Brent wrote: > I had this exact issue. It ended up being one exploited account. The IP > addresses connecting to the account were from various APNIC blocks. I would > block one IP and it would move to another... suggesting that it was some > kind of bot - however, I added the captcha plugin and they kept logging in! > I changed the password on the exploited account and so far it hasn't > resurfaced. > > Brent > Perhaps an army of humans rather than bots. Hard to stop. A quick password disable response is a good idea. I've found ossec hids a good tool for this sort of thing, though you'd have to write a rule for this type of thing. http://ossec.net Ken -- Ken Anderson Pacific.Net ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ -- squirrelmail-users mailing list Posting Guidelines: http://www.squirrelmail.org/wiki/MailingListPostingGuidelines List Address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List Archives: http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995 List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
