On Wed, November 21, 2007 10:00 am, Vernon A. Fort wrote:
> Chris Hilts wrote:
>> Well if they have the password as you indicated above, there isn't a
>> whole lot to "compromising" the account, is there?
>>
>>
> This is TRUE - it appears they did have the password but I am trying to
> find any kn
Paul Lesniewski wrote the following on 11/21/2007 2:17 PM -0800:
> On Nov 21, 2007 9:10 AM, Fredrik Jervfors <[EMAIL PROTECTED]> wrote:
>
> I also saw 10 - 20 attempts to log in and then we had a successful
> login on a users account. We have implemented sender_restriction and
> wil
Chris Hilts wrote the following on 11/21/2007 2:01 PM -0800:
> [EMAIL PROTECTED] wrote:
>
> > I already have fail2ban running to protect a ssh server. Until
> > now ( just 1 day ), it is running ok.
>
> > I will use your rules to protect squirrelmail too. :-) I already
> > use squirrel_lo
Chris Hilts grabbed a keyboard and wrote:
>
> [EMAIL PROTECTED] wrote:
>
> > I already have fail2ban running to protect a ssh server. Until
> > now ( just 1 day ), it is running ok.
>
> > I will use your rules to protect squirrelmail too. :-) I
> > already use squirrel_logger. :-)
>
>
On Nov 21, 2007 9:10 AM, Fredrik Jervfors <[EMAIL PROTECTED]> wrote:
> >>> I also saw 10 - 20 attempts to log in and then we had a successful
> >>> login on a users account. We have implemented sender_restriction and
> >>> will implement CAPTCHA after Thanksgiving.
> >
> > Maybe not effective or g
> > I already have fail2ban running to protect a ssh server. Until
> > now ( just 1 day ), it is running ok.
>
> > I will use your rules to protect squirrelmail too. :-) I already
> > use squirrel_logger. :-)
>
> I would recommend using fail2ban to protect the underlying SMTP and IMAP
> s
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[EMAIL PROTECTED] wrote:
> I already have fail2ban running to protect a ssh server. Until
> now ( just 1 day ), it is running ok.
> I will use your rules to protect squirrelmail too. :-) I already
> use squirrel_logger. :-)
I would recomme
Hi Bill,
> > I have never tested fail2ban before, even with sshd, so I don't
> > know if it is a good solution.
>
> Fail2ban is a very good solution server side solution. I posted this
> info to the SM list awhile back regarding using fail2ban with SquirrelMail:
>
> http://marc.info/?l=s
On Nov 21, 2007 7:17 AM, Rob Wright <[EMAIL PROTECTED]> wrote:
>
> On Wednesday 21 November 2007 09:06, Vernon A. Fort wrote:
> > Rob Wright wrote:
> > > On Wednesday 21 November 2007 08:27, Vernon A. Fort wrote:
> > >> To all,
> > >> I run a large webmail server, 19k + accounts. Lately, just th
[EMAIL PROTECTED] wrote the following on 11/21/2007 8:54 AM -0800:
> Hi,
>
>
>>> I also saw 10 - 20 attempts to log in and then we had a successful login
>>> on a users account. We have implemented sender_restriction and will
>>> implement CAPTCHA after Thanksgiving.
>>>
>
> Maybe n
>>> I also saw 10 - 20 attempts to log in and then we had a successful
>>> login on a users account. We have implemented sender_restriction and
>>> will implement CAPTCHA after Thanksgiving.
>
> Maybe not effective or good solution, but I am testing
> fail2ban.org, with sshd, and I saw a reference
Hi,
> > I also saw 10 - 20 attempts to log in and then we had a successful login
> > on a users account. We have implemented sender_restriction and will
> > implement CAPTCHA after Thanksgiving.
>
Maybe not effective or good solution, but I am testing
fail2ban.org, with sshd, and I saw a re
> We have been through the exact issue about two weeks ago. We had to route
> entire blocks of IP to null0 in my router and also killed them in the
> firewall. But I have seen a renewed "attack" from new ranges of IP's. Of
> course, the results of these attacks are that we have been blacklisted
Rob Wright wrote:
> On Wednesday 21 November 2007 09:06, Vernon A. Fort wrote:
>> Rob Wright wrote:
>>> On Wednesday 21 November 2007 08:27, Vernon A. Fort wrote:
To all,
I run a large webmail server, 19k + accounts. Lately, just this
month, i have had three different email accoun
On Nov 21, 2007, at 9:00 AM, Vernon A. Fort wrote:
> Chris Hilts wrote:
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA1
> >
> > Vernon A. Fort wrote:
> >
>
>
> This is TRUE - it appears they did have the password but I am trying
> to
> find any know exploit in the authentication method.
iction and will implement
CAPTCHA after Thanksgiving.
Zack
From: [EMAIL PROTECTED] [EMAIL PROTECTED] On Behalf Of Rob Wright [EMAIL
PROTECTED]
Sent: Wednesday, November 21, 2007 9:17 AM
To: Squirrelmail User Support Mailing List
Subject: Re: [SM-USERS] Compromis
On Wednesday 21 November 2007 09:06, Vernon A. Fort wrote:
> Rob Wright wrote:
> > On Wednesday 21 November 2007 08:27, Vernon A. Fort wrote:
> >> To all,
> >> I run a large webmail server, 19k + accounts. Lately, just this
> >> month, i have had three different email account send out spam email
Rob Wright wrote:
> On Wednesday 21 November 2007 08:27, Vernon A. Fort wrote:
>
>> To all,
>> I run a large webmail server, 19k + accounts. Lately, just this
>> month, i have had three different email account send out spam email.
>> Basically, the accounts have their personal information cha
Chris Hilts wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Vernon A. Fort wrote:
>
>
>> amount of spam email. It appears the exploiter obtained the password
>> and then compromised the account. The actual email user is completely
>> unaware of the compromise - meaning they did
On Wednesday 21 November 2007 08:27, Vernon A. Fort wrote:
> To all,
> I run a large webmail server, 19k + accounts. Lately, just this
> month, i have had three different email account send out spam email.
> Basically, the accounts have their personal information changed to a
> different name an
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Vernon A. Fort wrote:
> amount of spam email. It appears the exploiter obtained the password
> and then compromised the account. The actual email user is completely
> unaware of the compromise - meaning they did NOT send this spam email.
> When l
To all,
I run a large webmail server, 19k + accounts. Lately, just this
month, i have had three different email account send out spam email.
Basically, the accounts have their personal information changed to a
different name and reply to address. Then they send out quite a large
amount of
22 matches
Mail list logo
