similar to: duqu

(Sorry, third time -- last one, promise, just giving it a subject line!) OK, a second machine hosted at the same hosting company has also apparently been hacked. Since 2 of out of 3 machines hosted at that company have now been hacked, but this hasn't happened to any of the other 37 dedicated servers that I've got hosted at other hosting companies (also CentOS, same version or almost),

dnsbl's are a popular method to prevent listed ips from making connections to mta software. cf. postscreen_dnsbl_sites in postfix Would it be possible to introduce such a feature in dovecot, so that connections can be denied based on a dnsbl lookup (where the precise dnsbls used are configurable)? John

> -----Original Message----- > From: asterisk-users-bounces@lists.digium.com [mailto:asterisk-users- > bounces@lists.digium.com] On Behalf Of J. Oquendo > Sent: Thursday, April 26, 2007 6:47 AM > To: Asterisk Users Mailing List - Non-Commercial Discussion > Subject: [asterisk-users] Asterisk brute force watcher (was FYI) > > Steve Totaro wrote: > > I suspect that

So I was bored yesterday and tried solving a few problems with one stone: 1) Notify me of potential brute forcers (multiple attempts to register multiple numbers from one address) 2) Notify me of (l)users who are having password issues So I whipped up a simple script to run in cron and notify me that UserX from X_IP_Space had X amout of password issues. I'm currently running this from cron

On Tue, 18 Jul 2017, dovecot-request at dovecot.org wrote: > Thanks for the quick follow-ups! Much appreciated. After posting this, I > immediately started working on fail2ban. And between my initial posting > and now, fail2ban already blocked 114 IPs. > > I have fail2ban with maxretry=1 and bantime=1800 > > However, it seems almost all IPs are different, and I don't

Debian Lenny, Dovecot v 1.0.15. I'm getting a lot of what I think is a local socket asking dovecot:auth to verify username/passwords: > May 31 09:00:54 server dovecot-auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=admin rhost= Note the empty 'rhost='. That's why I think it's on the server. I see others that look like bots:

https://bugzilla.redhat.com/show_bug.cgi?id=432251 Mentioned on Slashdot here: http://it.slashdot.org/article.pl?sid=08/02/10/2011257 Fedora bug report here: https://bugzilla.redhat.com/show_bug.cgi?id=432229 -- MELVILLE THEATRE ~ Melville Sask ~ http://www.melvilletheatre.com

I am currently blocking out netbios UDP port 137 on my firewall and was wondering what the following means in terms of security: Jul 9 16:19:05 oscar kernel: IP fw-in rej eth0 UDP SOMEONES_IP:137 MY_IP:137 L=78 S=0x00 I=46484 F=0x0000 T=111 I have gottena few 100 of these and was wondering if there are some vulnerabilties related to netbios out there?? What do the S/I/F/L fields stand for?? I

Hello everyone, As I am new to the asterisk community (although have been on the list reading for about 6 months) I wanted to see what users would recommend for security to protect several asterisk/ vicidial servers over a fiber connection. Currently I have a managed switch (Tellabs 8813-310) from time warner but I am having intrusion issues on my linux server which I think are contributing

There is a Slashdot discussion today titled "Cambridge Researcher Breaks OpenBSD Systrace". Slashdot anonymous member has a comment "Even Sun''s Dtrace might be vulnerable." I don''t think it is. Comments? Exploiting Concurrency Vulnerabilities in System Call Wrappers http://www.watson.org/~robert/2007woot/2007usenixwoot-exploitingconcurrency.pdf Abstract

Any BFD/AFP softwares available for FreeBSD 4.10? Im getting flooded with ssh and ftp attempts.

I read an article today about keyboard interactive auth allowing bruteforcing. I'm afraid I have minimal understanding of what keyboard-interactive really does. What does it do, and should I have my clients set it to off in sshd_config? --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |

I''m trying to figure out an elegant way to do this: I have the following three tables: people, employer, employees And consequently the following three models: class Person < ActiveRecord::Base end class Employer < ActiveRecord::Base has_many :employees end class Employee < ActiveRecord::Base belongs_to :person belongs_to :employer end I want to be able to say:

Hi, I am sad to say that there was a compromise of the WineHQ database system. What we know at this point that someone was able to obtain unauthorized access to the phpmyadmin utility. We do not exactly how they obtained access; it was either by compromising an admins credentials, or by exploiting an unpatched vulnerability in phpmyadmin. We had reluctantly provided access to phpmyadmin to the

Hey First of all, great project. Second, I was wondering if there is a program in the wine project, where it is possible to make different setups for the programs installed. Let me explain: I have Picasa installed, I also have C&C 3 installed, now C&C 3 I want to run in window mode and Picasa I don't want to run in window mode. Is it possible to make different setups for them? Or do

Suppose I have a CentOS 5.7 machine running the default Apache with no extra modules enabled, and with the "yum-updatesd" service running to pull down and install updates as soon as they become available from the repository. (Assume further the password is strong, etc.) On the other hand, suppose that as the admin, I'm not subscribed to any security alert mailing lists which send

I cannot install C&C Generals because after the first installation, I am prompted for disk #2. Problem is that disk #1 will not eject so that I can put in disk 2. I get the error message "Cannot unmount volume. An application is preventing the volume 'GENERALS1' from being unmounted." What do i do? [Question]

Hi, Since upgrading our mail servers to Postfix/Dovecot, we've seen a rather large increase in botnet brute force password attacks. I guess our old servers were too slow to suit their needs. Now, when they hit upon a valid user, it's easy to see what passwords they are trying (we've enabled auth_debug_passwords and set auth_verbose_passwords = plain). We can easily have log

Just a heads up. I recently built a new (XPSP2) image with the Kaspersky 6.0.3.837 on it. I had issues joining the domain with the AV running. Had to disable. (A domain controller for domain ABC could not be contacted.....) I didn't have AV on my previous image, so I don't know if version 5 did the same. I don't recall seeing this on the list, so I thought I would throw it out....

Hi, Given the recent increase in SIP brute force attacks, I've had a little idea. The standard scripts that block after X attempts work well to prevent you actually being compromised, but once you've been 'found' then the attempts seem to keep coming for quite some time. Older versions of sipvicious don't appear to stop once you start sending un-reachables (or straight