Remember those days of Nigerian princes and overseas lotteries? The ones who just needed a little bit of financial assistance, who would reward you in turn for your efforts with profit a hundred fold? Or the cheap Viagra? Or the young Asian girls who want to meet just you?
I’d like to sigh nostalgically and say “Those were the days” except, apparently these are still those days. Something on the Internet has survived multiple decades. Go figure.
I run my own email server, and in so doing, need to open certain ports in order to receive email. One of these ports is port 25–the Simple Mail Transfer Protocol port. In other words, it’s the default port upon which email moves. Now, in order to receive most email, I have to open this port, even though I don’t generally use it for my own purposes, preferring newer TLS-by-default port 465, among others. Technological details aside, I only have port 25 open by necessity, and I don’t use it myself.
But, because it’s universal, botnets continually scan the Internet for servers with this port open. With modern computational power, it takes a surprisingly short amount of time to scan all the available IPv4 address space. Consequently, I’m regularly identified as a host with open port 25.
What does this mean? Generally nothing, except these automated botnets hope that I haven’t bothered to take basic precautions. Upon seeing the open port, the botnet then attempts to log in, using various default credentials (e.g. Admin, User, root). Very quickly they move on, but still, I find this irritating.
Unfortunately there isn’t much I can do about it, other than blacklisting by default all non-US IP addresses (and any countries to which I’m aware family is currently traveling), and any IP address which previously failed to log in. But, there are still a lot of IP addresses. And with no recourse, I decided to vent my frustrations by posting a list of offenders. It is worth a moment to do a Whois and find their geographical regions, if nothing else. And if one of these is you, it’s time for a malware scan: