[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: qpopper brute force attack

On Mon, Apr 23, 2007 at 12:31:35PM +0200, Carlos Acedo wrote:
> I have received an attack to my pop3 server qpopper leading this
> to crash, and every time I woke up it crashed again. Eventually I
> filtered the attacker ip with iptables.


you shouldn't be using qpopper, anyway. it's probably one of the
crappiest pop daemons there is. i didn't know anyone still used it. i'm
surprised it's still even in debian.

switch to dovecot or courier-pop or something decent instead. even
cucipop is many times better (hmm. how odd. qpopper is still packaged in
debian, but cucipop isn't.)

> The attacker was trying to login with usual names with many attempts
> per second (AKA brute force).

this happens all the time.  the net is a hostile environment.  it's why you
should a) choose the best available implementation of any daemon, and b) keep
it up-to-date.

and, as you did, monitor your logs and create iptables rules or whatever
as needed.

> After the attack I'm not very confident to qpooper, so is there any
> good alternatives to qpopper? what about xmail?

dunno about xmail, never used it or even heard of it before tonight.
i switched from cucipop to dovecot a few years back and have never
regretted the choice.


craig sanders <cas@taz.net.au>

"In Christianity neither morality nor religion come into contact with
reality at any point."
		-- Friedrich Nietzsche

Reply to: