Re: qpopper brute force attack
On Mon, Apr 23, 2007 at 12:31:35PM +0200, Carlos Acedo wrote:
> I have received an attack to my pop3 server qpopper leading this
> to crash, and every time I woke up it crashed again. Eventually I
> filtered the attacker ip with iptables.
qpopper?
you shouldn't be using qpopper, anyway. it's probably one of the
crappiest pop daemons there is. i didn't know anyone still used it. i'm
surprised it's still even in debian.
switch to dovecot or courier-pop or something decent instead. even
cucipop is many times better (hmm. how odd. qpopper is still packaged in
debian, but cucipop isn't.)
> The attacker was trying to login with usual names with many attempts
> per second (AKA brute force).
this happens all the time. the net is a hostile environment. it's why you
should a) choose the best available implementation of any daemon, and b) keep
it up-to-date.
and, as you did, monitor your logs and create iptables rules or whatever
as needed.
> After the attack I'm not very confident to qpooper, so is there any
> good alternatives to qpopper? what about xmail?
dunno about xmail, never used it or even heard of it before tonight.
i switched from cucipop to dovecot a few years back and have never
regretted the choice.
craig
--
craig sanders <cas@taz.net.au>
"In Christianity neither morality nor religion come into contact with
reality at any point."
-- Friedrich Nietzsche
Reply to: