LFD Feature Request: Slow Attack Check

Post Reply
clickbuild
Junior Member
Posts: 3
Joined: 28 Jul 2012, 17:29

LFD Feature Request: Slow Attack Check

Post by clickbuild »

There appears to be a new style of hack against POP, mostly coming from Romania, that is playing a long game.

Usually a script/bot will try random username/password combinations in rapid succession to try and break in to an account. This can be stopped easily by LFD.

I've been noticing the same IP failing for a large block of logins and it appears that instead of trying to break into one account using 100's of guesses per hour, their strategy is to fail once per day for a larger number of accounts.

So instead of trying 50 passwords against 1 account in 1 day, they try 1 new password against 50 accounts per day. Same same hack just on a different timescale - so they never trigger a block.

So far they have the login style incorrect (using and @ instead of a + for the username) and the email addresses are just guesses, info@ being the most common, but I'm sure it will not be long before that is updated.

Here are some IP's that have shown in the last 7 days.
93.114.45.163 - (most consistent)
89.42.240.211
92.44.144.198
89.42.240.2
89.42.240.192
79.38.111.61
peterelsner
Junior Member
Posts: 73
Joined: 16 Nov 2010, 22:49

Re: LFD Feature Request: Slow Attack Check

Post by peterelsner »

I just found 2 IP addresses from Romania, that were sending spam from 4 different, compromised email accounts.
Wonder if this is how they got the login credentials for email??
Post Reply