What is the proper way to protect against brute force login attempts for guessed usernames?
My SMTP activity log has non-stop activity for brute force username login attempts and I've yet to find a setting that prevents it.
I've searched the forums for solutions, but none have fixed the problem.
Thank you.
Brute Force Username Guessing Protection
-
- Site Admin
- Posts: 9738
- Joined: Mon Mar 22, 2004 4:44 am
- Location: Melbourne, Victoria, Australia
Re: Brute Force Username Guessing Protection
Hi,
There is no way to stop the attacks hitting the server. You can enable the "Abuse detection and prevention" option so that the inbound connections are banned after a total of 10 invalid authentication attempts (http://www.mailenable.com/documentation/10.0/Professional/Localhost_-_Policies.html). The IP will be banned for one hour. However to stop this before they hit the MailEnable server you would need to look into implementing a spam gateway server that has the ability to filter these types of attacks before they hit the mail server.
Here is an article to help further: http://www.mailenable.com/kb/content/article.asp?ID=ME020339
There is no way to stop the attacks hitting the server. You can enable the "Abuse detection and prevention" option so that the inbound connections are banned after a total of 10 invalid authentication attempts (http://www.mailenable.com/documentation/10.0/Professional/Localhost_-_Policies.html). The IP will be banned for one hour. However to stop this before they hit the MailEnable server you would need to look into implementing a spam gateway server that has the ability to filter these types of attacks before they hit the mail server.
Here is an article to help further: http://www.mailenable.com/kb/content/article.asp?ID=ME020339
Regards,
Ian Margarone
MailEnable Support
Ian Margarone
MailEnable Support
-
- Posts: 24
- Joined: Mon Oct 24, 2011 12:06 pm
Re: Brute Force Username Guessing Protection
I added a new rule "Blacklist" to my firewall (input rules). Within the SMTP-activity-log or the ActivityMonitor (SMTP) you can find the ip-address(es).
Insert this ip-adress(es) into the firewall rule Blacklist. May be later, the spammer will use another ip-adress.
Insert this ip-adress(es) into the firewall rule Blacklist. May be later, the spammer will use another ip-adress.
Reinhard Gojowsky
--------------------------
EAASDC IT Service Germany
ME Professional 10.40, Windows Server 2019
--------------------------
EAASDC IT Service Germany
ME Professional 10.40, Windows Server 2019
Re: Brute Force Username Guessing Protection
Thanks for the responses.
-
- Posts: 2
- Joined: Sat Oct 31, 2020 9:40 pm
- Location: Virginia, USA
Re: Brute Force Username Guessing Protection
There's also this slick little program called RdpGuard.
LSeawell
Re: Brute Force Username Guessing Protection
I have created a service watching the logs.
If an IP has too many illegal entrys the IP goes in the ME SMTP Blacklist.
Later Blacklisted IP's are copied to the windows firewall.
I have no release plan for IP's
I see the same IP being active again one or two years later.
Best Regards
Soren
If an IP has too many illegal entrys the IP goes in the ME SMTP Blacklist.
Later Blacklisted IP's are copied to the windows firewall.
I have no release plan for IP's
I see the same IP being active again one or two years later.
Best Regards
Soren