plz some help in protection

J

jack sparrow

Verified User
Joined
Feb 3, 2010
Messages
41
Hello guys
today i was watching my server i found allot of imap-login and pop3-login and its still for hours

is that a spam hack or normal ?


Code: 
1966 apache    15   0 64396 3588 1480 S  0.0  0.7   0:00.00 httpd
 1975 dovecot   18   0 38200 2356 1856 S  0.0  0.4   0:00.00 imap-login
 3557 dovecot   18   0 38200 2360 1856 S  0.0  0.5   0:00.00 imap-login
 5450 dovecot   18   0 38200 2356 1856 S  0.0  0.4   0:00.00 imap-login
 7226 dovecot   18   0 38188 2344 1848 S  0.0  0.4   0:00.00 pop3-login
 9403 dovecot   18   0 38200 2356 1856 S  0.0  0.4   0:00.00 imap-login
 9519 dovecot   18   0 38200 2356 1856 S  0.0  0.4   0:00.00 imap-login
 9737 dovecot   18   0 38200 2352 1856 S  0.0  0.4   0:00.00 imap-login
 9825 dovecot   18   0 38200 2356 1856 S  0.0  0.4   0:00.00 imap-login
15445 dovecot   15   0 38188 2344 1848 S  0.0  0.4   0:00.00 pop3-login
15692 dovecot   18   0 38200 2352 1856 S  0.0  0.4   0:00.00 imap-login
16342 apache    18   0 64556 3752 1480 S  0.0  0.7   0:00.15 httpd
17573 root      15  -4 12604  676  360 S  0.0  0.1   0:00.00 udevd
17657 dovecot   16   0 38188 2344 1848 S  0.0  0.4   0:00.00 pop3-login
18014 root      16   0  5908  620  500 S  0.0  0.1   0:02.60 syslogd
18114 root      15   0 10336  772  540 S  0.0  0.1   0:00.87 dovecot
18116 root      18   0 15196 1464  872 S  0.0  0.3   0:00.57 dovecot-auth
18142 root      15   0 62624 1208  652 S  0.0  0.2   0:01.27 sshd
19457 dovecot   18   0 38200 2356 1856 S  0.0  0.4   0:00.00 imap-login
19636 dovecot   15   0 38200 2352 1856 S  0.0  0.4   0:00.00 imap-login
19951 apache    15   0 64464 3532 1460 S  0.0  0.7   0:00.00 httpd
20132 dovecot   18   0 38188 2348 1848 S  0.0  0.4   0:00.00 pop3-login
20133 dovecot   18   0 38188 2344 1848 S  0.0  0.4   0:00.00 pop3-login
20135 dovecot   18   0 38188 2344 1848 S  0.0  0.4   0:00.00 pop3-login
20136 dovecot   18   0 38188 2348 1848 S  0.0  0.4   0:00.00 pop3-login
20139 dovecot   18   0 38188 2348 1848 S  0.0  0.4   0:00.00 pop3-login
20140 dovecot   18   0 38188 2348 1848 S  0.0  0.4   0:00.00 pop3-login
 
Well, I had someone who was hitting my pop3 port (non-customer) trying to bruteforce their way in, it was so bad, vm-pop3d became unresponsive. In the end I had to block the IP at firewall level.......

Ofc, this isn't related to OP, but I thought I'd give a heads up incase its a wide issue.....
 
jack sparrow said:
Hello guys
today i was watching my server i found allot of imap-login and pop3-login and its still for hours

is that a spam hack or normal ?
Click to expand...

No, it's not a hack attempt. To lower the amount of login processes, open /etc/dovecot.conf, find:
Code: 
login_processes_count = 16
Replace with (e.g. 4 processes):
Code: 
login_processes_count = 4
Restart dovecot now:
Code: 
/etc/init.d/dovecot restart
 
You must log in or register to reply here.
Back
Top