Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Huge increase of Dovecot Brute Force

Discussion in 'Security' started by hello-electro, Apr 22, 2017.

Tags:
  1. hello-electro

    hello-electro Member

    Joined:
    Aug 9, 2016
    Messages:
    17
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Maryland
    cPanel Access Level:
    Root Administrator
    Anyone else getting bruteforce notices against dovecot? I am up to about 1 per 3 minute. Its coming from a botnet, so no way for me to just block a single IP. There is only a minor mention of a timing vulnerability that i can find online. Is cPanel folks aware of this, or have any suggestions to ensure the bruteforce doesn't lead to a successful comprimise?
     
    #1 hello-electro, Apr 22, 2017
  2. BlackRain

    BlackRain Well-Known Member

    Joined:
    May 28, 2003
    Messages:
    51
    Likes Received:
    0
    Trophy Points:
    156
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    Yep. I have noticed the same activity from IP's all over the world trying to brute force Dovecot credentials. There must be an exploit in the wild. Have not seen any notice from Cpanel about this issue.
     
    #2 BlackRain, Apr 22, 2017
  3. hello-electro

    hello-electro Member

    Joined:
    Aug 9, 2016
    Messages:
    17
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Maryland
    cPanel Access Level:
    Root Administrator
    I have a link to what may be a known exploit (nothing I discovered), though its a few weeks old at this point, so the attempts may just be residual at this point. I'm going to send the cPanel folks a support ticket with it.
     
    #3 hello-electro, Apr 22, 2017
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,145
    Likes Received:
    1,932
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    Internal case CPANEL-12790 was opened to inquire about that specific vulnerability. We'll update the version of Dovecot offered through cPanel with any security-related patches once Dovecot publishes them upstream.

    In addition to using cPHulk, you may also want to consider using a third-party application such as CSF to help protect against brute force attempts:

    ConfigServer Security & Firewall (csf)

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #4 cPanelMichael, Apr 24, 2017
  5. BlackRain

    BlackRain Well-Known Member

    Joined:
    May 28, 2003
    Messages:
    51
    Likes Received:
    0
    Trophy Points:
    156
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    Already use CPHulk and CSF, yet we are getting hundreds of Dovecot brute forces attempts (mostly from China and dubious EU server farms).

    We have black listed those IP ranges yet new ones keep popping up.

    We don't use any server side email so it's a wasted attempt on their part.

    So that leads me to believe there is an exploit out there.
     
    #5 BlackRain, Apr 25, 2017
  6. Jasminder pal Singh

    Jasminder pal Singh Registered

    Joined:
    May 30, 2017
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Punjab
    cPanel Access Level:
    Root Administrator
    Hey ,
    Any update on this yet ?
     
    #6 Jasminder pal Singh, May 30, 2017
  7. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,145
    Likes Received:
    1,932
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    The particular vulnerability referenced earlier in this thread is addressed by Dovecot in Dovecot 2.2.30:

    Internal case CPANEL-13448 is open for the inclusion of this version of Dovecot into cPanel & WHM. I'll update this thread with more information on the status of this case as it becomes available.

    Thank you.

    Edit: Dovecot 2.2.31 is now included with cPanel version 66:

    Implemented case CPANEL-14248: Update dovecot to 2.2.31-1.cp1162.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #7 cPanelMichael, Jun 1, 2017
    Last edited: Jul 18, 2017
(You must log in or sign up to post here.)
Loading...
Similar Threads - Huge increase Dovecot
  1. linux4me2

    [Case CPANEL-13602] ModSecurity Logs Are Getting Huge With Logging Off

    linux4me2, Jun 29, 2017, in forum: Security
    Replies:
    7
    Views:
    1,405
    cPanelMichael
    Jul 12, 2018
  2. hoseke

    Increase partition size?

    hoseke, Nov 10, 2018 at 12:02 PM, in forum: Workarounds and Optimization
    Replies:
    1
    Views:
    53
    cPanelLauren
    Nov 13, 2018 at 8:23 AM
  3. Surjo Vai

    Significant performance increase with LiteSpeed

    Surjo Vai, Nov 5, 2018, in forum: Workarounds and Optimization
    Replies:
    1
    Views:
    92
    cPanelMichael
    Nov 5, 2018
  4. siidsidou

    Increase performance settings for streaming server?

    siidsidou, Nov 4, 2018, in forum: Workarounds and Optimization
    Replies:
    4
    Views:
    92
    cPanelMichael
    Nov 6, 2018
  5. marjwyatt

    Increase in clamd failures after manually updating

    marjwyatt, Sep 17, 2018, in forum: General Discussion
    Replies:
    20
    Views:
    423
    adamreece.webbox
    Oct 12, 2018

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice