On 1/8/22 13:48, Niels Dettenbach via Info wrote:
seems like „usual“ current DDoS brute force stuff
Yes and no: I'm used to a little "attention" frequently.
OTOH, I've never seen such a level of insistence on the same host with
the same username.
the host should be „fast enough“.
So is it possible to tell Cyrus to throttle reponse?
I.e. fail fast at the first failed login, take 2 seconds for the second,
5 for the third, etc...
Keeping in mind that fail2ban will block them anyway at the fifth
attempt, but this would slow down them further.
It seems they get some basic target data (probable parts of usernames).
This is what suprises me more: I'm used to seeing attempts with username
= existing mail addresses, but here they are choosing random user names
(E.g. "billing") which don't have any history in this domain and insist
on them for 24h.
bye & Thanks
av.
------------------------------------------
Cyrus: Info
Permalink: https://cyrus.topicbox.com/groups/info/T1d0fcd8364d69d1f-Ma042c5f1db82d3ee599f7200
Delivery options: https://cyrus.topicbox.com/groups/info/subscription
