Password Cycling Intrusion Attempts

Issues related to Quick 'n Easy Mail Server.
Post Reply
greenhouse
Posts: 22
Joined: Fri Sep 28, 2007 5:25 pm
Location: New Hampshire

Password Cycling Intrusion Attempts

Post by greenhouse » Thu Nov 15, 2007 4:50 am

IP address 203.26.171.221 have possibly attempted intrusion onto my QnE mail server.

Their rapid cycling of user names and passwords so overwelmed the mail server program that I had to use a Ctrl-Alt-Del to shut the program down and restart the server to block the the IP. This was further complicated due to the fact they were still cycling after the restart.

We need an automatic block of IP addreses after ? failed login attempts like QnE FTP server has. Also, having an option of setting it to block for a specified amount of time, say 24 hours would be nice. We may not want to permently block everyone.
greenhouse
Posts: 22
Joined: Fri Sep 28, 2007 5:25 pm
Location: New Hampshire

Post by greenhouse » Thu Nov 15, 2007 5:02 am

As an after-thought, It took me a few minutes to figure out that cycling was happening because the statistics window does not show that login attempts are in progress. It only shows when the connection is established.
admin
Site Admin
Posts: 1470
Joined: Wed Apr 13, 2005 9:16 pm

Post by admin » Thu Nov 15, 2007 5:22 pm

Thanks for your suggestion, we will take it into consideration.
Once you have blocked the IP address it will no longer accept connections from this IP.
greenhouse
Posts: 22
Joined: Fri Sep 28, 2007 5:25 pm
Location: New Hampshire

Post by greenhouse » Tue Dec 04, 2007 5:11 pm

I have hope that an automatic IP block will come soon.
admin
Site Admin
Posts: 1470
Joined: Wed Apr 13, 2005 9:16 pm

Post by admin » Wed Dec 05, 2007 7:40 am

I'm sorry, we're currently very busy working on other projects, but hopefully next year we will be able to implement this feature
greenhouse
Posts: 22
Joined: Fri Sep 28, 2007 5:25 pm
Location: New Hampshire

Post by greenhouse » Wed Jul 02, 2008 4:55 am

As an update, the password cyclers seem to be getting sneakier. Now, they only attempt a few hundred at a time here and there.

Maybe a stat showing the number of login attempts or failed login attempts or both might be a nice additional feature.
Post Reply