I noticed today that my server was being flooded via POP3 attempted logins from a Chinese IP address. I have since blocked that IP Address in my iptables from even connecting to my machine. However, is there a way to limit the number of attempted logins?
I found this while searching:
As taken from the link above, would this code fix my problem?
Is there a better way to limit login attempts for POP3 and other related services?
iptables -A INPUT -p tcp --dport 110 -m state --state NEW -m recent --name pop --rsource --update --seconds 60 --hitcount 5 -j DROP iptables -A INPUT -p tcp --dport 110 -m state --state NEW -m recent --name pop --rsource --set -j ACCEPT