Параметр csf/lfd, который предотвращает атаки SMTP?

Question

Параметр csf/lfd, который предотвращает атаки SMTP?

У меня есть 4~5MB logwatch, как это каждый день! кому то нравится взломать мой smtp

....
--------------------- sasl auth daemon Begin ------------------------ 


 SASL Authentications failed 3965 Time(s)
 Service smtp (pam) - 3965 Time(s):
    Realm  - 3959 Time(s):
       User: account - PAM auth error - 346 Time(s):
       User: admin - PAM auth error - 346 Time(s):
       User: admin1 - PAM auth error - 147 Time(s):
       User: chris - PAM auth error - 346 Time(s):
       User: contact - PAM auth error - 6 Time(s):
       User: fax - PAM auth error - 346 Time(s):
       User: info1 - PAM auth error - 346 Time(s):
       User: master - PAM auth error - 346 Time(s):
       User: noname - PAM auth error - 346 Time(s):
       User: pamela - PAM auth error - 346 Time(s):
       User: scanner - PAM auth error - 346 Time(s):
       User: test1 - PAM auth error - 346 Time(s):
       User: user1 - PAM auth error - 346 Time(s):
    Realm xxxxx.com - 6 Time(s):
       User: contact@xxxxxxx.com - PAM auth error - 6 Time(s):


 **Unmatched Entries**

 pam_unix(smtp:auth): check pass; user unknown
 pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= 
 pam_unix(smtp:auth): check pass; user unknown
 pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= 
 pam_unix(smtp:auth): check pass; user unknown
 pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= 
 pam_unix(smtp:auth): check pass; user unknown
 pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= 
 pam_unix(smtp:auth): check pass; user unknown
 pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= 
 pam_unix(smtp:auth): check pass; user unknown
 pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= 
 pam_unix(smtp:auth): check pass; user unknown
 pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= 
 pam_unix(smtp:auth): check pass; user unknown
 pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= 
 pam_unix(smtp:auth): check pass; user unknown
 pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= 
 pam_unix(smtp:auth): check pass; user unknown
 pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= 
 pam_unix(smtp:auth): check pass; user unknown
 pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= 
 pam_unix(smtp:auth): check pass; user unknown
 pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= 
 pam_unix(smtp:auth): check pass; user unknown
 pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= 
 pam_unix(smtp:auth): check pass; user unknown
 pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= 
 pam_unix(smtp:auth): check pass; user unknown
 pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= 
 pam_unix(smtp:auth): check pass; user unknown
 pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= 
 pam_unix(smtp:auth): check pass; user unknown
 pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= 
 pam_unix(smtp:auth): check pass; user unknown
 pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= 
 pam_unix(smtp:auth): check pass; user unknown
 pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= 
 pam_unix(smtp:auth): check pass; user unknown
 pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= 
 pam_unix(smtp:auth): check pass; user unknown
 pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= 
 pam_unix(smtp:auth): check pass; user unknown
.....

Какой параметр я должен изменить, чтобы предотвратить эту грубую силу на SMTP? Я думаю, что я должен изменить номер, но не знаю, какой.

1

smtp csf lfd

Источник

exim 02 фев '13 в 08:33

1 ответ

Другие вопросы по тегам smtp csf lfd

Michael Hampton 02 фев '13 в 17:33 2013-02-02 17:33 · Answer 1 · 2013-02-02 17:33

Канонический ответ "как бороться с атаками грубой силы", подобный этому, заключается в использовании fail2ban. Если вы используете какую-то панель управления веб-хостингом, вы можете найти опции, связанные с fail2ban, уже там.

0

Источник

Michael Hampton 02 фев '13 в 17:33