Hi,
*** I have tried to force SurgeWeb to require SSL ***
This is easily done via the surgeweb settings. We in fact do this.
--Ed
On 01/25/2017 06:33 PM, Neil Herber (nospam) wrote:
> Thanks for the tutorial, Chris.
>
> I am just trying to reduce the attack surface on my server which hosts
> both SurgeMail and Apache with several vhosts.
>
> I have put all of SM management behind a reverse proxy that gets forced
> to HTTPS and requires authentication.
>
> I have tried to force SurgeWeb to require SSL.
>
> I periodically scan logs looking for persistent attackers or targets and
> I then I add IP blocks to the firewall or add Apache alias rules that
> silently redirect "popular target URLs" to a "phpwpoison" page.
>
> So to answer your questions: 1)the log entries do bother me, but I will
> try to reduce my inspection of them, 2)the load is negligible at
> present, but they did saturate my connection when they managed to
> brute-force the password to WordPress management, 3)yes, it is security
> and I have tried to ensure that any of the login areas on the server
> require SSL.
>
> So I am probably pretty good, but I think I will still disable POP.
>
> Thanks
>
> Neil
>
>
> On 2017-01-25 4:57 PM, surgemail-support wrote:
>>
>> The question is what are you trying to fix exactly,
>>
>> 1) Is it just the log entries that bother you.
>>
>> 2) is it load caused by the probing
>>
>> 3) is it security.
>>
>> if it's '3', then you probably already have it fixed with requiring
>> ssl, but that doesn't really stop probing it just stops 'dumb'
>> probing, the settings below and on the referenced web page will help a
>> lot.
>>
>> If it's '1', then stop reading them :-)
>>
>> If it's '2', then it's probably not really causing significant load
>> (unless you have reason to believe otherwise...)
>>
>> Here are some settings I would use...
>>
>> # Block guessing if a user tries an obvious admin account
>> G_HACKER_POISON HIDDEN@,administrator@*"
>>
>> # Only allow smtp logins if the user has previously logged in via
>> imap/pop from the same address
>> G_SAFE_SMTP "true"
>>
>> # Alert users when logins occur from unknown addresses that are not
>> from australia or usa...
>> G_SAFE_WARNING "true"
>> g_safe_country "us,au"
>>
>>
>> # if you really want to disable pop, which is valid enough if your
>> users are all imap based...
>> g_pop_port "disabled"
>>
>> You may find other info on this page useful:
>>
>> http://netwinsite.com/surgemail/help/hackers.htm
>>
>> ChrisP.
>>
>>
>> On 26/01/2017 7:04 a.m., surgemailHIDDEN@etwinsite.com wrote:
>>>
>>> My server is getting hammered by POP login attempts.
>>>
>>> I want to force all my real clients to use SSL IMAP only. What
>>> settings do I need to:
>>>
>>> 1) force authenticated SSL logins for IMAP
>>>
>>> 2) completely ignore any POP logins (or force SSL if ignoring is a
>>> bad idea)
>>>
>>> 3) force authenticated SSL logins for SMTP
>>>
>>> Any other suggestions to get rid of these pests welcome.
>>>
>>> Note: I thought I had already set things up to force SSL, but I keep
>>> getting these failed log messages:
>>>
>>>> 25 10:49:03.66:6852: xx-client-xx: pop: SSL required for ip (115.211.174.66) xx-client-xx
>>>
>>> Neil
>>>
>>>
>>> --
>>> Neil Herber
>>
>
> --
> Neil Herber
>
--
-----------------------------------------------------------
EAS Enterprises LLC
World Class Web and Email Hosting Solutions
IPv6 ready today for your needs of tomorrow!
Ask us about dual-stacking your site
www.easent.net
|
