On Sun, Dec 20, 2009 at 3:16 AM, countryuser <gregrees10@xxxxxxxxxxx> wrote: > I have had someone try to hack Squirelmail 1.4.15 web page by sending > multiple user names 1 after another for an infinite time or until they > eventually crack it, it is a DoS for other users trying to login. Is there > some way after say 3 attempts/failures to login to reject/block ip number > for say 1 hour/day before another retry attempt from same ip number. My > setup here is Debian Lenny, Postfix and Squirrelmail 1.4.15 1) Upgrade. 1.4.15 is outdated and contains known security holes. 2) Install and configure the Lockdown plugin, optionally the CAPTCHA plugin and possibly the Restrict Senders plugin. -- Paul Lesniewski SquirrelMail Team Please support Open Source Software by donating to SquirrelMail! http://squirrelmail.org/donate_paul_lesniewski.php ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev ----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
