Re: qpopper brute force attack
On Mon, Apr 23, 2007 at 12:31:35PM +0200, Carlos Acedo wrote:
> I have received an attack to my pop3 server qpopper leading this
> to crash, and every time I woke up it crashed again. Eventually I
> filtered the attacker ip with iptables.
you shouldn't be using qpopper, anyway. it's probably one of the
crappiest pop daemons there is. i didn't know anyone still used it. i'm
surprised it's still even in debian.
switch to dovecot or courier-pop or something decent instead. even
cucipop is many times better (hmm. how odd. qpopper is still packaged in
debian, but cucipop isn't.)
> The attacker was trying to login with usual names with many attempts
> per second (AKA brute force).
this happens all the time. the net is a hostile environment. it's why you
should a) choose the best available implementation of any daemon, and b) keep
and, as you did, monitor your logs and create iptables rules or whatever
> After the attack I'm not very confident to qpooper, so is there any
> good alternatives to qpopper? what about xmail?
dunno about xmail, never used it or even heard of it before tonight.
i switched from cucipop to dovecot a few years back and have never
regretted the choice.
craig sanders <email@example.com>
"In Christianity neither morality nor religion come into contact with
reality at any point."
-- Friedrich Nietzsche