> Are you still using databases for your authentication? From
> my research, it's not the FTP server that shuts down during a
> dictionary attack, it's the link to the db files.
> There have been recent patches discussed here for dovecot.
> It's great that this app is being reviewed, but it is not
> where I believe the core of the problem lies. Ultimately, the
> PAM module for database authentication craps itself and
> refuses to auth any more users.
>
> Even a login via the BQ web gui using a normal (non admin)
> user fails when the box is in this state.
>
> One day, someone may find the bug in the PAM modules. Until
> then, we have the following solutions:
> 1. Move to password authentication - using the documentation
> on Brian's site, or 2. Use the script located at
> http://www.gregkuhnert.com/public:bq:dfix
> .... This does not fix the problem, but it does detect
> dictionary attacks, and blocks the source before the PAM modules die.
> 3. A combination of the above - Even if you migrate to flat
> files instead of databases, it's still a good idea to try to
> detect and respond to dictionary attacks.
>
> Regards,
> Greg.
>
>
>
> Arthur Sherman wrote:
> >> Hi Arthur,
> >> I had this a couple of times and in my case it was a dictionary
> >> attack. I guess the FTP server is one of the first things
> that shuts
> >> down if things get too hectic. Hope this helps.
> >> R.
> >>
> >
> > Howdy,
> >
> > This is what I think too.
> > Nevertheless, there aren't any signs of major attack, some
> dropped packets.
> > It feels like the ftp (and probably dovecot) are very tender...
> >
> >
> > Best,
> > --
> >
> > Arthur Sherman
A while ago Brian helped me to move from DB auth to flat files.
After this, the messages ceased to arrive, for a short while.
Is it possible that the system switched back to DB, somehow?
How do I check to ensure that it uses DB auth?
Best,
--
Arthur Sherman