Bumo wrote: > > Hi, I have a frontend server on a DMZ running RH ES 3 up3 and > squirrelmail 1.4.8. php 4.3.2 > Thousand of email were sent in two occasions and the only evidence of the > abuse was on the access_log (squirrel_logger) an entry from the ip which > was sending the messages. > > > There was no evidence of brute force attack. Infact there weren't many > entry in access_log of failed logging. Well I don't know if this is enough > to say that I wasn't under a brute force attack. > > However now I'm asking myself if a spammer, getting the login credential > in squirrelmail (IMAP auth toward the local imap server) can send > thousand of email in an automatic way. > Temporarily I blocked the original ip range at firewall level but I think > this can only delay the next attack. > > > I'm working on lockout plugin and captcha, but before going on, I should > know if in this case squirrel is the weakest part of this puzzle. > > Any suggestion? > If your webmail is protected with SSL, then the weakest part of this puzzle is user with simple password or trojaned user workstation. Attacker can get login password without brute force only that way. In SquirrelMail 1.4.8 you can send lots on emails once you are logged in. Some 1.4.9 fixes blocked email sending with GET request and it would require more advanced http client to automate emailing with POST. -- Tomas -- View this message in context: http://old.nabble.com/Server-violation-by-a-spammer-tp33994363p33995024.html Sent from the squirrelmail-users mailing list archive at Nabble.com. ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
