This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(73.60000000000001, 49%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hello, recently, cases of blocking of accounts have become more frequent. In events I found that someone is trying to send an anonymous message on behalf of the user.
2021-08-09T09:56:28.303Z,CAS\Default Frontend CAS01,08D8DFB5A4A72D14,48,myipserver:25,51.81.170.74:61427,,,User Name: "UserName"
2021-08-09T09:56:28.303Z,CAS\Default Frontend CAS01,08D8DFB5A4A72D14,49,myipserver:25,51.81.170.74:61427,,Tarpit for '0.00:00:05' due to '535 5.7.3 Authentication unsuccessful',
How to block ip or how to protect against such hacking?
If you are using basic authentication, you can't really stop this.
You need to use Modern Authentication ( and require MFA )
If you are on-perm, consider using a Hybrid Model with Azure/Exchange Online
Hi @Стас Петухов ,
I would agree with Andy, changing a authentication method could better protect your server from such hackers or some security vulnerabilities.
What's the version of your Exchange server? If you didn't install the latest update patch, please consider upgrading it:
https://techcommunity.microsoft.com/t5/exchange-team-blog/released-july-2021-exchange-server-security-updates/ba-p/2523421
And yes, after migrated to Exchange Online, you could use the protect services provided by Microsoft like MS Defender, Security and Compliance center etc..
Best regards,
Lou
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi @Стас Петухов ,
Do the suggestions above help? If the issue has been resolved, please click “Accept as answer” to mark the helpful reply as an answer, this will make answer searching in the forum easier and be beneficial to other community members as well.
If you are still stuck in this issue, please feel free to post your questions.
Regards,
Lou
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.