Great that you want/willing to share..
However, it isn't as simple as blocking every IP that bangs on your
door. If you block large CGNAT IP's for instance, one compromised IoT
device behind that IP can stop hundreds of legitimate users.
Think about the Airports' WIFI.. Coffee Shops.. or Dynamic IPs..
Most RBL lists for AUTH try to weed out shared or dynamic IPs to reduce
false positive. Fingerprinting and other techniques help stop those,
and/or you can use short timer blocks to stop aggressive bots..
However, as the old saying goes.. 'If it works for you, great'..
Thanks for sharing..
On 2024-05-30 12:32, Slavko via mailop wrote:
Dňa 30. mája 2024 18:23:25 UTC používateľ Michael Peddemors via mailop
<[email protected]> napísal:
I am sure there are many others that are dedicated to strictly AUTHentication
abuse.. The key is to be able to do the check at all levels of authentication,
whether by using an RBL, or static lists..
I hope, that it isn't problem to promote own software here...
Two or three years ago i was target of a lot of leaked passwords
attempts (it was XMPP passwords, but they tried it as email), i was
looking into weakforced solution for dovecot, but i meet multiple
problems with it, thus i did my own dovecot's auth daemon, its initial
intent was to check RBLs, but over time it evolved to count success
login IPs (to detect account compromise) and GeoIP block (per user).
Any one can use it (GPL licensed) from my git repo
https://git.slavino.sk/dovepolicy.git/
It is in Python (flask app) + redis, i use it for my dovecot (and exim
authed via dovecot). I cannot tell about performance, my user base
is low, but works well for me and in spikes it was blocking ~800 IPs
daily (+ normal user logins). In conjunction with fail2ban it was
very success and most attempts are now gone for more months.
It is not in state of full app (one click install), some manual steps
are required to setup it and only some features are manageable by
CLI interface, thus not intended for not experienced users, but i use
it in git HEAD state.
Hope it will be useful for someone...
regards
--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Reg. TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
