On Mon, May 12, 2014 at 7:03 PM, Alex <mysqlstudent@xxxxxxxxx> wrote: > Hi, > > I'm using squirrelmail-1.4.21 on fedora20 with apache-2.4.9 and have the > following in my logs: > > 173.13.167.230 - - [12/May/2014:21:40:53 -0400] "POST > /webmail/src/redirect.php HTTP/1.1" 302 - " > https://mail.mydomain.com/webmail/src/login.php"; "Mozilla/4.0 (compatible; > MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; InfoPath.2; > .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR > 3.5.30729)" 2973 2388 > > where mydomain.com is my server. Are these hack attempts? I came across the > following on the fail2ban site here > http://www.fail2ban.org/wiki/index.php/Talk:SquirrelMail: > > failregex = <HOST> - - \[.*\] "POST /webmail/src/redirect.php HTTP/1.[01]" > 200 \d{1,5} "https?://[^/]+/webmail/src/login.php" ".*" > > There aren't any further comments about it there, so I was just curious if > someone had some experience with this rule and whether the redirects were > normal. They sure are excessive. That's a normal login. The login.php script is the referrer, the redirect.php script sent a 302 response (you should see a request for the target of the 302, webmail.php immediately following). I haven't looked at the fail2ban link, but you should ask them why this is listed as a suspicious event if that's indeed what they have said about it. If you are concerned about brute force attempts on your system, there are several security related plugins you can use that are listed in the "Logging in" category on the SquirrelMail website. You should also have Squirrel Logger installed (which can be used in combination with fail2ban if you like). -- Paul Lesniewski SquirrelMail Team Please support Open Source Software by donating to SquirrelMail! http://squirrelmail.org/donate_paul_lesniewski.php ------------------------------------------------------------------------------ "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE Instantly run your Selenium tests across 300+ browser/OS combos. Get unparalleled scalability from the best Selenium testing platform available Simple to use. Nothing to install. Get started now for free." http://p.sf.net/sfu/SauceLabs ----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
