Community Forums
Connect with us on LinkedIn
Chirpy's dictionary attack solution - not working in some cases
  
+ Reply to Thread
Results 1 to 3 of 3
  1. 06-23-2006 07:44 PM #1
    denisdekat09
    denisdekat09 is offline
    Member
    Join Date
    Mar 2002
    Location
    San Francisco
    Posts
    257
    Send a message via Yahoo to denisdekat09

    Default Chirpy's dictionary attack solution - not working in some cases

    Hello,

    Anyone getting dictionary attacks that are getting trough? I noticed this today:

    2006-06-23 20:36:05 H=(FOX-1J1AC99C) [222.145.246.58] F=<IrwinChampion6v@doctor.com> rejected RCPT <harmon@summitawards.com>:
    2006-06-23 20:36:05 H=(FOX-1J1AC99C) [222.145.246.58] F=<IrwinChampion6v@doctor.com> rejected RCPT <hardy@summitawards.com>:
    2006-06-23 20:36:05 H=(FOX-1J1AC99C) [222.145.246.58] F=<IrwinChampion6v@doctor.com> rejected RCPT <hanson@summitawards.com>:
    2006-06-23 20:36:05 H=(FOX-1J1AC99C) [222.145.246.58] F=<CraigOdomni@australiamail.com> rejected RCPT <hansen@summitawards.com>:
    2006-06-23 20:36:07 H=(z6u31.o0dm.rr.com) [222.145.246.58] F=<MayraBoucherq0@soon.com> rejected RCPT <stanley@summitawards.com>:
    2006-06-23 20:36:07 H=(FOX-1J1AC99C) [222.145.246.58] F=<HansBabbl2@europe.com> rejected RCPT <hampton@summitawards.com>:
    2006-06-23 20:36:08 H=(FOX-1J1AC99C) [222.145.246.58] F=<NanetteMccalldv@execs.com> rejected RCPT <hammond@summitawards.com>:
    2006-06-23 20:36:08 H=(FOX-1J1AC99C) [222.145.246.58] F=<NanetteMccalldv@execs.com> rejected RCPT <hamilton@summitawards.com>:
    2006-06-23 20:36:08 H=(FOX-1J1AC99C) [222.145.246.58] F=<NanetteMccalldv@execs.com> rejected RCPT <hale@summitawards.com>:
    2006-06-23 20:36:08 H=(FOX-1J1AC99C) [222.145.246.58] F=<DellaMcgillyt@optician.com> rejected RCPT <guzman@summitawards.com>:
    2006-06-23 20:36:09 H=(z6u31.o0dm.rr.com) [222.145.246.58] F=<KrisKendallar@email.com> rejected RCPT <spencer@summitawards.com>:
    2006-06-23 20:36:09 H=(z6u31.o0dm.rr.com) [222.145.246.58] F=<ReidBaca0x@pediatrician.com> rejected RCPT <soto@summitawards.com>:
    2006-06-23 20:36:09 H=(z6u31.o0dm.rr.com) [222.145.246.58] F=<ReidBaca0x@pediatrician.com> rejected RCPT <snyder@summitawards.com>:
    2006-06-23 20:36:10 1Ftw87-0002MK-KD <= gprpjoih@womeningames.com H=(adsl-69-233-128-22.dsl.scrm01.pacbell.net) [69.233.128.22] P=smtp S=32106 id=002301c69726$1ecd4c42$56a4e945@howek
    2006-06-23 20:36:10 H=(FOX-1J1AC99C) [222.145.246.58] F=<EdmundCarey5d@hot-shot.com> rejected RCPT <gutierrez@summitawards.com>:
    2006-06-23 20:36:10 H=(z6u31.o0dm.rr.com) [222.145.246.58] F=<HenryWhitten68@priest.com> rejected RCPT <sims@summitawards.com>:
    2006-06-23 20:36:10 H=(z6u31.o0dm.rr.com) [222.145.246.58] F=<HenryWhitten68@priest.com> rejected RCPT <simpson@summitawards.com>:
    2006-06-23 20:36:10 H=(FOX-1J1AC99C) [222.145.246.58] F=<RobbieReynalj@priest.com> rejected RCPT <griffith@summitawards.com>:
    2006-06-23 20:36:10 H=(z6u31.o0dm.rr.com) [222.145.246.58] F=<PollyDalyxv@australiamail.com> rejected RCPT <silva@summitawards.com>:
    2006-06-23 20:36:10 H=(z6u31.o0dm.rr.com) [222.145.246.58] F=<PollyDalyxv@australiamail.com> rejected RCPT <shelton@summitawards.com>:
    2006-06-23 20:36:11 H=(FOX-1J1AC99C) [222.145.246.58] F=<LupeFaulknerhf@mad.scientist.com> rejected RCPT <gregory@summitawards.com>:
    2006-06-23 20:36:11 H=(FOX-1J1AC99C) [222.145.246.58] F=<LupeFaulknerhf@mad.scientist.com> rejected RCPT <greene@summitawards.com>:
    2006-06-23 20:36:11 H=(FOX-1J1AC99C) [222.145.246.58] F=<LupeFaulknerhf@mad.scientist.com> rejected RCPT <graves@summitawards.com>:
    2006-06-23 20:36:11 H=(FOX-1J1AC99C) [222.145.246.58] F=<LupeFaulknerhf@mad.scientist.com> rejected RCPT <grant@summitawards.com>:
    2006-06-23 20:36:11 1Ftw87-0002MK-KD => darcy@kaosmosis.com <kaos@kaosmosis.org> R=lookuphost T=remote_smtp H=mx1.photon.net [216.147.195.252]
    2006-06-23 20:36:11 1Ftw87-0002MK-KD Completed
    2006-06-23 20:36:11 H=(z6u31.o0dm.rr.com) [222.145.246.58] F=<BeauBirdln@winning.com> rejected RCPT <shaw@summitawards.com>:
    2006-06-23 20:36:11 H=(z6u31.o0dm.rr.com) [222.145.246.58] F=<BeauBirdln@winning.com> rejected RCPT <sharp@summitawards.com>:
    2006-06-23 20:36:11 H=(z6u31.o0dm.rr.com) [222.145.246.58] F=<BeauBirdln@winning.com> rejected RCPT <schultz@summitawards.com>:
    2006-06-23 20:36:11 H=(z6u31.o0dm.rr.com) [222.145.246.58] F=<BeauBirdln@winning.com> rejected RCPT <schneider@summitawards.com>:
    2006-06-23 20:36:11 H=(FOX-1J1AC99C) [222.145.246.58] F=<KatelynHendricks9r@winning.com> rejected RCPT <graham@summitawards.com>:
    2006-06-23 20:36:11 H=(FOX-1J1AC99C) [222.145.246.58] F=<KatelynHendricks9r@winning.com> rejected RCPT <gordon@summitawards.com>:
    2006-06-23 20:36:11 H=(FOX-1J1AC99C) [222.145.246.58] F=<KatelynHendricks9r@winning.com> rejected RCPT <goodwin@summitawards.com>:
    2006-06-23 20:36:11 H=(FOX-1J1AC99C) [222.145.246.58] F=<KatelynHendricks9r@winning.com> rejected RCPT <goodman@summitawards.com>:
    2006-06-23 20:36:11 H=(z6u31.o0dm.rr.com) [222.145.246.58] F=<KristaNicholsuh@geologist.com> rejected RCPT <schmidt@summitawards.com>:
    2006-06-23 20:36:11 H=(z6u31.o0dm.rr.com) [222.145.246.58] F=<KristaNicholsuh@geologist.com> rejected RCPT <santos@summitawards.com>:
    2006-06-23 20:36:11 H=(z6u31.o0dm.rr.com) [222.145.246.58] F=<KristaNicholsuh@geologist.com> rejected RCPT <salazar@summitawards.com>:
    2006-06-23 20:36:12 H=(z6u31.o0dm.rr.com) [222.145.246.58] F=<KristaNicholsuh@geologist.com> rejected RCPT <ryan@summitawards.com>:
    2006-06-23 20:36:12 H=(FOX-1J1AC99C) [222.145.246.58] F=<DoreenJeffersvo@graphic-designer.com> rejected RCPT <gomez@summitawards.com>:
    2006-06-23 20:36:12 H=(FOX-1J1AC99C) [222.145.246.58] F=<DoreenJeffersvo@graphic-designer.com> rejected RCPT <glover@summitawards.com>:
    2006-06-23 20:36:12 H=(FOX-1J1AC99C) [222.145.246.58] F=<DoreenJeffersvo@graphic-designer.com> rejected RCPT <gilbert@summitawards.com>:
    2006-06-23 20:36:12 H=(FOX-1J1AC99C) [222.145.246.58] F=<DoreenJeffersvo@graphic-designer.com> rejected RCPT <gibson@summitawards.com>:


    I think they are not being rejected as they are rejected RCPT already, it is not getting the dictionary attack block as per usual. Other things are getting blocked. Am I worng here on this one? Or should the dictionary attack thing block this as well?

    Thanks!
    http://www.latincalifornia.com
    Reply With Quote Reply With Quote
  2. 06-23-2006 10:01 PM #2
    RickG
    RickG is offline
    Member
    Join Date
    Feb 2005
    Location
    North Carolina
    Posts
    237

    Default

    I run into the same thing frequently. The spammer (or software they use) seems to be aware of when they will get cut off and change the from sender just before their IP "qualifies" to be dropped.

    Look in Chirpy's code for the following in the drop message section:
    Code:
    condition = ${if > {${eval:$rcpt_fail_count}}{3}{yes}{no}}
    You may need to reduce the {3} value to something lower. At this stage I have mine set to 1.
    Reply With Quote Reply With Quote
  3. 06-23-2006 10:10 PM #3
    denisdekat09
    denisdekat09 is offline
    Member
    Join Date
    Mar 2002
    Location
    San Francisco
    Posts
    257
    Send a message via Yahoo to denisdekat09

    Default

    I thought about that too, but I was seeing groups of four and more at a time.

    I changed it to 2 for now

    thanks for the help!
    http://www.latincalifornia.com
    Reply With Quote Reply With Quote
«   Cpanel::cPAddons incorrect perl version | Installing Cpanel on FreeBSD 6.0 »     
Similar Threads & Tags
Similar threads

  1. Dictionary Attack
    By noimad1 in forum cPanel and WHM Discussions
    Replies: 13
    Last Post: 03-06-2007, 03:55 AM
  2. dictionary attack stopped working
    By hostseeker in forum cPanel and WHM Discussions
    Replies: 5
    Last Post: 05-13-2006, 05:34 AM
  3. Chirpy's Dictionary Attack rules issue
    By denisdekat09 in forum cPanel and WHM Discussions
    Replies: 3
    Last Post: 01-03-2006, 06:38 PM
  4. :fail: is not working for dictionary attack (mail getting stored in exim queue)
    By qwerty in forum cPanel and WHM Discussions
    Replies: 7
    Last Post: 12-30-2005, 07:25 PM
  5. Dictionary attack
    By rmbnet in forum cPanel and WHM Discussions
    Replies: 10
    Last Post: 06-29-2004, 07:55 AM
Linkedin       Facebook       Twitter       RSS       Flickr       YouTube