Remember those days of Nigerian princes and overseas lotteries? The ones who just needed a little bit of financial assistance, who would reward you in turn for your efforts with profit a hundred fold? Or the cheap Viagra? Or the young Asian girls who want to meet just you?
I’d like to sigh nostalgically and say “Those were the days” except, apparently these are still those days. Something on the Internet has survived multiple decades. Go figure.
I run my own email server, and in so doing, need to open certain ports in order to receive email. One of these ports is port 25–the Simple Mail Transfer Protocol port. In other words, it’s the default port upon which email moves. Now, in order to receive most email, I have to open this port, even though I don’t generally use it for my own purposes, preferring newer TLS-by-default port 465, among others. Technological details aside, I only have port 25 open by necessity, and I don’t use it myself.
But, because it’s universal, botnets continually scan the Internet for servers with this port open. With modern computational power, it takes a surprisingly short amount of time to scan all the available IPv4 address space. Consequently, I’m regularly identified as a host with open port 25.
What does this mean? Generally nothing, except these automated botnets hope that I haven’t bothered to take basic precautions. Upon seeing the open port, the botnet then attempts to log in, using various default credentials (e.g. Admin, User, root). Very quickly they move on, but still, I find this irritating.
Unfortunately there isn’t much I can do about it, other than blacklisting by default all non-US IP addresses (and any countries to which I’m aware family is currently traveling), and any IP address which previously failed to log in. But, there are still a lot of IP addresses. And with no recourse, I decided to vent my frustrations by posting a list of offenders. It is worth a moment to do a Whois and find their geographical regions, if nothing else. And if one of these is you, it’s time for a malware scan:
198.12.93.218
198.23.132.250
205.234.153.210
5.39.219.214
46.166.160.153
193.189.117.88
155.133.18.178
23.95.24.162
46.105.120.50
151.80.147.113
212.129.4.178
151.80.147.144
38.87.45.116
52.22.59.41
209.95.52.130
80.11.96.236
166.176.251.239
195.154.116.169
96.43.128.14
195.154.119.141
195.154.105.115
50.116.123.186
104.238.129.26
118.193.179.177
195.154.110.230
122.224.248.250
203.171.31.60
31.170.104.245
220.244.5.154
111.204.219.197
175.100.189.174
111.68.98.136
180.250.9.52
177.39.152.250
59.127.51.128
184.74.44.51
173.189.252.21
50.252.84.9
70.15.249.139
173.164.154.100
69.199.239.200
63.223.116.37
173.13.117.142
71.10.87.50
23.246.213.202
104.238.141.153
104.168.145.83
51.255.235.154
104.168.141.86
107.179.40.46
45.76.81.226
23.254.215.249
46.218.164.132
96.255.34.171
138.197.1.145
195.154.103.205
195.154.77.202
62.210.25.5
74.113.139.17
23.254.211.205
176.183.204.200
65.245.57.3
192.86.34.108
45.32.203.111
144.217.213.132
66.194.234.110
207.118.200.111
185.81.158.149
–Simon