Displaying 20 results from an estimated 6000 matches similar to: "Harvesting and Dictionary attacks"
2013 Apr 06
13
script to detect dictionary attacks
Hi
has someone a script which can filter out dictionary attacks
from /var/log/maillog and notify about the source-IPs?
i know about fail2ban and so on, but i would like to have
a mail with the IP address for two reasons and avoid fail2ban
at all because it does not match in the way we maintain firewalls
* add the IP to a distributed "iptables-block.sh" and distribute
it to any
2010 Mar 12
3
how to monitor,or be notified of email blacklisting ?
Hi,
Does anyone know how I can monitor our server's for blacklisting? We
run a large amount of shared hosting & reseller hosting servers and
from time to time one of the IP's will get blacklisted. I'm looking
for a way to be notified if any of our IP's get blacklisted. Is this
possible?
--
Kind Regards
Rudi Ahlers
SoftDux
Website: http://www.SoftDux.com
Technical Blog:
2020 Apr 22
2
Recommendations on intrusion prevention/detection?
> On 22. Apr 2020, at 19.14, Michael Peddemors <michael at linuxmagic.com> wrote:
> The three most common attack vectors, (and attack volumes have never been higher) are:
>
> * Sniffed unencrypted credentials
> (Assume every home wifi router and CPE equipment are compromised ;)
> * Re-used passwords where data is exposed from another site's breach
> (Users WANT to
2010 Nov 10
1
dovecot dictionary attacks
Hi, I been using dovecot for awhile and its been solid, however I been
having some issues with dictionary attacks.
I installed fail2ban and for the most part is working fine. However today I
got another spammer relaying through my server.
Looking at the logs I see the following dictonary attack from 94.242.206.37
Nov 10 03:04:38 pop dovecot: pop3-login: Disconnected: rip=94.242.206.37,
2008 Jan 21
5
denyhosts-like app for MySQLd?
Hi all,
?Is there any app like denyhosts[1] but intended for MySQLd service?
We have a mysql ports (3306) opened for remote connections, and
obviously the /var/db/mysql/machine_name.log is full of these kind of
entries:
...........
936012 Connect Access denied for user 'user'@'85.19.95.10' (using
password: YES)
936013 Connect Access denied for user
2006 Mar 22
1
mixed ordinal logistic regression
Dear Colleagues,
I hope to know how ordinal logistic regression with a mixed model is made
in R. We (My colleague and I) are studying the behavior of a beetle. The
attraction of beetles to a stimulus are recorded: the response is Slow,
Mid, or Fast. They are based on the time after the presentation of the
stimulus to the beetles. Because we do not observe the behavior
continuously but do
2012 Apr 25
5
Does SMTP Connection Drop When Posfix Reload is Issued ?
Dear Community Friends Greetings,
i work with ISP, we host email service for almost 500+ companies and 200+
mail servers relay through my smart host.
i implemented something that when our smart host would become blacklisted.
It will automatic switch to next available smart host (which is ready
sitting). that mean it will start relaying message through another smart
host automatically.
i think i
2007 Aug 30
28
Multi-Isp Masqerade ?
Mike Lander wrote:
> I am building a shorewall box that the last post has the SSH error and
> wanted
> some feedback from the list if possible. At first I thought the two ISP''s
> I
> building this
> for had two T-1''s with FQ ip''s as it. I have the box built for this ready
> to
> go.
> Now I find out that one of the T-1''s is
2010 Feb 01
1
nut mailing-list user by spammers
Hi,
FYI, I started receiving spam to the email address I use only for this
mailing-list, about one week after I posted a couple messages onto it.
So the nut mailing-list is definitely used by spammers for email addresses
harvesting :-(
--
Michel Bouissou <michel at bouissou.net> OpenPGP ID 0xEB04D09C
2014 Jun 17
3
RFE: dnsbl-support for dovecot
after having my own dnsbl feeded by a honeypot and even
mod_security supports it for webservers i think dovecot
sould support the same to prevent dictionary attacks from
known bad hosts, in our case that blacklist is 100%
trustable and blocks before SMTP-Auth while normal RBL's
are after SASL
i admit that i am not a C/C++-programmer, but i think
doing the DNS request and in case it has a
2008 Aug 15
3
POP3 dictionary attacks
I'm seeing strings of failed POP3 login attempts with obvious bogus
usernames coming from different IP addresses. Today's originated from
216.31.146.19 (which resolves to neovisionlabs.com). This looks like a
botnet attack. I got a similar probe a couple days ago. Is anyone else
seeing these?
The attack involves trying about 20 different names, about 3-4 seconds
apart. Here's a
2006 Jun 27
1
Postfix "userlookup" via Dovecot Auth
I'm hoping to take advantage of authentication caching via
dovecot-auth. I see that posfix can communicate with Dovecot-Auth, via
SASL, but from what I can see, postfix only does this for
authentication checks.
Not 100% sure how postfix handles virtual_transport (I assume it needs
to do a lookup via virtual_mailbox_maps), but I can't see anyway to
get virtual_mailbox_maps to use
2006 Aug 16
1
Email dictionary attacks and firewall
I keep seeing 'Joe Average compromised computer on broadband' being used
to do email dictionary attacks on our systems. Seems I always have
several domains going through these. One in particular has been in the
'a-' list for weeks with about 20,000 attempts per day from various
systems. Yeah, I do have a system which blocks email from these systems
for a period of time after 3
2005 Oct 02
11
Repeated attacks via SSH
Everyone:
We're starting to see a rash of password guessing attacks via SSH
on all of our exposed BSD servers which are running an SSH daemon.
They're coming from multiple addresses, which makes us suspect that
they're being carried out by a network of "bots" rather than a single attacker.
But wait... there's more. The interesting thing about these attacks
is that
2004 Feb 28
8
Looking for a Volunteer
The 2.6 kernel series includes Netfilter ''physdev'' match support. That support
makes it feasible for Shorewall to support bridge/firewall configurations.
I''m looking for early testers of such support.
Requirements:
a) Willing to run Shorewall 2.0.0-RC1 or later (RC1 will be released in a day
or so) plus private updates.
b) Running a 2.6 kernel or a 2.4 kernel with
2008 Mar 12
4
outlook2003 fails sasl authentication
Hello all i have postfix running with dovecot-sasl and mysql as a backend.
It all runs good.
I run into trouble as where outlook 2003 fails to authenticate when
sending e-mail.
I have thunderbird outlook2007 and 2003 clients.
The tunderbird and 2007 clients are working OK, the outlook2003 client
get the relay access denied message.
In the postfix log i see it is not initiating sasl
they all
2010 Jul 06
2
Logwatch with Postfix and Amavisd-new
I'm trying to get usable reports out of logwatch on this new system.
Looks like the reports are running in an 'unformatted' mode under
Postfix/Amavisd.
I found a couple of programs, postfix-logwatch and amavisd-logwatch.
These sound promising. I am running Amavisd as the frontend to Postfix.
Is anybody running either of these as a logwatch filter?
If so, is it repetitive to run
2005 Jan 25
9
Ftp Broken in Dmz
I have had a web server listining sql-1433, www 80,
ftp-21 using proxy arp with sub-netting in a three interface DMZ.
All these ports are in the rules file as ACCEPT.
With one exeception that 1433 allows a few host from
the net. 21 and 80 allow all net to dmz connections.
The policy is DMZ to net ACCEPT
This has been working great for about a month or more until I rebooted
the
2004 Dec 07
16
Dmz
Hey Tom,
I have successfully set up to servers on a Dmz practice network woohoo
:).
If I take out the proxyarp option in /etc/shorewall/interfaces
Then Dmz can ping outside ip''s on the net but not and of my servers
on network 66.224.62.96/27 (Other than its own gateway server 66.224.62.120)
The reason I ask is to learn. I thought I would not need the proxyarp
option for this to
2007 Nov 30
3
How to delete mails in the mailq in ONE DAY -- POSTFIX
I am runnig posfix on Centos 4.4 as a Mailgateway. It only accepts mails for
domains and then forwards mails to Lotus domino Server.
All clients sends outgoing mails to that Lotus domino Server. Then , That
Lotus Domino Server sends mails to Postfix mailgateway. This postfix
mailgateway sends mails to all the destinations. But, This Postfix
mailgateway has about 150 messages in the mailq. Some