On 04/02/2012 18:45, Simon Brereton wrote:
On Feb 4, 2012 1:03 PM, "Pete" <p...@nrth.org <mailto:p...@nrth.org>> wrote: > > On 04/02/2012 17:58, Nick Bright wrote: >> >> On 2/4/2012 11:47 AM, Pete wrote: >>> >>> Hello, >>> >>> Can someone confirm that the log excerpt below is most likely a bot of >>> some kind attempting to authenticate to my Postfix server please ? >>> >> >> That looks like a brute force attempt, or at least a bot looking for >> weak passwords. I see the same things in my logs, too. >> >> The only thing I have found is ConfigServer firewall: >> >> http://configserver.com/cp/csf.html > > > [..] > > Thanks Nick, I'll take a look. I use fail2ban to limit brute auth attempts like that. You can set it up so that 3 fails in a minute is a 20 ban. I'd rather have people call the help desk than a weak password get cracked..
I agree. Thanks for the tip.As fail2ban is in the FreeBSD ports tree I'll give that a blast first but have bookmarked the configserver site.
Regards, Pete.
smime.p7s
Description: S/MIME Cryptographic Signature
