Results 1 to 5 of 5

Thread: Prevent POP3 Probing Help

  1. #1
    Join Date
    Jul 2009
    Beans
    98

    Prevent POP3 Probing Help

    Hi Everyone,

    I noticed today that my server was being flooded via POP3 attempted logins from a Chinese IP address. I have since blocked that IP Address in my iptables from even connecting to my machine. However, is there a way to limit the number of attempted logins?

    I found this while searching:

    http://serverfault.com/questions/247...login-attempts

    As taken from the link above, would this code fix my problem?

    Code:
    iptables -A INPUT -p tcp --dport 110 -m state --state NEW -m recent --name pop --rsource --update --seconds 60 --hitcount 5 -j DROP iptables -A INPUT -p tcp --dport 110 -m state --state NEW -m recent --name pop --rsource --set -j ACCEPT
    Is there a better way to limit login attempts for POP3 and other related services?

  2. #2
    Join Date
    Jul 2009
    Beans
    98

    Re: Prevent POP3 Probing Help

    Anyone know?

  3. #3
    Join Date
    May 2010
    Beans
    462
    Distro
    Ubuntu Development Release

    Re: Prevent POP3 Probing Help

    Are you running a mail server?

  4. #4
    Join Date
    Jul 2009
    Beans
    98

    Re: Prevent POP3 Probing Help

    Quote Originally Posted by wacky_sung View Post
    Are you running a mail server?
    Yes, I'm running a mail server.

  5. #5
    Join Date
    Oct 2005
    Location
    Al Ain
    Beans
    7,955

    Re: Prevent POP3 Probing Help

    Simple really. Don't use POP3 or IMAP. Rather use POP3S and IMAPS.

    And add this to your firewall rules:
    # General new connection rate limiting for DOS and Brute Force protection
    iptables -I INPUT -p TCP -m state --state NEW -m limit --limit 30/minute --limit-burst 5 -j ACCEPT

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •