On Mon, Mar 1, 2010 at 3:02 PM, Andrew Daviel <advax@xxxxxxxxx> wrote: > > OK, not really a dictionary attack in the normal sense - the attackers knew the > usernames. > > We just had an incident where someone tried guessing (I presume) > username=password against about 150 accounts via Squirrelmail over HTTP/SSL. Try enabling tighter SMTP controls in your MTA or you can opt for the Restrict Senders plugin or Squirrel Logger plugin, both of which catch this kind of activity when it happens. > It so happened that someone had set up a couple of multi-user role accounts > with, yes, username=password, so that the attacker was able to send a bunch of > spam out on the weekend before we noticed. You should have better rules in your password change backend! > In previous Squirrelmail attacks it seemed a user had fallen for a phish and > sent them a password, which the attackers leveraged to send more phish > messages. This time it looks like guessing. > > A run of John the Ripper found a couple more u=p accounts which we disabled. > > Carelessness on my part, I guess, and not thinking users could be so daft. > (well, OK, some years back we did have a public workstation with guest=guest > and remote login enabled) -- Paul Lesniewski SquirrelMail Team Please support Open Source Software by donating to SquirrelMail! http://squirrelmail.org/donate_paul_lesniewski.php ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev ----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
