Roy, Your server's settings will determine if this attack will be blocked. Check under Security/Login Manager and see the Host rules. They may need to be adjusted.
If that looks ok, try running pam_abl as root from the command line and see if you get any errors. If you do, you may need to delete the files it uses. If you delete the files, they will be recreated automatically. I mention this because I've seen these files become corrupted and deleting them was the only fix I could find. Eric On 5/24/13 8:46 AM, Roy Urick wrote: > during troubleshooting of a new server install, I noticed one single IP > slowly doing a dictionary attack of sorts against pop. (one attempt > every 30-6 seconds, user name is incrementing alphabetically) > > Even though I see all of these attempts from the one IP, that host isnt > showing in the failed logins GUI. Normal? > _______________________________________________ > Blueonyx mailing list > Blueonyx@mail.blueonyx.it > http://mail.blueonyx.it/mailman/listinfo/blueonyx _______________________________________________ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx
