I'm using OSSEC http://www.ossec.net Very nice and complete IDS/Log analysis package. Easy to install and manage.
On Thu, Oct 28, 2010 at 8:49 PM, Eric Shubert <[email protected]> wrote: > On 10/28/2010 04:02 PM, David Milholen wrote: > >> Hi everyone, >> I had an interesting day. Starting getting those calls about email >> clients asking for password. Red flag says "mail server way too busy" >> I investigate and find that vchkpw is taking all of the process load. I >> look at the number of connections and there were about 50 from one place >> in Bulgaria. The only way to drop that way to add a drop rule into the >> gateway. >> >> What is everyone using to stop this kind of force attack on the pop side? >> >> --Dave >> -- >> >> David Milholen >> Project Engineer >> P:501-318-1300 >> > > I know that some people here use fail2ban. Sounds like it would have > thwarted this attack, if they were all from the same IP. I haven't gotten > around to installing it myself. We should have a fail2ban page on the wiki, > but I don't think anyone's written one yet. Search the archives, and you'll > find references. Here's one from the spamdyke list: > http://www.spamdyke.org/mailman/private/spamdyke-users/2010q3/002961.html > (you must be a spamdyke list subscriber to view) > > -- > -Eric 'shubes' > > > > --------------------------------------------------------------------------------- > Qmailtoaster is sponsored by Vickers Consulting Group ( > www.vickersconsulting.com) > Vickers Consulting Group offers Qmailtoaster support and installations. > If you need professional help with your setup, contact them today! > > --------------------------------------------------------------------------------- > Please visit qmailtoaster.com for the latest news, updates, and > packages. > To unsubscribe, e-mail: > [email protected] > For additional commands, e-mail: > [email protected] > > >
