[Users] Having some `brute` force log-in attempts on Zimbra
Barry de Graaff
info at barrydegraaff.tk
Mon Nov 27 14:45:21 CET 2017
Yes please, and can I put them on
https://github.com/Zimbra-Community/zimbra-tools ?
Kind regards,
Barry de Graaff
Zeta Alliance
Co-founder & Developer
zetalliance.org | github.com/Zimbra-Community
+31 617 220 227
Fingerprint: 97f4694a1d9aedad012533db725ddd156d36a2d0
----- Original Message -----
From: "Andreas Wolske" <andreas.wolske at managedhosting.de>
To: users at lists.zetalliance.org
Sent: Monday, November 27, 2017 2:23:52 PM
Subject: Re: [Users] Having some `brute` force log-in attempts on Zimbra
Hi Barry,
Am 27.11.2017 um 14:07 schrieb Barry de Graaff:
> Hello Folks,
>
> I am seeing some subtle brute force log-in attempts on the Alliance mailserver.
>
> Every hour or so, someone from different locations in Brazil is trying to log onto
> our server. And it does not seem to be a normal user with a wrong password or so.
>
> What do you guys use to mitigate these? Should I add some fail2ban?
We use composite DROP (Don't route or peer) Lists for iptables and
a customized fail2ban setup tailored to meet zimbra logfile
configurations.
I could provide both configurations as an example.
BR
--
Andreas Wolske
Geschäftsführer
------------ managedhosting.de - Enterprise Cloud Services ------------
VMware Hybrid Cloud Powered Service Provider
Red Hat Certified Cloud & Service Provider
Zimbra Gold Partner
FileCloud Certified Partner
veeam Cloud Provider
p +49 30 202364910
f +49 30 202364919
m +49 151 21258008
@ andreas.wolske at managedhosting.de
w https://www.managedhosting.de
Pflichtangaben nach §35a GmbHG: https://www.managedhosting.de/legal
More information about the Users
mailing list