Re: Squirrelmail as HS under DDOS attack

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> Since yesterday we are getting a lot of requests to the file:
> src/redirect.php
>
> The attack is targeting the HS, so we are getting traffic from Tor,
> which is impossible to discriminate and filter (all requests looks like
> they are coming from 127.0.0.1).
>
> That said .. do you have any suggestions ?
> What is the file redirect.php responsible for ?

This is most likely a brute force password guessing attack.  If you
simply inspect the login page code, you'd see that the form submit
goes to that URI.  Most providers use either webmail plugins (of
course vanilla RoundCube is just as susceptible) or MTA features to
mitigate such attacks.  squirrelmail.org offers several such plugins.

-- 
Paul Lesniewski
SquirrelMail Team
Please support Open Source Software by donating to SquirrelMail!
http://squirrelmail.org/donate_paul_lesniewski.php

------------------------------------------------------------------------------
Dive into the World of Parallel Programming! The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users



[Index of Archives]     [Video For Linux]     [Yosemite News]     [Yosemite Photos]     [gtk]     [KDE]     [Cyrus SASL]     [Gimp on Windows]     [Steve's Art]     [Webcams]

  Powered by Linux