This is beautiful and I need this one.
where should I put this code?
<group name="squirrelmail,">
<rule id="131100" level="0">
<if_sid>31108</if_sid>
<url>/webmail/src/redirect.php</url>
<description>Squirrelmail logins grouped.</description>
</rule>
<rule id="131101" level="1">
<if_sid>131100</if_sid>
<id>^302</id>
<description>Squirrelmail: successfull login.</description>
<group>authentication_success,</group>
</rule>
<rule id="131102" level="5">
<if_sid>131100</if_sid>
<id>^200</id>
<description>Squirrelmail: authentication failed.</description>
<group>authentication_failures,</group>
</rule>
<rule id="131103" level="10" frequency="6" timeframe="300">
<if_matched_sid>131102</if_matched_sid>
<same_source_ip />
<description>Squirrelmail brute force attack.</description>
<group>attack, authentication_failures,</group>
</rule>
</group> <!-- SQUIRRELMAIL -->
Saludos.
Borderless Consulting Group SA de CV.
Noel Alban Rivera Rivera
Jefe de Redes y Telecomunicaciones
Tel. (915) 633-61-04
Nextel 62*142650*2
Por favor considera el medio ambiente antes de imprimir este e-mail.
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
CONFIDENTIALITY NOTICE: This e-mail message including attachments, if any, is
intended only for the person or entity to which it is addressed and may contain
confidential and /or privileged material. Any review, use, disclosure or
distribution of such confidential information without the written authorization
of Borderless Consulting Group is prohibited. If you are not the intended
recipient, please contact the sender by reply e-mail and destroy all copies of
the original message. By receiving this e-mail you acknowledge that any breach
by you and/or your representatives of the above provisions may entitle
Borderless Consulting Group to seek for damages.
AVISO DE CONFIDENCIALIDAD: Este correo electrónico, incluyendo en su caso, los
archivos adjuntos al mismo, pueden contener información de carácter
confidencial y/o privilegiada, y se envían a la atención única y exclusivamente
de la persona y/o entidad a quien va dirigido. La copia, revisión, uso,
revelación y/o distribución de dicha información confidencial sin la
autorización por escrito de Borderless Consulting Group está prohibida. Si
usted no es el destinatario a quien se dirige el presente correo, favor de
contactar al remitente respondiendo al presente correo y eliminar el correo
original incluyendo sus archivos, así como cualesquiera copia del mismo.
Mediante la recepción del presente correo usted reconoce y acepta que en caso
de incumplimiento de su parte y/o de sus representantes a los términos antes
mencionados, Borderless Consulting Group tendrá derecho a los daños y
perjuicios que esto le cause.
-----Original Message-----
From: Aleksander Podsiadły [mailto:[email protected]]
Sent: Friday, June 25, 2010 12:59 AM
To: [email protected]
Subject: Re: [qmailtoaster] question
Dnia 2010-06-24, czw o godzinie 12:52 -0600, Noel Rivera (Border Less)
pisze:
> Hello List I have a question about squirrelmail.
>
>
>
> Is there a way to view a log from users to access to the squirrelmail
> page?
>
>
Check this page: http://www.ossec.net/wiki/SquirrelMail
I wrote some rules for ossec hids to log webmail attacks. It works form
me. :)
--
Pozdrawiam / Regards,
Aleksander Podsiadły
mail: [email protected]
jid: [email protected]
ICQ: 201121279
gg: 9150578
---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com for the latest news, updates, and packages.
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com for the latest news, updates, and packages.
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]