vm-pop3d security problem

[kktsang]

how could directadmin or any measurement could protect vm-pop3 from being brute-force attack ?

for imap, since it uses xinetd to launch the service, it could be protect by cps or instance.

but how about vm-pop3d ?
since I notice that vm-pop3d is running as own daemon

Is it possible to start vm-pop3d with xinetd ?
________
vaporizers

 

[Icheb]

Xinetd brings a nice red light which says downtime into my mind.
Perhaps it's possible, although personally I wouldn't want to do that. 10 % of all our downtime was caused by Xinetd and involved someone needing to disable it to reconfigure...

Btw: Never seen a brute force against the POP daemon.

 

[nobaloney]

how could directadmin or any measurement could protect vm-pop3 from being brute-force attack ?

vm-pop3d is compiled to use /etc/hosts.allow and /etc/hosts.deny, just as if it were launched from xinetd.

So all you have to do is put the following line into /etc/hosts.deny:

POP3: 12.34.56.78

where of course 12.34.56.78 should be replaced by the IP# you're trying to block.

Then you must restart vm-pop3 as follows:

# /etc/rc.d/init.d/vm-pop3 restart

Is it possible to start vm-pop3d with xinetd ?

Yes, but there's no need to do so, and if you do, you'll get a lot of messages from DA telling you it's not running.

Note:
On linux servers you can also set up APF firewall to automatically block IP#s hitting you with DOS attempts.

Jeff