Re: How to block a dictionary attack
Hi i use in this way fail2ban (http://www.fail2ban.org/). and not only for imap ... fail2ban is confugurable for other net services too. Kleo On Mon, 12 Apr 2010, ram wrote: I am seeing this pattern now very often. Every weekend someone tries to gain unauthorized access to the my imap servers by trying random username / passwords Yesterday by afternoon someone had tried half a million times on my servers from 62.141.37.141. I have written to the abuse contact address ... not that I expect any reply anyway I would like to configure cyrus such a way that if there are 10 failed logins from an ip address in 10 minutes and no successful logins just block the IP address. ( Or inject the ip into my firewall ) Is there something similar already available Thanks Ram Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html -- Vladimir `KLEO' Klejch Kleo'at'netbox'dot'cz ... ... ... ... Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: How to block a dictionary attack
ram wrote: I am seeing this pattern now very often. Every weekend someone tries to gain unauthorized access to the my imap servers by trying random username / passwords Yesterday by afternoon someone had tried half a million times on my servers from 62.141.37.141. I have written to the abuse contact address ... not that I expect any reply anyway I use fail2ban which is nice, but I only serve through imaps and never see this. Eric Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
How to block a dictionary attack
I am seeing this pattern now very often. Every weekend someone tries to gain unauthorized access to the my imap servers by trying random username / passwords Yesterday by afternoon someone had tried half a million times on my servers from 62.141.37.141. I have written to the abuse contact address ... not that I expect any reply anyway I would like to configure cyrus such a way that if there are 10 failed logins from an ip address in 10 minutes and no successful logins just block the IP address. ( Or inject the ip into my firewall ) Is there something similar already available Thanks Ram Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html