Script to count and handle failed logins

[akerber00]

Does anyone have a script that will count failed login attempts from a particular IP, and send an email or some other form of notification when an arbitrary number of consecutive failed attempts is reached?

[^DooM^]

None to my knowledge. If you are having issues with brute force attacks turn tarpitting on.

[stick]

does this also apply on failed pop3-logins? or only for SMTP-sessions.
This would also be a great feature if it applies on pop3-sessions, for example against brute-force attacks.

kind regards,
Ivar (new user )

[martin]

SMTP only.

There's a pending feature request that hMailServer should slow down / disconnect / block users which are trying to log on too many times. Implementation of that one will soon start I think...

[stick]

Great! thanx for the quick reply!
I'll be looking forward to that feature

[kwreid]

Speaking as someone who's just found an account on his hMailserver that was brute force attacked and has been sending spam mail, this really is a must-have requirement on both POP3 and SMTP.

Preventing attempted login using that account from that IP for a window of say 5 minutes after 3 failed attempts should be sufficient to eliminate any significant risk of brute force attacking passwords without impacting valid users who are trying to set up their mail account.

Looking through my logs it appears that this is becoming a much more common activity these days.

[^DooM^]

I'm sure the attempts / blocked time will be configurable.

[bugger]

Hello I'm having a hug problem with brute forceing, I'm under attack every 3'rd day filling up about 24 Megs og logfil with failed attempts, every time from a new ip-addr. but with new usernames every time, so it's safe to say, its the same attacker. I realy need som kind of

3 strike out

stuff with a time limit.

Do you know of any timeline of such a script or feature?