store | blogs | forums | twitter | facebook | wiki | downloads | support portal
Atomic Secure Linux
It is currently Mon Oct 20, 2014 9:02 am

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 8 posts ] 
Author Message
 Post subject: Check maillog for brute force
Unread postPosted: Thu Mar 12, 2009 3:59 am 
Offline
Forum Regular
Forum Regular

Joined: Tue Jul 15, 2008 2:38 pm
Posts: 778
Location: Sweden
I get quite a lot fo brute force attempts in my maillog. The only way I notice it now is the ossec warning of /var/log/messages having a higher number of lines than usual. Then I can go inte the maillog and see if the same IP that appears in messages apears in amillog with failed password attempt. An automatic shutout of the IP would be great, wouldn't it?


Top
 Profile  
 
 Post subject: Re: Check maillog for brute force
Unread postPosted: Thu Mar 12, 2009 8:55 am 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 7935
Location: earth
Partially implemented, it should pop up in the 2.1 snapshots in the next few days. Thanks!


Top
 Profile  
 
 Post subject: Re: Check maillog for brute force
Unread postPosted: Thu Mar 12, 2009 9:47 am 
Offline
Forum Regular
Forum Regular

Joined: Wed Jan 02, 2008 3:21 pm
Posts: 521
Location: United Kingdom
The same for any log-in/authentication failures (X failures in Y mins) would be very useful.


Top
 Profile  
 
 Post subject: Re: Check maillog for brute force
Unread postPosted: Thu Mar 12, 2009 10:19 am 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 7935
Location: earth
What Ive got in this update so far are brute force detection against smtp_auth, and the plesk daemon itself.


Top
 Profile  
 
 Post subject: Re: Check maillog for brute force
Unread postPosted: Thu Mar 12, 2009 10:26 am 
Offline
Forum Regular
Forum Regular

Joined: Tue Jul 15, 2008 2:38 pm
Posts: 778
Location: Sweden
My God you're good... ;)


Top
 Profile  
 
 Post subject: Re: Check maillog for brute force
Unread postPosted: Thu Mar 12, 2009 10:54 am 
Offline
Forum Regular
Forum Regular

Joined: Wed Jan 02, 2008 3:21 pm
Posts: 521
Location: United Kingdom
FYI: Recently seen a lot of brute-force attempts to authenticate via POP/IMAP, so suspect spammers are looking for authenticated POP3 credentials for SMTP use. Been using pam_abl to help tackle the worst culprits, but would defer to ASL if it offered same/better.


Top
 Profile  
 
 Post subject: Re: Check maillog for brute force
Unread postPosted: Thu Mar 12, 2009 1:05 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 7935
Location: earth
Good info, we'll start working that in too. Thanks!


Top
 Profile  
 
 Post subject: Re: Check maillog for brute force
Unread postPosted: Thu Mar 12, 2009 1:26 pm 
Offline
Forum Regular
Forum Regular

Joined: Wed Jan 02, 2008 3:21 pm
Posts: 521
Location: United Kingdom
Great! :D


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 8 posts ] 

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group