20 Mar
2009
20 Mar
'09
1:58 p.m.
On 3/19/2009, Ed W (lists@wildgooses.com) wrote:
The current attacks against my server are very slow attacks from a distributed botnet and fail2ban is hardly touching them. I see dozens of IPs trying at no more than one per minute and it would appear they swap between smtp and pop ports (I see the same from any given IP).
Some IPs seem much more common and fail2ban is occasionally snagging an IP which spews a bit faster, but sometimes each IP will try only once or twice a day.
With such slow/limited attacks, as long as you enforce strong passwords, whats the problem?
:)