Opportunities are multiple, and the consequences can be dire.