similar to: login processes from attacks staying for hours

Displaying 20 results from an estimated 10000 matches similar to: "login processes from attacks staying for hours"

2006 Aug 30
3
No tcp wrappers, other ideas to help stop brute force attacks?
I'm looking for a way to deny access to dovecot from certain IP addresses, basically to help prevent brute force attacks on the server. Right now I'm using denyhosts which scans /var/log/secure for authentication failures which then can add an entry to /etc/hosts.deny, but since dovecot doesn't have tcp wrappers support, that doesn't do anything. It doesn't look like I can
2008 Jan 30
5
One approach to dealing with SSH brute force attacks.
Message-ID: <479F2A63.2070408 at centos.org> On: Tue, 29 Jan 2008 07:30:11 -0600, Johnny Hughes <johnny at centos.org> Subject Was: [CentOS] Unknown rootkit causes compromised servers > > SOME of the script kiddies check higher ports for SSH *_BUT_* I only see > 4% of the brute force attempts to login on ports other than 22. > > I would say that dropping brute force
2009 Aug 20
5
protecting multiuser systems from bruteforce ssh attacks
Hello, What is the best way to protect multiuser systems from brute force attacks? I am setting up a relatively loose DenyHosts policy, but I like the idea of locking an account for a time if too many attempts are made, but to balance this with keeping the user from making a helpdesk call. What are some policies/techniques that have worked for this list with minimal hassle? Thanks! -Eugene
2007 Mar 30
7
Some additional attacks on Cookie Session
Aside from the replay attacks discussed, there are some other attack vectors on the cookie_session store. I appreciate (and admire!) Jeremy''s good humor on all of this: > Planting the seed here led to quick ripening and plenty of pesticide. > Thanks for the fish, all. > > jeremy Anyway, here''s what we came up with: 1. Brute Force SHA512 can be computed _very_ fast.
2024 Apr 25
1
how to block brute force attacks on reverse tunnels?
On 25.04.24 17:15, openssh-unix-dev-request at mindrot.org digested: > Subject: how to block brute force attacks on reverse tunnels? > From: Steve Newcomb <srn at coolheads.com> > Date: 25.04.24, 17:14 > > For many years I've been running ssh reverse tunnels on portable Linux, > OpenWRT, Android etc. hosts so they can be accessed from a server whose > IP is stable
2010 Jan 11
2
Securing http authentication from brute force attacks
We have several web applications deployed under Apache that require a user id / password authentication. Some of these use htdigest and others use the application itself. Recently we have experienced several brute force attacks against some of these services which have been dealt with for the nonce by changes to iptables. However, I am not convinced that these changes are the answer. Therefore
2010 Jun 29
3
Find a way to block brute force attacks.
Hello list. I'm trying to find a way to block any ip that tries to login more than three times with the wrong password and try to log in three different extensions. For I have suffered some brute force attacks on my asterisk in the morning period. The idea would be: Any ip with three attempts without success to log into an extension is blocked. Is there any way to accomplish this directly
2005 Feb 23
9
shorewall friendly way of limiting ssh brute force attacks?
I was wondering if anyone had implemented rules like this in shorewall: http://blog.andrew.net.au/tech I see tons of brute force attempts on the machines I administer, and I like the idea of limiting them without the need for extra daemons scanning for attacks. Thanks, Dale -- Dale E. Martin - dale@the-martins.org http://the-martins.org/~dmartin
2013 Apr 06
13
script to detect dictionary attacks
Hi has someone a script which can filter out dictionary attacks from /var/log/maillog and notify about the source-IPs? i know about fail2ban and so on, but i would like to have a mail with the IP address for two reasons and avoid fail2ban at all because it does not match in the way we maintain firewalls * add the IP to a distributed "iptables-block.sh" and distribute it to any
2015 Feb 03
6
Another Fedora decision
On Tue, Feb 3, 2015 at 2:03 PM, Always Learning <centos at u64.u22.net> wrote: > > Nothing wrong with letting "an expert" preconfigure the system and then, > after installation, the SysAdmin checking to ensure all the settings > satisfy the SysAdmin's requirements. > I'd just rather see them applying their expertise to actually making the code resist
2016 Jun 17
1
https and self signed
On Thu, June 16, 2016 14:23, Valeri Galtsev wrote: > > On Thu, June 16, 2016 1:09 pm, Gordon Messmer wrote: >> >> I doubt that most users check the dates on SSL certificates, >> unless they are familiar enough with TLS to understand that >> a shorter validity period is better for security. > > Oh, this is what he meant: Cert validity period. Though I agree >
2008 Jun 30
5
sip extension compromised, need help blocking brute force attempts
Hello, yesterday one of the extensions on my asterisk server got compromised by brute-force attack. The attacker used it to try pull an identity theft scam playing a recording from a bank "your account has been blocked due to unusual activity, please call this number..." Attacker managed to make lots of calls for around 8 hours before I detected it and changed the password for that
2008 Nov 28
6
How to delay failed ssh auth
Hi! I need to delay failed ssh password authentication as an additional measure against brute force ssh attacks. I understand, that shoud be accomplished through pam, but googling gave me no example. I have CentOS 5.2. -- Veiko Kukk
2015 Jun 23
2
dovecot auth using 100% CPU
Jorge Bastos <mysql.jorge at decimal.pt> wrote: > What do you see in the logs? > My guess is that someone is trying a brute force auth against you, Thanks Jorge, I think this is the answer. I'm using dovecot for exim4 SMTP authentication. The exim4 logs show brute force attacks. -- Edward.
2009 Sep 03
3
avoiding DoS
Hi, I was just looking for some advice on avoiding getting DoS'd from brute force log in attempts. We came in this morning to find that one of our Solaris 9 dovecot severs had wedged overnight due to a brute force connection attempt to pop3 from Brasil. In the span of about 15 seconds we received 342 connection auth attempts from the same IP: Sep 3 00:10:51 xxxxx dovecot: [ID 583609
2009 Jun 02
3
Dovecot under brute force attack - nice attacker
Hi List, optimizing the configuration on one of our servers (which was hit by a brute force attack on dovecot) showed an odd behavior. The short story: On one of our servers an attacker did a brute force attack on dovecot (pop3). Since the attacker closed and reopened the connection after every user/password combination the logs showed many lines like this: dovecot: pop3-login: Aborted
2024 Apr 25
1
how to block brute force attacks on reverse tunnels?
For many years I've been running ssh reverse tunnels on portable Linux, OpenWRT, Android etc. hosts so they can be accessed from a server whose IP is stable (I call such a server a "nexus host"). Increasingly there's a problem with brute force attacks on the nexus host's tunnel ports. The attack is forwarded to the portable tunneling host, where it fails, but it chews up
2009 Jun 04
3
Dovecot under brute force attack - nice attacker
Hi List, optimizing the configuration on one of our servers (which was hit by a brute force attack on dovecot) showed an odd behavior. Dovecot Version 1.0.7 (CentOS 5.2) The short story: On one of our servers an attacker did a brute force attack on dovecot (pop3). Since the attacker closed and reopened the connection after every user/password combination the logs showed many lines like
2009 Jan 09
5
lock SIP Account after too many failed logins
Hi! I want to detect brute-force password hacking attacks - thus if there are too many failed login attempts for a SIP account I want to "lock" this account. Does somebody have any ideas how this could be implemented? thanks klaus
2008 Jul 21
20
Ideas for stopping ssh brute force attacks
just wanted to get some feedback from the community. Over the last few days I have noticed my web server and email box have attempted to ssh'd to using weird names like admin,appuser,nobody,etc.... None of these are valid users. I know that I can block sshd all together with iptables but that will not work for us. I did a little research on google and found programs like sshguard and