Are you the publisher? Claim or contact us about this channel


Embed this content in your HTML

Search

Report adult content:

click to rate:

Account: (login)

More Channels


Channel Catalog


Articles on this Page

(showing articles 121 to 122 of 122)
(showing articles 121 to 122 of 122)

Channel Description:

Posts that are unanswered

older | 1 | .... | 5 | 6 | (Page 7)

    0 0

    Hi,

    I have all my emails saved into my folders with mention "TO" instead of "FROM" as it used to be.Please see the printscreen below.

    Someone has any idea why it is like that?

    Many thanks for your help.

    Larbi

     

     

     


    0 0

    Judging by the IMAP log, we have recently been the subject of a brute force attack on our Mercury based IMAP server. The Mercury manual is a bit vague, but implies that steps are taken to temporarily (30 min) blacklist misbehaving IP addresses. There is an option to override the short term blacklist, but no description about what would trigger the block.

    My concern is that there is no sign in the log that it is doing any blocking. Here is a short except:

    Password failure, user 'website', from 59.167.127.168
    Password failure, user 'wesley', from 120.151.142.86
    Connection from 211.31.199.182, Sun Feb 21 04:13:14 2016
    Connection from 59.167.127.168, Sun Feb 21 04:13:14 2016
    usa at 211.31.199.182: 1 sec. elapsed, connection closed Sun Feb 21 04:13:14 2016
    Password failure, user 'wanson', from 59.167.127.168
    Connection from 211.31.199.182, Sun Feb 21 04:13:14 2016
    website at 59.167.127.168: 0 sec. elapsed, connection closed Sun Feb 21 04:13:14 2016
    wesley at 120.151.142.86: 0 sec. elapsed, connection closed Sun Feb 21 04:13:14 2016
    Connection from 211.31.199.182, Sun Feb 21 04:13:14 2016
    Password failure, user 'webuser', from 211.31.199.182
    Connection from 211.31.199.182, Sun Feb 21 04:13:14 2016
    Password failure, user 'vincent', from 59.167.127.168
    Connection from 120.151.142.86, Sun Feb 21 04:13:15 2016
    wanson at 59.167.127.168: 1 sec. elapsed, connection closed Sun Feb 21 04:13:15 2016
    Connection from 120.151.142.86, Sun Feb 21 04:13:15 2016
    Password failure, user 'waters', from 211.31.199.182
    Password failure, user 'vanessa', from 211.31.199.182
    Connection from 120.151.142.86, Sun Feb 21 04:13:15 2016
    Connection from 120.151.142.86, Sun Feb 21 04:13:15 2016
    webuser at 211.31.199.182: 1 sec. elapsed, connection closed Sun Feb 21 04:13:15 2016
    Password failure, user 'video', from 211.31.199.182

    this suggests that multiple password attempts have been permitted within a few seconds. The 3 IP addresses implicated in the attack caused about 2.4Mb of log similar to this excerpt in about 15 minutes.

     So my questions are:

    Is there a defence built in against a brute force attack on the IMAP server?

    Is there any evidence from this log or elsewhere I could look, that it is actually working (or definitely not working)?

    If it is not working, any suggestions to auto-block IP addresses that make repeated failed login attempts would be very welcome.

    Many thanks for any help

     

     

     


older | 1 | .... | 5 | 6 | (Page 7)