Re: [Dovecot] script to detect dictionary attacks
7 Apr
2013
7 Apr
'13
2:40 a.m.
Here is the simplex script that I use to filter attacking sites. I should be easy to add your extra bits (email etc).
Cheers, Stephen
#! /bin/sh
d=date +"%b %d"
grep "$d" /var/log/mail/info.log|grep ruleset=check_rcp | gawk
'{split($0,q,/[\[\]]/);print "/sbin/iptables -A INPUT -s " q[4] "/32 -j
DROP"}' | sort -u > /tmp/fw$$
#reset iptable to base
/etc/rc.d/rc.fw > /dev/null 2>&1
#add new filter(s)
. /tmp/fw$$
rm -f /tmp/fw$$
--
Stephen Davies Consulting P/L Phone: 08-8177 1595 Adelaide, South Australia. Mobile:040 304 0583 Records & Collections Management.
4251
Age (days ago)
4251
Last active (days ago)
0 comments
1 participants
participants (1)
-
Stephen Davies