On Feb 4, 2012 1:03 PM, "Pete" <p...@nrth.org> wrote: > > On 04/02/2012 17:58, Nick Bright wrote: >> >> On 2/4/2012 11:47 AM, Pete wrote: >>> >>> Hello, >>> >>> Can someone confirm that the log excerpt below is most likely a bot of >>> some kind attempting to authenticate to my Postfix server please ? >>> >> >> That looks like a brute force attempt, or at least a bot looking for >> weak passwords. I see the same things in my logs, too. >> >> The only thing I have found is ConfigServer firewall: >> >> http://configserver.com/cp/csf.html > > > [..] > > Thanks Nick, I'll take a look.
I use fail2ban to limit brute auth attempts like that. You can set it up so that 3 fails in a minute is a 20 ban. I'd rather have people call the help desk than a weak password get cracked.. Simon >
