Dictionary attacks on ipop3d

Discussion in 'Server Operation' started by DrZaius, Mar 29, 2007.

  1. DrZaius

    DrZaius New Member

    I have seen thousands of dictionary or brute force attempts on ipop3d over the last couple of days from the same ip address. Example from /var/log/messages:

    Mar 28 04:34:36 ipop3d[19269]: Login failed user=jess auth=jess host=[209.2.xxx.xxx]

    There are at least five of these entries per second and sometimes the large number of attempts makes the daemon restart. On the chance that an existing user is attacked a message sometimes looks like this:
    Mar 28 04:32:33 ipop3d[18739]: Autologout user=example host=[209.2.xx.xx]

    What is going on here? Why are they attempting to gain access to ipop3d since, as I understand it, this daemon just collects the mail and spammers would be more interested in sending mail from this server?

    Also, is there anything that can be done to prevent entry since they could eventually brute force a client's weak password?
     
    Last edited: Mar 29, 2007
  2. falko

    falko Super Moderator ISPConfig Developer

  3. DrZaius

    DrZaius New Member

  4. falko

    falko Super Moderator ISPConfig Developer

Share This Page