How common or allowed is this...?

Hi

The firewall blocks like 2-10 IPs on a daily basis.
IPs trying to SSh the server, FTP or the mail server without authentication.

But...
There is a domain on the server which the FireWall blocks like 100-150 IPs daily.
IPs that tried to do something trough the domain's mail server.(I guess they're just SPAMMERs bots looking for an open SMTP)

Is like 1 attempt every 1-5 minutes.

Example...
----------------------
2005-04-03 22:05:38 H=(79.95.333.13) [61.111.189.182] F=<xjrdoipcz@chinese88.com> rejected RCPT <benson@customerdomain.com>: Sender verify failed

----------------------

So..., does this affects considerably the Server performance,? considering the Shared server needs all the resources possible to serve legitimate users.?
Ofcourse, the Firewall blocks them.

Does it affects in such a way it could crash the server?

Is it an enough reason to stop offering service to that specific domain..? considering is a Full time target for this malicious people.

I'm worried for this as one month a go the server was crashing like every 2-5 days and couldn't find the real reason.

I stoped the mail service for this domain and some how, the crashes stoped but I not convinced this was the reason, because of the crashes I supsect some customer moved some important sites that could also used a lot of server resources.


Any opninion on this?

Thank you

Jagarco

 

 

 

 

Top