Matthew Schumacher wrote:
May 21 11:02:01 larry pop3[5945]: badlogin: [83.209.35.32] plaintext
cristopher SASL(-13): authentication failure: checkpass failed
May 21 11:02:02 larry pop3[5965]: badlogin: [83.209.35.32] plaintext
easter SASL(-13): authentication failure: checkpass failed
May 21 11:02:10 larry pop3[5964]: badlogin: [83.209.35.32] plaintext
felicia SASL(-13): authentication failure: checkpass failed
And this spammer is racking up a zillion processes which is killing my
machine. I need a way to throttle this somehow where he is only allowed
one connection per IP at a time, or perhaps a way to ignore them after
so many invalid passwords.
I suggest iptables as well. I use the following rule to limit SSH
connections attempts to 1/minute in average, though a burst of 3/min is
allowed:
"iptables -A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 22
-m limit --limit 1/min --limit-burst 3 -j ACCEPT"
Of course you need to combine this with a DROP policy.
You could also use connlimit:
"Allows you to restrict the number of parallel TCP connections to a
server per client IP address (or address block)."
Please have a look at iptables(8) for more detailed instructions :-)
Peter
----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
