search for: brute

...;s addresses all together, or just ban certain services. -----Original Message----- From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On Behalf Of Brian Marshall Sent: Thursday, November 16, 2006 9:33 AM To: CentOS mailing list Subject: Re: [CentOS] Re: IPTables Blocking Brute Forcers Sweeeet! I'll give it a shot. Thanks Mike. > From: <mike.redan at bell.ca> > Reply-To: CentOS mailing list <centos at centos.org> > Date: Thu, 16 Nov 2006 12:18:00 -0500 > To: <centos at centos.org> > Conversation: [CentOS] Re: IPTables Blocking Bru...

I'm looking for a way to deny access to dovecot from certain IP addresses, basically to help prevent brute force attacks on the server. Right now I'm using denyhosts which scans /var/log/secure for authentication failures which then can add an entry to /etc/hosts.deny, but since dovecot doesn't have tcp wrappers support, that doesn't do anything. It doesn't look like I can run dovecot...

Hello, yesterday one of the extensions on my asterisk server got compromised by brute-force attack. The attacker used it to try pull an identity theft scam playing a recording from a bank "your account has been blocked due to unusual activity, please call this number..." Attacker managed to make lots of calls for around 8 hours before I detected it and changed the passwor...

Message-ID: <479F2A63.2070408 at centos.org> On: Tue, 29 Jan 2008 07:30:11 -0600, Johnny Hughes <johnny at centos.org> Subject Was: [CentOS] Unknown rootkit causes compromised servers > > SOME of the script kiddies check higher ports for SSH *_BUT_* I only see > 4% of the brute force attempts to login on ports other than 22. > > I would say that dropping brute force login attempts by 96% is quite a > good reason to move the SSH port from 22 to something else. I am not a fan of security through obscurity. If a port is open to the internet then it must be secured...

Is there a means to split a vector into its individual elements without going the brute-force route for arguments to a predefined function call? offred.rgb <- c(1, 0, 0) * 0.60; ## Brute force style offred.col <- rgb(offred.rgb[1], offred.rgb[2], offred.rgb[3], names = "offred") ## Desi...

...; Nothing wrong with letting "an expert" preconfigure the system and then, > after installation, the SysAdmin checking to ensure all the settings > satisfy the SysAdmin's requirements. > I'd just rather see them applying their expertise to actually making the code resist brute-force password attacks instead of stopping the install until I pick a password that I'll have to write down because they think it will take longer for the brute-force attack to succeed against their weak code. -- Les Mikesell lesmikesell at gmail.com

Hi List, optimizing the configuration on one of our servers (which was hit by a brute force attack on dovecot) showed an odd behavior. The short story: On one of our servers an attacker did a brute force attack on dovecot (pop3). Since the attacker closed and reopened the connection after every user/password combination the logs showed many lines like this: dovecot: pop3-login...

I'm in the process of rolling out new setups with dovecot on CentOS 5.2 and I notice that dovecot doesn't handle the brute-force attacks too nice. I reduced the limit a bit to some reasonable looking value: login_max_processes_count = 32 to stop them earlier and the number of processes stops at that figure when an attack happens. However, it stays at this count for hours although the attack is already over since long...

Hi List, optimizing the configuration on one of our servers (which was hit by a brute force attack on dovecot) showed an odd behavior. Dovecot Version 1.0.7 (CentOS 5.2) The short story: On one of our servers an attacker did a brute force attack on dovecot (pop3). Since the attacker closed and reopened the connection after every user/password combination the logs showed many...

hi, I wrote a patch to openssh sshd.c which enables "exponential backoff", so that an attacker cannot brute force your password by making hundreds of login attempts. here is the code: http://sam.nipl.net/sshd-backoff/ An attacker who fails to login is locked out (by IP address) for 1 minute, and the lockout period doubles for each failed login after that. Normally three logins are allowed before an...

...riginal Message----- > From: asterisk-users-bounces@lists.digium.com [mailto:asterisk-users- > bounces@lists.digium.com] On Behalf Of J. Oquendo > Sent: Thursday, April 26, 2007 6:47 AM > To: Asterisk Users Mailing List - Non-Commercial Discussion > Subject: [asterisk-users] Asterisk brute force watcher (was FYI) > > Steve Totaro wrote: > > I suspect that this will happen more and more. I also suspect that many > > people who have weak SIP credentials like user=100 secret=100 will be > > the victim of toll fraud and worse, call to 900 and other very high &gt...

We have several web applications deployed under Apache that require a user id / password authentication. Some of these use htdigest and others use the application itself. Recently we have experienced several brute force attacks against some of these services which have been dealt with for the nonce by changes to iptables. However, I am not convinced that these changes are the answer. Therefore I have been looking at http protection and have run across a few independently provided modules for Apache http se...

...imating a gls model and am having to make some rather unconventional modifications to handle a particular problem I have identified. My aim is to fit a GLS with an AR1 structure, obtain the variance-covariance matrix (V), modify it as needed given my research problem, and then reestimate the GLS by brute force using matrix operations. All seems to be working almost perfectly, yet there is one small issue that I cannot seem to resolve and would appreciate any thoughts on my problem. I have developed some code for simulating a longitudinal analysis of student achievement test scores. For the curren...

On 25.04.24 17:15, openssh-unix-dev-request at mindrot.org digested: > Subject: how to block brute force attacks on reverse tunnels? > From: Steve Newcomb <srn at coolheads.com> > Date: 25.04.24, 17:14 > > For many years I've been running ssh reverse tunnels on portable Linux, > OpenWRT, Android etc. hosts so they can be accessed from a server whose > IP is stable (I...

...me other attack vectors on the cookie_session store. I appreciate (and admire!) Jeremy''s good humor on all of this: > Planting the seed here led to quick ripening and plenty of pesticide. > Thanks for the fish, all. > > jeremy Anyway, here''s what we came up with: 1. Brute Force SHA512 can be computed _very_ fast. On my Pentium Core Duo: irb> z = ''z'' * 100; puts Benchmark.measure { 1000.times { Digest::SHA512.hexdigest(z) }} 0.032000 0.000000 0.032000 ( 0.031000) That''s 0.03 ms/hash using simple Ruby code, not optimized C / Asse...

Hello, What is the best way to protect multiuser systems from brute force attacks? I am setting up a relatively loose DenyHosts policy, but I like the idea of locking an account for a time if too many attempts are made, but to balance this with keeping the user from making a helpdesk call. What are some policies/techniques that have worked for this list with mini...

...ttempts are only targeting me, hence the >> addresses should be shared via a dnsbl. > > Probably there's an existing solution for both problems (subsequent > attempts and dnsbl): > >> https://github.com/PowerDNS/weakforced "The goal of 'wforce' is to detect brute forcing of passwords across many servers" The problem is not detecting but blocking. Dovecot has no mechanism for using the data; Dovecot needs DNSBL capability. I tested a small sample of my IMAP hackers using the lists I use for SMTP blocking [1] and enough are in these list to make th...

...g list would have this attitude, there > would be no single answer to your question. > > > -----Original Message----- > From: Odhiambo Washington [mailto:odhiambo at gmail.com] > Sent: donderdag 11 april 2019 12:54 > To: Marc Roos > Cc: dovecot > Subject: Re: Mail account brute force / harassment > > Marc, > > There is a strategy loosely referred to as "choose your battles well" > :-) > If you can, hack the server and dump the 500GB - you'll be using > resources transferring the 500GB as the other server receives it. Two > servers was...

I noticed that my server has a lot ca. 1000x auth failure from different alocated in China / Romania and Netherlands per day since 3 days It looks to me like somebody was trying to get into server by guessing my password by brute force. what would be the best to stop this attack and how? the server running apache mysql and ftp PORT STATE SERVICE 21/tcp open ftp 80/tcp open http 443/tcp open https 3306/tcp open mysql ... Jan 22 16:07:14 user vsftpd(pam_unix)[17462]: authentication failure; logname= uid=0 euid=0...

Hi Everyone, Before I begin, I'd just like to mention: I love dovecot. Thank you :) Anyway, today I had 8000 login attempts to my dovecot server in an hour before blocking the IP with my firewall. After googling, I didn't see very much discussion on the topic. There was some mention of blocksshd which was supposed to support dovecot in the next release (but doesn't appear to) and