A resposta canônica para "como lidar com ataques de força bruta" é usar fail2ban . Se você estiver usando algum tipo de painel de controle de hospedagem na Web, poderá encontrar opções relacionadas ao fail2ban já existentes.
Eu tenho um logwatch de 4 a 5 MB como este todos os dias! alguém gosta de hackear meu smtp:
....
--------------------- sasl auth daemon Begin ------------------------
SASL Authentications failed 3965 Time(s)
Service smtp (pam) - 3965 Time(s):
Realm - 3959 Time(s):
User: account - PAM auth error - 346 Time(s):
User: admin - PAM auth error - 346 Time(s):
User: admin1 - PAM auth error - 147 Time(s):
User: chris - PAM auth error - 346 Time(s):
User: contact - PAM auth error - 6 Time(s):
User: fax - PAM auth error - 346 Time(s):
User: info1 - PAM auth error - 346 Time(s):
User: master - PAM auth error - 346 Time(s):
User: noname - PAM auth error - 346 Time(s):
User: pamela - PAM auth error - 346 Time(s):
User: scanner - PAM auth error - 346 Time(s):
User: test1 - PAM auth error - 346 Time(s):
User: user1 - PAM auth error - 346 Time(s):
Realm xxxxx.com - 6 Time(s):
User: [email protected] - PAM auth error - 6 Time(s):
**Unmatched Entries**
pam_unix(smtp:auth): check pass; user unknown
pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
pam_unix(smtp:auth): check pass; user unknown
pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
pam_unix(smtp:auth): check pass; user unknown
pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
pam_unix(smtp:auth): check pass; user unknown
pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
pam_unix(smtp:auth): check pass; user unknown
pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
pam_unix(smtp:auth): check pass; user unknown
pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
pam_unix(smtp:auth): check pass; user unknown
pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
pam_unix(smtp:auth): check pass; user unknown
pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
pam_unix(smtp:auth): check pass; user unknown
pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
pam_unix(smtp:auth): check pass; user unknown
pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
pam_unix(smtp:auth): check pass; user unknown
pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
pam_unix(smtp:auth): check pass; user unknown
pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
pam_unix(smtp:auth): check pass; user unknown
pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
pam_unix(smtp:auth): check pass; user unknown
pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
pam_unix(smtp:auth): check pass; user unknown
pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
pam_unix(smtp:auth): check pass; user unknown
pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
pam_unix(smtp:auth): check pass; user unknown
pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
pam_unix(smtp:auth): check pass; user unknown
pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
pam_unix(smtp:auth): check pass; user unknown
pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
pam_unix(smtp:auth): check pass; user unknown
pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
pam_unix(smtp:auth): check pass; user unknown
pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
pam_unix(smtp:auth): check pass; user unknown
.....
qual parâmetro devo alterar para evitar essa força bruta no smtp? Acho que devo mudar um número, mas não sei qual.
A resposta canônica para "como lidar com ataques de força bruta" é usar fail2ban . Se você estiver usando algum tipo de painel de controle de hospedagem na Web, poderá encontrar opções relacionadas ao fail2ban já existentes.