I get quite a lot fo brute force attempts in my maillog. The only way I notice it now is the ossec warning of /var/log/messages having a higher number of lines than usual. Then I can go inte the maillog and see if the same IP that appears in messages apears in amillog with failed password attempt. An automatic shutout of the IP would be great, wouldn't it?
Joined: Wed Jan 02, 2008 3:21 pm Posts: 515 Location: United Kingdom
FYI: Recently seen a lot of brute-force attempts to authenticate via POP/IMAP, so suspect spammers are looking for authenticated POP3 credentials for SMTP use. Been using pam_abl to help tackle the worst culprits, but would defer to ASL if it offered same/better.
Users browsing this forum: No registered users and 1 guest
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot post attachments in this forum