From: Bumo <bu...@ya...> - 2012-06-11 15:30:28
|
Hi, I have a frontend server on a DMZ running RH ES 3 up3 and squirrelmail 1.4.8. php 4.3.2 Thousand of email were sent in two occasions and the only evidence of the abuse was on the access_log (squirrel_logger) an entry from the ip which was sending the messages. There was no evidence of brute force attack. Infact there weren't many entry in access_log of failed logging. Well I don't know if this is enough to say that I wasn't under a brute force attack. However now I'm asking myself if a spammer, getting the login credential in squirrelmail (IMAP auth toward the local imap server) can send thousand of email in an automatic way. Temporarily I blocked the original ip range at firewall level but I think this can only delay the next attack. I'm working on lockout plugin and captcha, but before going on, I should know if in this case squirrel is the weakest part of this puzzle. Any suggestion? Thanks in advance, Leo |