This is true. While brute force attacks persist, we rarely see a
connection between that and compromised accounts these days. Most often
the attacker knew the password immediately. Now what would be cool, and
has always been on my list of "maybe one day" features, would be either
using an API from haveibeenpwned.com or merely keeping a copy of
publicly released database leaks, and then testing results internally.
If an email in a database dump matches one in your system, test the
password leaked with it. If it works, force password change.
I think a lot more people will be doing things like this in the future,
it's hardly a fresh idea. But the amount of compromises it would prevent
are likely enough to justify the overhead of building it out.
On 2021-09-22 01:38, Lena--- via mailop wrote:
From: Alessio Cecchi <ales...@skye.it>
we are an email hosting provider, and as you know many users use weak
passwords, or have trojan on their PC that stolen their password that
are used to sent spam or doing some kinds of fraud.
We already have a "script" that checks, from log files, the country of
the IP address and "do something" to detect if is an unusual login.
But
is not really sufficient.
I suspect that stealing passwords with trojans is more successful
than brute-forcing passwords via POP, IMAP or SMTP.
Therefore, detecting logins for brute-forcing is not enough.
You need to detect when stolen passwords are used to send spam
via your server. One approach is to check rate of attempts to send
to non-existent recipient email addresses, because spammers usually
send to dirty lists of email addresses full of message-ids,
truncated email addreses or prepended with garbage.
I wrote an implementation for Exim:
https://github.com/Exim/exim/wiki/BlockCracking
It also detects some brute-forcing, but the main is automatic blocking
of accounts used for spamming with trojan-stolen passwords.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
