Not stupid really. I don't know of one.
Would someone care to create a wiki page about fail2ban on a toaster? Or
perhaps write an install script for it that could be included in QTP?
Ole N.Johansen wrote:
Hello again,
Sounds pretty stupid but is there a script to test “email harvesting” -
I have to check my fail2ban addition..
Perhaps I got it right, but no one tries to hammer my vpopmail ..
Ole J
------------------------------------------------------------------------
*From:* Constantin IOAJA [mailto:io...@cartel-alfa.ro]
*Sent:* 28. august 2009 21:40
*To:* qmailtoaster-list@qmailtoaster.com
*Subject:* Re: [qmailtoaster] re: harvesting
Maxwell Smart wrote:
Greetings fellow Qmailers,
I am trying to find a way to block harvesters. I am using Fail2ban, but
must not have it set up correctly to block the harvesters after 3
attempts. If anyone can shed some light on how to set this up it would
be greatly appreciated.
Here is my vpopmail logwatch
*OSSEC http://www.ossec.net/
" OSSEC is an Open Source Host-based Intrusion Detection System. It
performs log analysis, file integrity checking, policy monitoring,
rootkit detection, real-time alerting and active response."
Regards
Constantin *
-------------------------------------
*E-mail Notification*
==============
OSSEC HIDS Notification.
2009 Aug 28 14:09:22
Received From: mail->/var/log/maillog
Rule: 9952 fired (level 10) -> "POP3 brute force (email harvesting)."
Portion of the log(s):
Aug 28 14:09:20 mail vpopmail[5529]: vchkpw-pop3: vpopmail user not
found test@:62.20.103.103 <mailto:test@:62.20.103.103>
Aug 28 14:09:20 mail vpopmail[5526]: vchkpw-pop3: vpopmail user not
found support@:62.20.103.103 <mailto:support@:62.20.103.103>
..............................................................
Aug 28 14:09:17 mail vpopmail[5501]: vchkpw-pop3: vpopmail user not
found support@:62.20.103.103 <mailto:support@:62.20.103.103>
Aug 28 14:09:16 mail vpopmail[5497]: vchkpw-pop3: vpopmail user not
found support@:62.20.103.103 <mailto:support@:62.20.103.103>
-------------------------------
OSSEC HIDS Notification.
2009 Aug 28 14:19:56
Received From: mail->/var/log/maillog
Rule: 9952 fired (level 10) -> "POP3 brute force (email harvesting)."
Portion of the log(s):
Aug 28 14:19:55 mail vpopmail[6175]: vchkpw-pop3: vpopmail user not
found demo@:62.20.103.103 <mailto:demo@:62.20.103.103>
Aug 28 14:19:55 mail vpopmail[6169]: vchkpw-pop3: vpopmail user not
found backup@:62.20.103.103 <mailto:backup@:62.20.103.103>
.................................................
Aug 28 14:19:53 mail vpopmail[6147]: vchkpw-pop3: vpopmail user not
found demo@:62.20.103.103 <mailto:demo@:62.20.103.103>
Aug 28 14:19:53 mail vpopmail[6144]: vchkpw-pop3: vpopmail user not
found news@:62.20.103.103 <mailto:news@:62.20.103.103>
-------------------------------------------
*active-responses.log*
Fri Aug 28 14:09:22 EEST 2009
/var/ossec/active-response/bin/firewall-drop.sh add - 62.20.103.103
1251457762.234301 9952
Fri Aug 28 14:09:22 EEST 2009
/var/ossec/active-response/bin/host-deny.sh add - 62.20.103.103
1251457762.234301 9952
Fri Aug 28 14:19:52 EEST 2009
/var/ossec/active-response/bin/firewall-drop.sh delete - 62.20.103.103
1251457762.234301 9952
Fri Aug 28 14:19:52 EEST 2009
/var/ossec/active-response/bin/host-deny.sh delete - 62.20.103.103
1251457762.234301 9952
Fri Aug 28 14:19:56 EEST 2009
/var/ossec/active-response/bin/host-deny.sh add - 62.20.103.103
1251458396.242407 9952
Fri Aug 28 14:19:56 EEST 2009
/var/ossec/active-response/bin/firewall-drop.sh add - 62.20.103.103
1251458396.242407 9952
Fri Aug 28 14:30:26 EEST 2009
/var/ossec/active-response/bin/host-deny.sh delete - 62.20.103.103
1251458396.242407 9952
Fri Aug 28 14:30:26 EEST 2009
/var/ossec/active-response/bin/firewall-drop.sh delete - 62.20.103.103
1251458396.242407 9952
--
-Eric 'shubes'
---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com for the latest news, updates, and packages.
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com