Kiekeboe100
Verified User
Hello,
At the moment I have both DirectAdmin BFM and CSF that to checks in the log files to block IP addresses.
I do almost immediately a permanent block, but with a max of x IP addresses (400 I think), so ultimately after a while the IP is unblocked again.
Now I am seeing more and more blocks for IP's from my own country. When investigating this I see that these are almost always because of failed logins to POP3 or IMAP.
What do you guys do with this? This is probably because they changed their password, but forgot that a long time ago they installed app x to check their e-mail on tablet y (that 's begin used by the kids now).
I was thinking about skipping POP3/IMAP failures, but then again, if a POP3 account is brute-forces, it could be devastating. If an account is compromised it could be used to send spam. And yes there is a limit to max outgoing messages, but still, a lot of damage could be done.
Stijn
At the moment I have both DirectAdmin BFM and CSF that to checks in the log files to block IP addresses.
I do almost immediately a permanent block, but with a max of x IP addresses (400 I think), so ultimately after a while the IP is unblocked again.
Now I am seeing more and more blocks for IP's from my own country. When investigating this I see that these are almost always because of failed logins to POP3 or IMAP.
What do you guys do with this? This is probably because they changed their password, but forgot that a long time ago they installed app x to check their e-mail on tablet y (that 's begin used by the kids now).
I was thinking about skipping POP3/IMAP failures, but then again, if a POP3 account is brute-forces, it could be devastating. If an account is compromised it could be used to send spam. And yes there is a limit to max outgoing messages, but still, a lot of damage could be done.
Stijn