⚝
One Hat Cyber Team
⚝
Your IP:
216.73.216.23
Server IP:
178.33.27.10
Server:
Linux cpanel.dev-unit.com 3.10.0-1160.108.1.el7.x86_64 #1 SMP Thu Jan 25 16:17:31 UTC 2024 x86_64
Server Software:
Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips
PHP Version:
8.2.11
Buat File
|
Buat Folder
Eksekusi
Dir :
~
/
usr
/
share
/
doc
/
dovecot-2.2.36
/
wiki
/
View File Name :
Authentication.Penalty.txt
Authentication Penalty ====================== Dovecot anvil process tracks authentication penalties for different IPs to slow down brute force login attempts. The algorithm works by: * First auth failure reply will be delayed for 2 seconds (this happens even without auth penalty) * 'AUTH_PENALTY_INIT_SECS' in 'src/auth/auth-penalty.h' * The delay will be doubled for 4 -> 8 seconds, and then the upper limit of 15 seconds is reached. * 'AUTH_PENALTY_MAX_SECS' and AUTH_PENALTY_MAX_PENALTY in 'src/auth/auth-penalty.h' * If the IP is in login_trusted_networks (e.g. webmail), skip any authentication penalties * If the username+password combination is the same as one of the last 10 login attempts, skip increasing authentication penalty. * 'CHECKSUM_VALUE_PTR_COUNT' in 'src/anvil/penalty.c' * The idea is that if a user has simply configured the password wrong, it shouldn't keep increasing the delay. * The username+password is tracked as the CRC32 of them, so there is a small possibility of hash collisions Problems: * It is still possible to do multiple auth lookups from the same IP in parallel. * For IPv6 it currently blocks the entire /48 block, which may or may not be what is wanted. * PENALTY_IPV6_MASK_BITS in auth-penalty.c Authentication penalty tracking can be disabled completely with: ---%<------------------------------------------------------------------------- service anvil { unix_listener anvil-auth-penalty { mode = 0 } } ---%<------------------------------------------------------------------------- Also you can have similar functionality with fail2ban [http://wiki2.dovecot.org/HowTo/Fail2Ban]. (This file was created from the wiki on 2018-05-23 04:42)