Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Dovecot High Load (brute force?)

Discussion in 'Security' started by Felipe Quiroz Sandoval, Sep 14, 2016.

Tags:
  1. Felipe Quiroz Sandoval

    Joined:
    Jun 10, 2016
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Chile
    cPanel Access Level:
    Root Administrator
    - Removed Please Attach Images to Your Posts -

    I dont not how to deal with this.
    Thousand of process:
    /usr/local/cpanel/bin/dovecot-wrap /usr/libexec/dovecot/checkpassword-reply

    the only way to stop the server down was this command:
    pkill -f checkpassword-reply

    what can i do?
     
  2. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    721
    Likes Received:
    245
    Trophy Points:
    93
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    Most probably a brute force against dovecot

    CSF might help mitigate some of these attacks

    The following thread might be of some use:

    Brute force against dovecot
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. Felipe Quiroz Sandoval

    Joined:
    Jun 10, 2016
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Chile
    cPanel Access Level:
    Root Administrator
    thanks, but i configure csf with all bruteforce option enabled and nothing
     
  4. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    721
    Likes Received:
    245
    Trophy Points:
    93
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,303
    Likes Received:
    1,847
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello

    Did you notice login attempts in the /var/log/maillog file when this was happening? That's a quick way of determining if it's a brute force attack causing the issue.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice