The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Dovecot High Load (brute force?)

Discussion in 'Security' started by Felipe Quiroz Sandoval, Sep 14, 2016.

Tags:
  1. Felipe Quiroz Sandoval

    Joined:
    Jun 10, 2016
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Chile
    cPanel Access Level:
    Root Administrator
    - Removed Please Attach Images to Your Posts -

    I dont not how to deal with this.
    Thousand of process:
    /usr/local/cpanel/bin/dovecot-wrap /usr/libexec/dovecot/checkpassword-reply

    the only way to stop the server down was this command:
    pkill -f checkpassword-reply

    what can i do?
     
  2. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    123
    Likes Received:
    36
    Trophy Points:
    28
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    Most probably a brute force against dovecot

    CSF might help mitigate some of these attacks

    The following thread might be of some use:

    Brute force against dovecot
     
  3. Felipe Quiroz Sandoval

    Joined:
    Jun 10, 2016
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Chile
    cPanel Access Level:
    Root Administrator
    thanks, but i configure csf with all bruteforce option enabled and nothing
     
  4. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    123
    Likes Received:
    36
    Trophy Points:
    28
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello

    Did you notice login attempts in the /var/log/maillog file when this was happening? That's a quick way of determining if it's a brute force attack causing the issue.

    Thank you.
     
Loading...

Share This Page