> On 22. Apr 2020, at 19.14, Michael Peddemors <michael at linuxmagic.com> wrote: > The three most common attack vectors, (and attack volumes have never been higher) are: > > * Sniffed unencrypted credentials > (Assume every home wifi router and CPE equipment are compromised ;) > * Re-used passwords where data is exposed from another site's breach > (Users WANT to re-use passwords, this is where 2FA shines) > * Weak Passwords > (Users like using weak passwords, so implement password restrictions)Actually by far the biggest source of stolen credentials is viruses/trojans harvesting them. Sami
On 2020-04-22 18:45, Sami Ketola wrote:> Actually by far the biggest source of stolen credentials is > viruses/trojans harvesting them.i tryed blacklist all ips that got passwords errors, but that ends in big shorewall blrules so i turn it over to just add whitelist into blrules where ips is known custommers that dont abuse server, that way my shorewall got alot smaller config files to read and no kids from outside can abuse logins that way, now i have maked php script that monitors where abusers is from without give them access to abused ports and i have seen the trojans or malware reveal strong passwords loose aswell, the battle is only as strong as users using email programs so for now i see no fails on logins anymore from the only whitelisted asn range of trusted custommers ips i just hope there would be free simple policy server for doevecot not only for dovecot oy we are in same boat all, dont let it sink
<!doctype html>
<html>
<head>
<meta charset="UTF-8">
</head>
<body>
<div>
<br>
</div>
<blockquote type="cite">
<div>
On 22/04/2020 19:56 Benny Pedersen <
<a href="mailto:me@junc.eu">me@junc.eu</a>> wrote:
</div>
<div>
<br>
</div>
<div>
<br>
</div>
<div>
On 2020-04-22 18:45, Sami Ketola wrote:
</div>
<div>
<br>
</div>
<blockquote type="cite">
<div>
Actually by far the biggest source of stolen credentials is
</div>
<div>
viruses/trojans harvesting them.
</div>
</blockquote>
<div>
i tryed blacklist all ips that got passwords errors, but that ends in
</div>
<div>
big shorewall blrules so i turn it over to just add whitelist into
</div>
<div>
blrules where ips is known custommers that dont abuse server, that way
</div>
<div>
my shorewall got alot smaller config files to read and no kids from
</div>
<div>
outside can abuse logins that way, now i have maked php script that
</div>
<div>
monitors where abusers is from without give them access to abused ports
</div>
<div>
<br>
</div>
<div>
and i have seen the trojans or malware reveal strong passwords loose
</div>
<div>
aswell, the battle is only as strong as users using email programs
</div>
<div>
<br>
</div>
<div>
so for now i see no fails on logins anymore from the only whitelisted
</div>
<div>
asn range of trusted custommers ips
</div>
<div>
<br>
</div>
<div>
i just hope there would be free simple policy server for doevecot not
</div>
<div>
only for dovecot oy
</div>
<div>
<br>
</div>
<div>
we are in same boat all, dont let it sink
</div>
</blockquote>
<div>
<br>
</div>
<div>
You mean https://github.com/PowerDNS/weakforced ?
</div>
<div class="io-ox-signature">
<pre>---
Aki Tuomi</pre>
</div>
</body>
</html>