On 2/14/2011 2:21 PM, Carlos Lopez wrote: >> I was wondering whether there is some way in Courier (using >> authlib, >> using authmysql) to catch the event of a multiple login >> failure, such as >> in the case of spambots trying to bruteforce an account, to >> temporarily >> ban the IP? > You can use either, Mysql or authlib logs and then do a grep or any similar > tools that can filter any failure login. > > If you want to ban the IP that any anonymous user is using to login, in my > case I've used Linux IPTABLES and dynamic rule changing thru a scrip.
Check out fail2ban. You can use it to watch the log files and ban any IP with more than a certain number of failures. It can be used for any service that logs failures. -- Bowie ------------------------------------------------------------------------------ The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
