Fail2ban hasn’t been working for me, I still have people running brute force attacks on my Postfix server, so I though I’d rig up something myself. This consists of a bash script that identifies multiple failures and bans them, run on cron every 10 minutes. It checks for both smtp and pop/imap login failures. #!/bin/sh […]

After the recent global distributed botnet attack on WordPress installations that took down servers and broke into admin accounts, I thought I’d write a plugin to prevent it happening again. Distributed botnet attacks can come from multiple IP addresses and locations at the same time, so conventional IP-based lockouts are not effective (e.g. those found […]

If you are getting any brute force attacks to your dovecot imap/pop3 server, install fail2ban to block the offenders. This works on CentOs 5.7. For other distributions, see the relevant websites. Firstly, install fail2ban. You should have the rpmforge repo from my previous post. Enable it first to install fail2ban: # cd /etc/yum.repos.d/ # vi […]

I wanted to create a simple drop-in script to add brute-force attempt blocking by IP address to my PHP/MySQL login scripts. It should be pretty simple to use. It needs a database to run off, you enter the database values and call the script (see usage) before login and on login failure (also before login […]