> Hi, I have a frontend server on a DMZ running RH ES 3 up3 and > squirrelmail 1.4.8. php 4.3.2 Thousand of email were sent in two occasions > and the only evidence of the abuse was on the access_log > (squirrel_logger) an entry from the ip which was sending the messages. > > There was no evidence of brute force attack. Infact there weren't many > entry in access_log of failed logging. Well I don't know if this is > enough to say that I wasn't under a brute force attack. > > However now I'm asking myself if a spammer, getting the login credential > in squirrelmail (IMAP auth toward the local imap server) can send > thousand of email in an automatic way. Temporarily I blocked the original > ip range at firewall level but I think this can only delay the next > attack. > > I'm working on lockout plugin and captcha, but before going on, I should > know if in this case squirrel is the weakest part of this puzzle. > > Any suggestion? The first step is to change the credentials, i.e. the password. I hope you did that, but I didn't see you mention it so I'm writing just to make sure. Read the other answers for suggestions on how to actually improve your system. Sincerely, Fredrik -- Fredrik Jervfors <http://fredrik.jervfors.se/> The SquirrelMail Project Please support Open Source Software by donating to SquirrelMail! http://squirrelmail.org/donations.php ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
