message sent to admin

Post Reply
allnet4u
Junior Member
Posts: 4
Joined: 21 May 2010, 13:53
Location: Montreal
Contact:
Contact allnet4u

message sent to admin

Post by allnet4u »

Hi

it will be great to see in the message sent from csf when a user is blocked for pop3 or whatever other attempts as this brute force attack

Time: Fri May 21 01:01:04 2010 -0400
IP: 218.78.209.235 (CN/China/-)
Failures: 3 (pop3d)
Interval: 300 seconds
Blocked: Yes

Log entries:

May 21 01:00:48 mail pop3d: LOGIN FAILED, user=admin, ip=[::ffff:218.78.209.235]
May 21 01:00:54 mail pop3d: LOGIN FAILED, user=test, ip=[::ffff:218.78.209.235]
May 21 01:00:59 mail pop3d: LOGIN FAILED, user=danny, ip=[::ffff:218.78.209.235]

where or what site the person tried to login
with this message, we have no glue on what site he is trying to login
then we will be able to check the site and the code (if any unsecure hole)

Thank you
Top
Sergio
Junior Member
Posts: 1712
Joined: 12 Dec 2006, 14:56

Post by Sergio »

This will be great, add my vote.
Top
allnet4u
Junior Member
Posts: 4
Joined: 21 May 2010, 13:53
Location: Montreal
Contact:
Contact allnet4u

Hello Sergio

Post by allnet4u »

Thanks for your support for my post

yes in fact this report give just info about someone trying to do what it is writted somewhere we don't know

the visitor is blocked but we don't know what was involved or where he came from

maybe configserver can explain how to add and if a variable may be added in the message we have access in the lfd/csf

so far no much answeers, will see

Regards
Patrick
allnet4u
Top
Infopro
Junior Member
Posts: 142
Joined: 15 Dec 2006, 00:22

Post by Infopro »

allnet4u wrote:Hi

it will be great to see in the message sent from csf when a user is blocked for pop3 or whatever other attempts as this brute force attack

Time: Fri May 21 01:01:04 2010 -0400
IP: 218.78.209.235 (CN/China/-)
Failures: 3 (pop3d)
Interval: 300 seconds
Blocked: Yes

Log entries:

May 21 01:00:48 mail pop3d: LOGIN FAILED, user=admin, ip=[::ffff:218.78.209.235]
May 21 01:00:54 mail pop3d: LOGIN FAILED, user=test, ip=[::ffff:218.78.209.235]
May 21 01:00:59 mail pop3d: LOGIN FAILED, user=danny, ip=[::ffff:218.78.209.235]

where or what site the person tried to login
with this message, we have no glue on what site he is trying to login
then we will be able to check the site and the code (if any unsecure hole)

Thank you
It's not a site, it's an email account that someone tried to login to and failed, got blocked.
Top
chirpy
Moderator
Posts: 3537
Joined: 09 Dec 2006, 18:13

Post by chirpy »

All the information that is available is in those log lines, so it's not possible to provide anything else.
Top
allnet4u
Junior Member
Posts: 4
Joined: 21 May 2010, 13:53
Location: Montreal
Contact:
Contact allnet4u

HI

Post by allnet4u »

Infopro wrote:It's not a site, it's an email account that someone tried to login to and failed, got blocked.
sure I understand that, but as said in my message
it will be great to know on which account the user tried to login in
in some case it may be also FTP, ssh, or port 80

in this case, a referrer site will be usefull to know
Top
allnet4u
Junior Member
Posts: 4
Joined: 21 May 2010, 13:53
Location: Montreal
Contact:
Contact allnet4u

Post by allnet4u »

chirpy wrote:All the information that is available is in those log lines, so it's not possible to provide anything else.
Thanks for your answeer
Top
Post Reply

Return to “Suggestions (csf)”