Anyone else getting bruteforce notices against dovecot? I am up to about 1 per 3 minute. Its coming from a botnet, so no way for me to just block a single IP. There is only a minor mention of a timing vulnerability that i can find online. Is cPanel folks aware of this, or have any suggestions to ensure the bruteforce doesn't lead to a successful comprimise?
Yep. I have noticed the same activity from IP's all over the world trying to brute force Dovecot credentials. There must be an exploit in the wild. Have not seen any notice from Cpanel about this issue.
I have a link to what may be a known exploit (nothing I discovered), though its a few weeks old at this point, so the attempts may just be residual at this point. I'm going to send the cPanel folks a support ticket with it.
Hello,
Internal case CPANEL-12790 was opened to inquire about that specific vulnerability. We'll update the version of Dovecot offered through cPanel with any security-related patches once Dovecot publishes them upstream.
In addition to using cPHulk, you may also want to consider using a third-party application such as CSF to help protect against brute force attempts:
ConfigServer Security & Firewall (csf)
Thank you.
Already use CPHulk and CSF, yet we are getting hundreds of Dovecot brute forces attempts (mostly from China and dubious EU server farms).
We have black listed those IP ranges yet new ones keep popping up.
We don't use any server side email so it's a wasted attempt on their part.
So that leads me to believe there is an exploit out there.
We have black listed those IP ranges yet new ones keep popping up.
We don't use any server side email so it's a wasted attempt on their part.
So that leads me to believe there is an exploit out there.
Hello,
The particular vulnerability referenced earlier in this thread is addressed by Dovecot in Dovecot 2.2.30:
Internal case CPANEL-13448 is open for the inclusion of this version of Dovecot into cPanel & WHM. I'll update this thread with more information on the status of this case as it becomes available.
Thank you.
Edit: Dovecot 2.2.31 is now included with cPanel version 66:
Implemented case CPANEL-14248: Update dovecot to 2.2.31-1.cp1162.
Last edited:
| Thread starter | Similar threads | Forum | Replies | Date |
|---|---|---|---|---|
| L | [Case CPANEL-13602] ModSecurity Logs Are Getting Huge With Logging Off | Security | 7 | |
|
Some bind atttack - how to block this huge IP range automatically? | Security | 4 | |
| E | ur/tmp.secure.cpback/tmp is HUGE | Security | 1 | |
| A | Huge Bandwidth Used | Security | 3 | |
| M | issue: huge Apache traffic with /home drive getting full | Security | 2 |