How to prevent hacker multiple login attempt?

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
bhwong
Advanced member
Advanced member
Posts: 151
Joined: Thu Feb 27, 2014 8:40 pm

How to prevent hacker multiple login attempt?

Postby bhwong » Thu Mar 31, 2016 6:24 am

Some of our accounts keep getting locked out as hackers target these accounts by attempting to perform repeated logins.

I Tried renaming some of these account name hoping that the hackers will not be able to target the correct login name. However, as I also have to recreate the original account names in the alias so that the users can still receive email from their senders who are still sending to the original email account names. But I realize that by using the alias login name, they can still login!

1. Is it possible to disallow login using alias name?

2. Is it possible to detect and block the source IP address when multiple failed login is detected from the same source IP address?


User avatar
quanah
Zimbra Alumni
Zimbra Alumni
Posts: 1668
Joined: Fri Sep 12, 2014 10:33 pm
Contact:

Re: How to prevent hacker multiple login attempt?

Postby quanah » Thu Mar 31, 2016 4:10 pm

What I generally do at that point is use iptables to drop packets from the hacker's IP address.
--
Quanah Gibson-Mount
Product Architect, Symas http://www.symas.com/
OpenLDAP Core team http://www.openldap.org/project/
TitusI
Posts: 30
Joined: Fri Apr 15, 2016 2:54 pm
ZCS/ZD Version: Release 8.7.11_GA_1854.RHEL7_64_201

Re: How to prevent hacker multiple login attempt?

Postby TitusI » Fri Apr 15, 2016 3:41 pm

Well I'm testing fail2ban, it's a solution at this problem (ban the ip who generate bad login too often) but I have a problem due to the zimbra log process. I hope it work for you.

a reference
http://linux-sys-adm.com/how-to-configure-firewall-and-fail2ban-for-prevent-brute-force-attack-zimbra-8.6-on-ubuntu-server-14.04-lts-step-by-step/
User avatar
howanitz
Advanced member
Advanced member
Posts: 65
Joined: Mon Feb 01, 2016 9:27 am

Re: How to prevent hacker multiple login attempt?

Postby howanitz » Fri Apr 15, 2016 4:27 pm

This will not prevent lockouts, but if you would like an email alert when one occurs, I wrote a monitoring daemon for that, zlockout monitor:

https://github.com/Zimbra-Community/zimbra-tools

That also might help you recover more quickly.

Return to “Administrators”

Who is online

Users browsing this forum: Google [Bot], L. Mark Stone and 13 guests