[Users] Having some `brute` force log-in attempts on Zimbra
Andreas Wolske
andreas.wolske at managedhosting.de
Mon Nov 27 14:23:52 CET 2017
Hi Barry,
Am 27.11.2017 um 14:07 schrieb Barry de Graaff:
> Hello Folks,
>
> I am seeing some subtle brute force log-in attempts on the Alliance mailserver.
>
> Every hour or so, someone from different locations in Brazil is trying to log onto
> our server. And it does not seem to be a normal user with a wrong password or so.
>
> What do you guys use to mitigate these? Should I add some fail2ban?
We use composite DROP (Don't route or peer) Lists for iptables and
a customized fail2ban setup tailored to meet zimbra logfile
configurations.
I could provide both configurations as an example.
BR
--
Andreas Wolske
Geschäftsführer
------------ managedhosting.de - Enterprise Cloud Services ------------
VMware Hybrid Cloud Powered Service Provider
Red Hat Certified Cloud & Service Provider
Zimbra Gold Partner
FileCloud Certified Partner
veeam Cloud Provider
p +49 30 202364910
f +49 30 202364919
m +49 151 21258008
@ andreas.wolske at managedhosting.de
w https://www.managedhosting.de
Pflichtangaben nach §35a GmbHG: https://www.managedhosting.de/legal
More information about the Users
mailing list