Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.mail.misc > #861

Re: Brute-forcing email accounts

From Bruce Esquibel <bje@ripco.com>
Newsgroups comp.mail.misc
Subject Re: Brute-forcing email accounts
Date 2016-10-07 21:40 +0000
Organization Ripco Communications Inc.
Message-ID <nt94p8$crv$1@remote5bge0.ripco.com> (permalink)
References <abvevb99q500os5uocu7l8ju158v3qeqeq@4ax.com>

Show all headers | View raw

Hans-Georg Michna <hans-georgNoEmailPlease@michna.com> wrote:

> My server runs under Plesk, and my knowledge of Linux is
> superficial. There is always hope, of course, that Plesk one day
> improves resistance against cyberattacks.

It's time to get your hands dirty and quit relying on those stupid control
panels.

Both of these work wonders, protects the sshd, imap, pop and smtp with or
without ssl/tls support. 

Once an attacker from the same ip address enters 4 or 5 bad password, it's
locked out. For how long is adjustable.

http://www.aczoom.com/blockhosts/

http://www.sshguard.net

But here is the run down, blockhosts is probably obsolete unless you use
it with iptables. It used to be dumb simple to install using the hosts.deny
and hosts.allow files, but the recent changes to ssh/ssl, they don't support
the tcpwrappers anymore, so it's iptables or nothing.

The sshguard works well for a replacement but is difficult to get going.
Unlike blockhosts, adding in or modifying the rules (how it parses the log
files) isn't there. For solaris I ended up using a combination of the native
syslog and syslog-ng.

Both will require an understanding of parsing log files and how to setup and
make rules for the firewall. It's a steep, complicated hill to climb.

But when you get them to fire up, they pretty much are maintenance free.
They clean up themselves over time (take out dead or expired entries). Only
reason to poke a stick at them is if an idiot user sets up a new device and
"thinks" they know what the password is. You have to figure it out and put
in an exception but it's no big deal.

The blockhosts pretty much works on anything that has python on it, the
sshguard will need to be compiled to the box it's going to work. If you don't
know how to compile software, add that to the list of stuff to learn.

Good luck.

-bruce
bje@ripco.com

Back to comp.mail.misc | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

Brute-forcing email accounts Hans-Georg Michna <hans-georgNoEmailPlease@michna.com> - 2016-10-07 12:56 +0200
  Re: Brute-forcing email accounts Ivan Shmakov <ivan@siamics.net> - 2016-10-07 11:13 +0000
  Re: Brute-forcing email accounts Bruce Esquibel <bje@ripco.com> - 2016-10-07 21:40 +0000
  Re: Brute-forcing email accounts Hans-Georg Michna <hans-georgNoEmailPlease@michna.com> - 2016-10-10 18:32 +0200

csiph-web