Today my server started going extremly slowly and when I went to check it out it turned out that there were a ton of instances of cppop all from a single IP flood. 1000+ instances. In the tweak settings I have time per hour set to 60 and prevent pop3 flood enabled yet I had 1000+ isntances of cppop started. It's only when I banned the IP that the server returned back to normal.
Furthermore it seemed like these cppop were handing around still processing so when I pulled up maillog I found entries such as this.
Furthermore it seemed like these cppop were handing around still processing so when I pulled up maillog I found entries such as this.
How do you prevent something like this?
If you're machine's running Cpanel, then you really want to consider upgrading to Courier. Although you really want to search the Cpanel forums and read everything you can about Courier / maildir / upgrading / etc. before attempting it.
The link below is a good starting point...
http://forums.cpanel.net/showthread.php?t=44941&highlight=courier+upgrade
Mike
Unfortunately there are still many individuals running their servers on the outdated mbox format :/
I am starting to see that more and more, especially during the cp11 upgrades. I am just glad I did the conversion back in 2004-2005 whenever it was!! ha
as for protection for brute force attacks and many other protections check out Chirpy's CSF/LFD
I'm surprised it doesn't come standard with courier then. This server is about a year and a half old and I had configservers set it up once I got it but I'm a bit dissapointed that we never find out from cpanel that using cppop is dangerous.
Courier-imap is installed by default now and if you're running cPanel v11 then the daily upcp email includes a warning if you still run the deprecated cppop advising to migrate to the new configuration.
Word is that cPanel v12 will drop support for cppop and force an update to courier-imap - I hope it does.
Word is that cPanel v12 will drop support for cppop and force an update to courier-imap - I hope it does.
How can I make sure we are not running cppop?
I did upgrade to maildir, so would that also mean not running cppop now?
Sorry for lame question.
- Vince
I did upgrade to maildir, so would that also mean not running cppop now?
Sorry for lame question.
- Vince
Correct, cppop is not used on systems running maildir.How can I make sure we are not running cppop?
I did upgrade to maildir, so would that also mean not running cppop now?
Sorry for lame question.
- Vince
I'd lick em, or do just about anything else to them, in exchange for a percentage of the money that those guys make. At least I'd do that with the top 10 ROKSO spammersI don't think we wanna go licking them, God knows where those guys have been.
M
I agree. CSF/LFD has been an invaluable tool for my Linux servers. It works very well.
i was just wondering that having an old server, a populated one, with some serious companys using neomail and old cppop format (as the name says cp-pop or cpanel pop i mean) is not a real sin
i do have one cpanel11 still with cppop because i cannot simply impose horde or squirell over neomail or other imap based webmails over pop3 ones
so my server is suffering this POP3 FLOOD ATTACKS
Mar 18 20:56:08 main cpanelpop[8973]: Connection from host=141.157.27.182 to ip=x.x.x.1
Mar 18 20:56:09 main cpanelpop[8993]: Connection from host=141.157.27.182 to ip=x.x.x.2
Mar 18 20:56:10 main cpanelpop[8980]: Connection from host=141.157.27.182 to ip=x.x.x.3
as i could also realise inside of Tweak Settings there is no more the pop3 limit per hour that users could check their mailboxes, how can i manually configure this?
in fact this guy cannot connect because he is trying to guess the user and password and he is not getting this
is there any place to avoid this i mean manually configure cppop ?
i do have one cpanel11 still with cppop because i cannot simply impose horde or squirell over neomail or other imap based webmails over pop3 ones
so my server is suffering this POP3 FLOOD ATTACKS
Mar 18 20:56:08 main cpanelpop[8973]: Connection from host=141.157.27.182 to ip=x.x.x.1
Mar 18 20:56:09 main cpanelpop[8993]: Connection from host=141.157.27.182 to ip=x.x.x.2
Mar 18 20:56:10 main cpanelpop[8980]: Connection from host=141.157.27.182 to ip=x.x.x.3
as i could also realise inside of Tweak Settings there is no more the pop3 limit per hour that users could check their mailboxes, how can i manually configure this?
in fact this guy cannot connect because he is trying to guess the user and password and he is not getting this
is there any place to avoid this i mean manually configure cppop ?
| Thread starter | Similar threads | Forum | Replies | Date |
|---|---|---|---|---|
| L | cppop not closing connections? | General Discussion | 4 | |
| G | cppop is down after automatic cpanel update | General Discussion | 2 | |
| D | cppop won't start | General Discussion | 2 | |
| M | problem with cppop | General Discussion | 20 | |
| M | CPPOP and IMAP instllation failure | General Discussion | 6 |