search for: nyhbxu

...one more question on this subject: I would like to create a fail2ban filer, that scans for these lines: > Jul 20 11:10:09 auth: Info: ldap(user1,60.166.35.162,<cDFXHbxUQgA8piOi>): invalid credentials (given password: password) > Jul 20 11:10:19 auth: Info: ldap(user2,61.53.66.4,<V+nyHbxU+wA9NUIE>): invalid credentials (given password: password) (as you can see, I have enabled auth_verbose_passwords to do this, making me very uncomfortable...) Anyway: since there are only a few password variations, I would like to block anyone using those passwords. (since the connections ar...

...t; I would like to create a fail2ban filer, that scans for these lines: > >> Jul 20 11:10:09 auth: Info: >> ldap(user1,60.166.35.162,<cDFXHbxUQgA8piOi>): invalid credentials >> (given password: password) >> Jul 20 11:10:19 auth: Info: ldap(user2,61.53.66.4,<V+nyHbxU+wA9NUIE>): >> invalid credentials (given password: password) > > (as you can see, I have enabled auth_verbose_passwords to do this, > making me very uncomfortable...) > > Anyway: since there are only a few password variations, I would like to > block anyone using tho...

> I would like to create a fail2ban filer, that scans for these lines: > >> Jul 20 11:10:09 auth: Info: ldap(user1,60.166.35.162,<cDFXHbxUQgA8piOi>): invalid credentials (given password: password) >> Jul 20 11:10:19 auth: Info: ldap(user2,61.53.66.4,<V+nyHbxU+wA9NUIE>): invalid credentials (given password: password) > > (as you can see, I have enabled auth_verbose_passwords to do this, > making me very uncomfortable...) > > Anyway: since there are only a few password variations, I would like to > block anyone using those passwords....

...ail2ban filer, that scans for these lines: >> >>> Jul 20 11:10:09 auth: Info: >>> ldap(user1,60.166.35.162,<cDFXHbxUQgA8piOi>): invalid credentials >>> (given password: password) >>> Jul 20 11:10:19 auth: Info: >>> ldap(user2,61.53.66.4,<V+nyHbxU+wA9NUIE>): invalid credentials (given >>> password: password) >> >> (as you can see, I have enabled auth_verbose_passwords to do this, >> making me very uncomfortable...) >> >> Anyway: since there are only a few password variations, I would like >> to...

Hi Robert, On 07/18/2017 11:43 PM, Robert Schetterer wrote: > i guess not, but typical bots arent using ssl, check it > > however fail2ban sometimes is to slow I have configured dovecot with auth_failure_delay = 10 secs I hope that before the 10 sec are over, dovecot will have logged about the failed login attempt, and fail2ban will have blocked the ip by then. MJ