Paul Lesniewski wrote the following on 11/21/2007 2:17 PM -0800: > On Nov 21, 2007 9:10 AM, Fredrik Jervfors <jervfors@xxxxxxxxxxxxxxxx> wrote: > >>>>> I also saw 10 - 20 attempts to log in and then we had a successful >>>>> login on a users account. We have implemented sender_restriction and >>>>> will implement CAPTCHA after Thanksgiving. >>>>> >>> Maybe not effective or good solution, but I am testing >>> fail2ban.org, with sshd, and I saw a reference ( in their website) about >>> using it with Squirrelmail. >>> >>> I have never tested fail2ban before, even with sshd, so I don't >>> know if it is a good solution. >>> >>> I hope my email help more than it spend bits. :-) >>> >> <http://wiki.nerdylorrin.net/wiki/Wiki.jsp?page=SquirrelMail> was >> interesting. Maybe SquirrelMail and/or Squirrel Logger can include this >> feature in the future. >> > > Note that this link points to an outdated Squirrel Logger and an > incorrect way of hacking the source to detect failed logins, which can > now be done without any source hacks (and IIRC the newest Squirrel > Logger does so correctly out of the box - anyone using the plugin > correct me if I'm wrong and I'll fix it in the next release). > > As for the fail2ban instructions on this page, I don't know if/how > they differ from Bill's, but I'm inclined to think Bill's are more > complete and/or up-to-date. If anyone has comments on their > differences, I'd be happy to hear them for when I include the > information in the Squirrel Logger package. > The fail2ban instruction at that link are for a much older version. Here is a snippet from the fail2ban ChangeLog: ver. 0.7.2 (2006/09/10) - beta ---------- - Added a date detector. "timeregex" and "timepattern" are no more needed - Added "fail2ban-regex". This is a tool to help finding "failregex" In fact, I tried and "timeregex" and "timepatten" no longer even work in config files. Fail2ban is now at "ver. 0.8.1 (2007/08/14) - stable", which is the version my posted instruction apply to. Bill ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ ----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
