Site icon Learning & Doing

IMAP and POP3 authentication DOS attack cpanel

  1. gunakan commnad berikut untuk mengetahui fail autentikasi per IP
# awk '/auth failed/ {for (i=1;i<=NF;i=i+1) if ($i~/rip/) print $i}' /var/log/maillog |sort|uniq -c|sort -n| tail

 12 rip=223.255.228.87,
13 rip=114.124.141.10,
14 rip=111.94.212.75,
15 rip=103.10.67.166,
15 rip=103.23.202.26,
15 rip=223.255.228.94,
18 rip=223.255.228.105,
18 rip=223.255.228.89,
25 rip=2406:2400:c0:a708:1014:156e:9dcd:8d7a,
504 rip=111.68.124.38,

2. blok di csf misal : IP 111.68.124.38 504 kali fail .

csf -d <ipaddress>

Exit mobile version