Results 1 to 10 of 10

Hybrid View

  1. #1
    Join Date
    Sep 2008
    Location
    NL,IR
    Posts
    1,491

    Dovecot Brut force

    hello these logs are send by logwatch to me
    how can i fix the problem
    its near 12000 line

    dovecot[2895]: auth-worker(16753): shadow(access,91.183.99.84): unknown user: 32 Time(s)
    dovecot[2895]: auth-worker(16753): shadow(account,91.183.99.84): unknown user: 32 Time(s)
    dovecot[2895]: auth-worker(16753): shadow(admin,91.183.99.84): Password mismatch: 32 Time(s)
    dovecot[2895]: auth-worker(16753): shadow(administrador,91.183.99.84): unknown user: 9 Time(s)
    dovecot[2895]: auth-worker(16753): shadow(administrator,91.183.99.84): unknown user: 22 Time(s)
    dovecot[2895]: auth-worker(16753): shadow(alfredo,91.183.99.84): unknown user: 10 Time(s)
    dovecot[2895]: auth-worker(16753): shadow(angel,91.183.99.84): unknown user: 9 Time(s)
    dovecot[2895]: auth-worker(16753): shadow(antonio,91.183.99.84): unknown user: 10 Time(s)
    dovecot[2895]: auth-worker(16753): shadow(backup,91.183.99.84): unknown user: 31 Time(s)
    dovecot[2895]: auth-worker(16753): shadow(bill,91.183.99.84): unknown user: 9 Time(s)
    dovecot[2895]: auth-worker(16753): shadow(carmelo,91.183.99.84): unknown user: 9 Time(s)
    dovecot[2895]: auth-worker(16753): shadow(clark,91.183.99.84): unknown user: 10 Time(s)
    dovecot[2895]: auth-worker(16753): shadow(client,91.183.99.84): unknown user: 10 Time(s)
    dovecot[2895]: auth-worker(16753): shadow(club,91.183.99.84): unknown user: 8 Time(s)
    dovecot[2895]: auth-worker(16753): shadow(company,91.183.99.84): unknown user: 9 Time(s)
    dovecot[2895]: auth-worker(16753): shadow(contact,91.183.99.84): unknown user: 10 Time(s)
    dovecot[2895]: auth-worker(16753): shadow(contas,91.183.99.84): unknown user: 10 Time(s)
    dovecot[2895]: auth-worker(16753): shadow(cs,91.183.99.84): unknown user: 10 Time(s)

  2. #2

  3. #3
    Join Date
    Sep 2008
    Location
    NL,IR
    Posts
    1,491
    BFD:
    it has scan all log every 3 min to check brute force and detect some ips,
    what will bfd do after detect ips?
    add them to iptables and ban them from server service access ?

  4. #4
    Quote Originally Posted by mixmox View Post
    BFD:
    it has scan all log every 3 min to check brute force and detect some ips,
    what will bfd do after detect ips?
    add them to iptables and ban them from server service access ?
    That's what I have it do. You can set it to do whatever you want basically, but I just have it ban the IP with iptables.

  5. #5
    Join Date
    Mar 2003
    Location
    /root
    Posts
    23,990
    You can also try CSF: http://configserver.com/cp/csf.html

    Works well for us.

    Specially 4 U
    Reseller Hosting: Boost Your Websites | Fully Managed KVM VPS: 3.20 - 5.00 Ghz, Pure Dedicated Power
    JoneSolutions.Com is on the net 24/7 providing stable and reliable web hosting solutions, server management and services since 2001
    Debian|Ubuntu|cPanel|DirectAdmin|Enhance|Webuzo|Acronis|Estela|BitNinja|Nginx

  6. #6
    Join Date
    Sep 2008
    Location
    NL,IR
    Posts
    1,491
    which csf option check dovecot for Brut force ?

  7. #7
    Join Date
    Apr 2013
    Location
    Toronto, Canada
    Posts
    34
    Quote Originally Posted by mixmox View Post
    which csf option check dovecot for Brut force ?
    CSF includes LFD which checks for failed e-mail logins. Just disable the testing mode in /etc/csf/csf.conf restart CSF and it will work fine.
    CharmServer
    ► Fast Web Hosting, Canada datacenters, 99.99-100% uptime
    ► SSD Disks, cPanel, FFMPEG, Softaculous

  8. #8
    Do you have cpanel installed? If you do I would recommend installing csf (as well as lfd) and configure its fail-attempt ip blacklisting.

  9. #9
    Install CSF firewall as suggested and configure login failure for email, FTP, SSH etc. This should prevent brute force login from the same IP address.

  10. #10
    Join Date
    Sep 2013
    Posts
    9

    dovecot bruteforce

    I would recommend installing csf (as well as lfd) and configure its fail-attempt ip blacklisting.

Similar Threads

  1. Who use's Brut Force Scripts
    By ParagonHost in forum Hosting Security and Technology
    Replies: 12
    Last Post: 02-16-2013, 04:55 PM
  2. Dovecot or Courier ?
    By kikloo in forum Dedicated Server
    Replies: 10
    Last Post: 06-28-2011, 03:49 AM
  3. Dovecot
    By smrtalex in forum Hosting Security and Technology
    Replies: 6
    Last Post: 10-09-2008, 04:54 PM
  4. Certificate for dovecot on .............
    By jestin in forum Dedicated Server
    Replies: 3
    Last Post: 05-28-2008, 04:25 PM
  5. dovecot/postfix help!
    By aussiev8 in forum Hosting Software and Control Panels
    Replies: 0
    Last Post: 05-07-2007, 09:30 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •