I make a habit of checking the logs on my servers every now an then, just to make sure all is good. This includes the HTTP access logs, the mail logs as well as the system logs.

I found a few interesting things recently

1. Attempted abuse via TOR. There’s been quite a few attempts to access pages that no longer exist. When I’ve checked the source IPs, they’ve turned out to be TOR endpoints. Seeing as these access attempts always come with some VERY dodgy arguments, all incoming traffic from TOR endpoints is now dropped. There is no reason for TOR usage when trying to access my servers, so any attempts to access any of my servers vi TOR is considered to be hostile. The same goes for some very dodgy proxy providers in Sweden.
2. Ararat Synapse. There’s a few badly built bots using these libraries. They are now blocked, and more than two access attempts from the same IP address will cause the offending IP address to be firewalled.
3. SMTP. My SMTP server is now only advertising AUTH to certain ranges of IP addresses. Any host attempting to authenticate when AUTH hasn’t been advertised is firewalled.