Are you still using databases for your authentication? From my research,
it's not the FTP server that shuts down during a dictionary attack, it's
the link to the db files.
There have been recent patches discussed here for dovecot. It's great
that this app is being reviewed, but it is not where I believe the core
of the problem lies. Ultimately, the PAM module for database
authentication craps itself and refuses to auth any more users.
Even a login via the BQ web gui using a normal (non admin) user fails
when the box is in this state.
One day, someone may find the bug in the PAM modules. Until then, we
have the following solutions:
1. Move to password authentication - using the documentation on Brian's
site, or
2. Use the script located at http://www.gregkuhnert.com/public:bq:dfix
.... This does not fix the problem, but it does detect dictionary
attacks, and blocks the source before the PAM modules die.
3. A combination of the above - Even if you migrate to flat files
instead of databases, it's still a good idea to try to detect and
respond to dictionary attacks.
Regards,
Greg.
Arthur Sherman wrote:
>> Hi Arthur,
>> I had this a couple of times and in my case it was a
>> dictionary attack. I guess the FTP server is one of the first
>> things that shuts down if things get too hectic. Hope this helps.
>> R.
>>
>
> Howdy,
>
> This is what I think too.
> Nevertheless, there aren't any signs of major attack, some dropped packets.
> It feels like the ftp (and probably dovecot) are very tender...
>
>
> Best,
> --
>
> Arthur Sherman
>
>
>