Password Cycling Intrusion Attempts

greenhouse · Post by **greenhouse** » Thu Nov 15, 2007 4:50 am

IP address 203.26.171.221 have possibly attempted intrusion onto my QnE mail server.

Their rapid cycling of user names and passwords so overwelmed the mail server program that I had to use a Ctrl-Alt-Del to shut the program down and restart the server to block the the IP. This was further complicated due to the fact they were still cycling after the restart.

We need an automatic block of IP addreses after ? failed login attempts like QnE FTP server has. Also, having an option of setting it to block for a specified amount of time, say 24 hours would be nice. We may not want to permently block everyone.

greenhouse · Post by **greenhouse** » Thu Nov 15, 2007 5:02 am

As an after-thought, It took me a few minutes to figure out that cycling was happening because the statistics window does not show that login attempts are in progress. It only shows when the connection is established.

Post by **admin** » Thu Nov 15, 2007 5:22 pm

Thanks for your suggestion, we will take it into consideration.
Once you have blocked the IP address it will no longer accept connections from this IP.

greenhouse · Post by **greenhouse** » Tue Dec 04, 2007 5:11 pm

I have hope that an automatic IP block will come soon.

Post by **admin** » Wed Dec 05, 2007 7:40 am

I'm sorry, we're currently very busy working on other projects, but hopefully next year we will be able to implement this feature

greenhouse · Post by **greenhouse** » Wed Jul 02, 2008 4:55 am

As an update, the password cyclers seem to be getting sneakier. Now, they only attempt a few hundred at a time here and there.

Maybe a stat showing the number of login attempts or failed login attempts or both might be a nice additional feature.