similar to: Re: IPTables Blocking Brute Forcers

Another good one is http://denyhosts.sourceforge.net/ It runs as a daemon, and can either ban IP's addresses all together, or just ban certain services. -----Original Message----- From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On Behalf Of Brian Marshall Sent: Thursday, November 16, 2006 9:33 AM To: CentOS mailing list Subject: Re: [CentOS] Re: IPTables

On Wed, 16 Feb 2005, Sudev Barar wrote: > This is OT but since you just joined the list do not hijack a thread. > Start a new message and not just change subject line after hitting reply > button. Your message showed up in middle of md0/fstab thread!! Yup, I've already been chastised for this once on the list (did you miss that post?) and I apologized privately via e-mail to the

On 11/22/05, Jerry Geis <geisj at pagestation.com <http://lists.centos.org/mailman/listinfo/centos>> wrote: >/ I need to setup my laptop external monitor at 1366x768 while my />/ LCD is only 1024x768. Is this done by dual head selections in the />/ display configuration? / Setting up dual head machine. You can view an artcile on this at www.pcquest.com they carried this a few

Hi all, I'm not very used to CentOS and Linux generally speaking, though I read a lot and 'man' quickly became a very good friend of mine, right after Google, so sorry if that's a ridiculous one! (at least it'll give you a good laugh!) I updated the kernel to 2.6.9-42.0.2 recently and that raised a question... Simple... Yet silly...! What exactly is the difference between

> -----Original Message----- > From: asterisk-users-bounces@lists.digium.com [mailto:asterisk-users- > bounces@lists.digium.com] On Behalf Of J. Oquendo > Sent: Thursday, April 26, 2007 6:47 AM > To: Asterisk Users Mailing List - Non-Commercial Discussion > Subject: [asterisk-users] Asterisk brute force watcher (was FYI) > > Steve Totaro wrote: > > I suspect that

Hi, I've been playing with CentOS quite a bit lately (and I must say it's growing on me!! :) and I was now able to convince my boss that we could get a box and gradually start migrating our hosting from win2k3 to centos. So anyway, I've got a new box at the colo ready up and running - P4 3Ghz w/HT 2Ghz RAM 2x70Gb HDD, running Centos4.4 fully up-to-date. Now my two questions are;

Hello I'm no expert of iptables, and it seems like it can handle banning IP's that are trying to register and fail too many times. I'd like to use this feature instead of having to install a second tool such as SSHGuard or BFS that parses the logs and reconfigure iptables on the fly. Is there a good iptables configuration that I could use as reference? FWIW, the kernel is uClinux

fail2ban might be good for this. On 04/05/2011 01:00 PM, asterisk-users-request at lists.digium.com wrote: > > Date: Tue, 5 Apr 2011 08:44:41 -0700 (PDT) > From: Steve Edwards<asterisk.org at sedwards.com> > Subject: Re: [asterisk-users] Iptables configuration to handle brute > force registrations? > > On Tue, 5 Apr 2011, Gilles wrote: > >> I'm no expert

I've just posted this to another list where we were talking about the same old issues we've been plagues with recently - I'd already posted some iptables rules, but added more to it for this... This script probably isn't compatable with anything else, but I don't run anything else. It's also designed to act on the incoming interface, not to run in a router, but

Hi Everyone, Before I begin, I'd just like to mention: I love dovecot. Thank you :) Anyway, today I had 8000 login attempts to my dovecot server in an hour before blocking the IP with my firewall. After googling, I didn't see very much discussion on the topic. There was some mention of blocksshd which was supposed to support dovecot in the next release (but doesn't appear to) and

Hello, yesterday one of the extensions on my asterisk server got compromised by brute-force attack. The attacker used it to try pull an identity theft scam playing a recording from a bank "your account has been blocked due to unusual activity, please call this number..." Attacker managed to make lots of calls for around 8 hours before I detected it and changed the password for that

I'm looking for a way to deny access to dovecot from certain IP addresses, basically to help prevent brute force attacks on the server. Right now I'm using denyhosts which scans /var/log/secure for authentication failures which then can add an entry to /etc/hosts.deny, but since dovecot doesn't have tcp wrappers support, that doesn't do anything. It doesn't look like I can

We have several web applications deployed under Apache that require a user id / password authentication. Some of these use htdigest and others use the application itself. Recently we have experienced several brute force attacks against some of these services which have been dealt with for the nonce by changes to iptables. However, I am not convinced that these changes are the answer. Therefore

On 11/04/2019 14:33, Anton Dollmaier via dovecot wrote: >> Which is why a dnsbl for dovecot is a good idea. I do not believe the >> agents behind these login attempts are only targeting me, hence the >> addresses should be shared via a dnsbl. > > Probably there's an existing solution for both problems (subsequent > attempts and dnsbl): > >>

All your approaches are not well thought out. The best solutions are always the simplest ones. KISS principle dictates so. On Thu, 11 Apr 2019 at 15:01, Marc Roos <M.Roos at f1-outsourcing.eu> wrote: > > How long have we been using the current strategy? Do we have less or > more abuse clouds operating? > > "Let the others bother with their own problems." is a bit

There's an article on slashdot about the Duqu team wiping all their intermediary c&c servers on 20 Oct. Interestingly, the report says that they were all (?) not only linux, but CentOS. There's a suggestion of a zero-day exploit in openssh-4.3, but both the original article, and Kaspersky labs (who have a *very* interesting post of the story) consider that highly unlikely, and the

Top of the morning all... So I reworked the pseudo IDS/Brute Force Asterisk script for those who want to either use it, or use it as a baseline to build a better one... The script now does a few things... It logs those with password issues, and blocks them as well. This was done to ensure that a remote user who was blocked can be found in the log. E.g., Sally the homemaker keeps fiddling

Please do not assume anything other than what is written, it is a hypothetical situation A. With the fail2ban solution - you 'solve' that the current ip is not able to access you - it will continue bothering other servers and admins - you get the next abuse host to give a try. B. With 500GB dump - the owner of the attacking server (probably hacked) will notice it will be

Yes indeed, we have already own dnsbl's for smtp and ssh/ftp access. How do you have one setup for dovecot connections? -----Original Message----- From: James via dovecot [mailto:dovecot at dovecot.org] Sent: donderdag 11 april 2019 13:25 To: dovecot at dovecot.org Subject: Re: Mail account brute force / harassment On 11/04/2019 11:43, Marc Roos via dovecot wrote: > A. With the

On 11 Apr 2019, at 04:43, Marc Roos via dovecot <dovecot at dovecot.org> wrote: > B. With 500GB dump > - the owner of the attacking server (probably hacked) will notice it > will be forced to take action. Unlikely. What is very likely is that your ISP shuts you don for network abuse. > If abuse clouds are smart (most are) they would notice that attacking my > servers, will