IMAP and POP3 authentication DOS attack

If you have IMAP and POP3 authentication constantly fails and having problems with your mail clients. Large  IMAP and POP3 authentication request, It may be DOS attack.

Check your cPHulk Brute Force Protection, Look under “Login/Brute History Report” if cPHulk is enabled and see if any of your email accounts have been locked out for excessive failed login attempts.

WHM Home » Security Center » cPHulk Brute Force Protection

It’s also possible the mail server is running out of available authentication daemons. Check your authentication processes values

WHM Home » Service Configuration » Mailserver Configuration

Use the following command to check large number of authentication failures per ip address.

awk ‘/auth failed/ {for (i=1;i<=NF;i=i+1) if ($i~/rip/) print $i}’ /var/log/maillog |sort|uniq -c|sort -n| tail

Try to block large authentication request ip address in your Firewall.

For CSF firewall,

  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

cPHulk Brute Force Protection

WHM/cPanel has a service, protected from Brute Force attack, which is called “cPHulk Brute Force...

Enable SSH key authorized login without root password

You need to generate SSH Key ( the private key )on your cpanel server and then update remote...

How can I Redirect URLs in cPanel

Login your cpanel 1. Click the Redirects button on the front page under the “domains” 2. Enter...

Enable Custom php.ini for Fast CGI

With fast-cgi, custom php.ini needs to be in the cgi-bin folder. 1) Move php.ini to cgi-bin...

ConfigServer Firewall CSF installation

ConfigServer firewall is a popular linux firewall security suite. It is easy to install, flexible...

Powered by WHMCompleteSolution