New MFC printer created security vulnerability?

scruft

• June 04, 2014 00:58

Hi All, I have a VPS with a number of accounts on it, and recently I've been receiving a lot of "large number of failed login attempts" from cPHulk. Last week I installed a new FujiXerox CM305 df multifunction printer for one of my customers in her shop, and set it up to be able to scan to email. Unfortunately in order to get it working, I had to turn off "Require clients to connect with SSL or issue the STARTTLS command before they are allowed to authenticate with the server" because as far as I can tell the machine can't handle TLS. Since then, a lot of the failed login attempts have come through, trying to access (non-existent) accounts like "copier", "scan", "xerox", "scanner", "reception" - common email addresses a business would use for their scanner. Does anyone know how or why this would start happening? Could it be a virus on one of the computers networked to the printer? Suggestions on how to fix it? Also, a related question - is there a blacklist of known hacker IPs that I can access so cPanel will automatically block them in the firewall? Some kind of plugin? Thank you

• 

  cPanelMichael

  • June 04, 2014 13:34

  Hello :) I suggest simply ensuring that complex passwords are used, and blocking any IP addresses that make brute force attempts. I am not aware of any public lists of IP addresses where potential hacking/brute force attempts have originated. CSF is a good firewall management utility if you do not already use it. Thank you.

  0
• 

  quizknows

  • June 04, 2014 21:30

  You need to look at what IP address(es) generate those failed logins. If they're not your IP addresses, or your clients IP address, I'd be less concerned. I 2nd the recommendation for CSF. It's free and will block IPs that generate excessive failed logins.

  0

Please sign in to leave a comment.