I had successfully proved that the concept (that migrating a php front-ended, MySQL back-ended website hosted with a commercial webhost, based in Arizona, to my NAS here in the UK) was sound.<\/p>\n
And I had documented the steps and processes that need to be gone through, in order to make it all happen.<\/p>\n
I had signed off with a light-hearted statement about learning to migrate the associated mail accounts after a cup of tea.<\/p>\n
Yeah, well I’m struggling with the mail thing.<\/p>\n
But while I struggle, here’s a thing.<\/p>\n
I am hyperanal about security, and have a number of default characteristics set up, on my NAS, including automatic IP blacklisting after x successful attempts to log on (where x is a number I’m not disclosing), and instant SMS alerts of various events to my phone.<\/p>\n
So, a few days ago I enabled my NASs mailserver and began configuring it.<\/p>\n
Within 24 hours of enabling mailserver, I started getting attempted penetration alerts on the mailserver.<\/p>\n
My alerts look like this:<\/p>\n
My question is, given that these penetration attempts have targeted the mailserver (not the NAS root), how the flipping flip have they identified that I had begun to configure a mailserver?<\/p>\n
I hadn’t enabled any MX record<\/p>\n
I hadn’t registered the mailserver anywhere on the web<\/p>\n
I hadn’t even completed the mailserver config<\/p>\n
I am, frankly, puzzled as to how these bots (I’m assuming they are robots, not real people) have latched on to what I was doing.<\/p>\n
I can guess what they’re after. I am assuming the bots are trying to establish a backdoor on my mailserver, from which they can spam the world in the name of any accounts that might have been set up there.<\/p>\n
But how did they know?<\/p>\n","protected":false},"excerpt":{"rendered":"
I had successfully proved that the concept (that migrating a php front-ended, MySQL back-ended website hosted with a commercial webhost, based in Arizona, to my<\/p>\n","protected":false},"author":13,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-9610","post","type-post","status-publish","format-standard","hentry","category-stuff","two-columns"],"_links":{"self":[{"href":"https:\/\/brennigjones.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/9610","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/brennigjones.com\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/brennigjones.com\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/brennigjones.com\/blog\/index.php?rest_route=\/wp\/v2\/users\/13"}],"replies":[{"embeddable":true,"href":"https:\/\/brennigjones.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=9610"}],"version-history":[{"count":0,"href":"https:\/\/brennigjones.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/9610\/revisions"}],"wp:attachment":[{"href":"https:\/\/brennigjones.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=9610"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/brennigjones.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=9610"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/brennigjones.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=9610"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}