Script to count and handle failed logins

Use this forum if you have problems with a hMailServer script, such as hMailServer WebAdmin or code in an event handler.
Post Reply
akerber00
New user
New user
Posts: 16
Joined: 2008-06-04 05:28

Script to count and handle failed logins

Post by akerber00 » 2008-09-22 20:05

Does anyone have a script that will count failed login attempts from a particular IP, and send an email or some other form of notification when an arbitrary number of consecutive failed attempts is reached?

^DooM^
Site Admin
Posts: 13861
Joined: 2005-07-29 16:18
Location: UK

Re: Script to count and handle failed logins

Post by ^DooM^ » 2008-09-23 09:57

None to my knowledge. If you are having issues with brute force attacks turn tarpitting on.
If at first you don't succeed, bomb disposal probably isn't for you! ヅ

stick
New user
New user
Posts: 2
Joined: 2008-10-28 11:11

Re: Script to count and handle failed logins

Post by stick » 2008-10-28 11:15

does this also apply on failed pop3-logins? or only for SMTP-sessions.
This would also be a great feature if it applies on pop3-sessions, for example against brute-force attacks.

kind regards,
Ivar (new user :))

User avatar
martin
Developer
Developer
Posts: 6837
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: Script to count and handle failed logins

Post by martin » 2008-10-28 11:25

SMTP only.

There's a pending feature request that hMailServer should slow down / disconnect / block users which are trying to log on too many times. Implementation of that one will soon start I think...

stick
New user
New user
Posts: 2
Joined: 2008-10-28 11:11

Re: Script to count and handle failed logins

Post by stick » 2008-10-28 11:35

Great! thanx for the quick reply!
I'll be looking forward to that feature :)

kwreid
New user
New user
Posts: 1
Joined: 2008-11-29 09:22

Re: Script to count and handle failed logins

Post by kwreid » 2008-11-29 09:35

Speaking as someone who's just found an account on his hMailserver that was brute force attacked and has been sending spam mail, this really is a must-have requirement on both POP3 and SMTP.

Preventing attempted login using that account from that IP for a window of say 5 minutes after 3 failed attempts should be sufficient to eliminate any significant risk of brute force attacking passwords without impacting valid users who are trying to set up their mail account.

Looking through my logs it appears that this is becoming a much more common activity these days.

^DooM^
Site Admin
Posts: 13861
Joined: 2005-07-29 16:18
Location: UK

Re: Script to count and handle failed logins

Post by ^DooM^ » 2008-11-29 12:35

I'm sure the attempts / blocked time will be configurable.
If at first you don't succeed, bomb disposal probably isn't for you! ヅ

bugger
New user
New user
Posts: 1
Joined: 2009-01-15 12:19

Re: Script to count and handle failed logins

Post by bugger » 2009-01-15 12:28

Hello I'm having a hug problem with brute forceing, I'm under attack every 3'rd day filling up about 24 Megs og logfil with failed attempts, every time from a new ip-addr. but with new usernames every time, so it's safe to say, its the same attacker. I realy need som kind of
3 strike out
stuff with a time limit.

Do you know of any timeline of such a script or feature?

Post Reply