search for: twaek

Olaf Hopp <Olaf.Hopp at kit.edu> wrote: > And I have a new one just for "unknown user" and here my bantime and findtime > are much bigger and the retries are just '2'. So here I'm much harsher. > I'll keep an eye on my logs and maybe some more twaeking is necessary. Just be careful about typos (like twaeking!): users could simply misspell their username, or get mixed up with some another account or alias. This is why I favour targetting known bad accounts, not merely accounts that don't exist. Joseph Tam <jtam.home at gmail.com>

...findtime, bantime, retries > are tolerant to typos. > > And I have a new one just for "unknown user" and here my bantime and findtime > are much bigger and the retries are just '2'. So here I'm much harsher. > I'll keep an eye on my logs and maybe some more twaeking is necessary. > > Another interesting observation: > I activated > auth_verbose_passwords = plain > to log the plain password when (and only when) there is "unknown user". > It reveals that all different IPs trying one unknown account always try with the > same st...

...sword" and here the findtime, bantime, retries are tolerant to typos. And I have a new one just for "unknown user" and here my bantime and findtime are much bigger and the retries are just '2'. So here I'm much harsher. I'll keep an eye on my logs and maybe some more twaeking is necessary. Another interesting observation: I activated auth_verbose_passwords = plain to log the plain password when (and only when) there is "unknown user". It reveals that all different IPs trying one unknown account always try with the same stupid password scheme <ACCOUNT&gt...

Hi folks, "somehow" similar to the thread "under some kind oof attack" started by "MJ": I have dovecot shielded by fail2ban which works fine. But since a few days I see many many IPs per day knocking on my doors with wron password and/or users. But the rate at which they are knocking is very very low. So fail2ban will never catch them. For example one IP: Jul 25