> Since yesterday we are getting a lot of requests to the file: > src/redirect.php > > The attack is targeting the HS, so we are getting traffic from Tor, > which is impossible to discriminate and filter (all requests looks like > they are coming from 127.0.0.1). > > That said .. do you have any suggestions ? > What is the file redirect.php responsible for ? This is most likely a brute force password guessing attack. If you simply inspect the login page code, you'd see that the form submit goes to that URI. Most providers use either webmail plugins (of course vanilla RoundCube is just as susceptible) or MTA features to mitigate such attacks. squirrelmail.org offers several such plugins. -- Paul Lesniewski SquirrelMail Team Please support Open Source Software by donating to SquirrelMail! http://squirrelmail.org/donate_paul_lesniewski.php ------------------------------------------------------------------------------ Dive into the World of Parallel Programming! The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net ----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
