The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Dictionary Attacks

Discussion in 'General Discussion' started by jozeph, Jan 27, 2006.

  1. jozeph

    jozeph Well-Known Member

    Joined:
    Apr 16, 2004
    Messages:
    59
    Likes Received:
    0
    Trophy Points:
    6
    Hi guys,

    I searching for a solution to block Dictionary Attacks in domains using catchall. I've received this type of attack a few hours ago and my servers stops with highload and bandwidth.

    If you know how to block this attacks using iptables or something like, please tell me!
     
  2. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    You said it yourself, "using iptables". You can also install APF, BFD, mod_sec, and other applications to secure your server. Search this forum about server security since this issue has been discussed hundreds of times.
     
    #2 AndyReed, Jan 27, 2006
    Last edited: Jan 28, 2006
  3. jozeph

    jozeph Well-Known Member

    Joined:
    Apr 16, 2004
    Messages:
    59
    Likes Received:
    0
    Trophy Points:
    6
    conf files.

    Hi AndyReed,

    Thank you for reply this post.

    Is it possible you share your apf/bfd conf files with me?
     
  4. MMarko

    MMarko Well-Known Member

    Joined:
    Apr 18, 2005
    Messages:
    316
    Likes Received:
    0
    Trophy Points:
    16
    Just start with default settings and when brute force attack starts BFD will block ips from where attacks are coming.
     
  5. jozeph

    jozeph Well-Known Member

    Joined:
    Apr 16, 2004
    Messages:
    59
    Likes Received:
    0
    Trophy Points:
    6
    BFD not stopping

    Hi guys,

    BFD not stop a dictionary attack when the domain have a catch-all enabled.
    Anyone know an efficient way to stop this attacks?

    Maybe daleying connection or other think...
     
  6. easyhoster1

    easyhoster1 Well-Known Member

    Joined:
    Sep 25, 2003
    Messages:
    659
    Likes Received:
    0
    Trophy Points:
    16
    create a text file called .forward and add /dev/null then FTP it to the shell of your account. All mail to the default user will then be dumped.
     
  7. jozeph

    jozeph Well-Known Member

    Joined:
    Apr 16, 2004
    Messages:
    59
    Likes Received:
    0
    Trophy Points:
    6
    Sorry?! I think that you don't understanding me... I would like to stop it using methods, not disabling the catch-all for clients.
     
  8. monte

    monte Member

    Joined:
    Mar 31, 2005
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Ohio
  9. jozeph

    jozeph Well-Known Member

    Joined:
    Apr 16, 2004
    Messages:
    59
    Likes Received:
    0
    Trophy Points:
    6
    I'm using it. But exim_deny don't stops dictionary attacks with catch-all enabled.
     
  10. Rooter

    Rooter Well-Known Member

    Joined:
    Apr 23, 2003
    Messages:
    146
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    Root Administrator
    Then you're SOL. Sorry.

    To the best of my knowledge the only way to trigger a detection for dictionary attack is if the address does not exist, but with a catch-all the MTA simply ignores the fact that a regular account may not exist and instead delivers all mail to the catch-all whether it is from a dictionary attack or not.
     
  11. jozeph

    jozeph Well-Known Member

    Joined:
    Apr 16, 2004
    Messages:
    59
    Likes Received:
    0
    Trophy Points:
    6
    Maybe exim can verify if "domain" have catch-all enabled and if "yes" delay connection after X successfully delivery.

    Up to X delivery in the same connection the user can be disconnected.
     
Loading...
Similar Threads - Dictionary Attacks
  1. ApparentMedia
    Replies:
    1
    Views:
    418

Share This Page