Greg,
Thanks for the update!
-Rashid
On 1/19/09 6:52 AM, "Greg Kuhnert" <greg.kuhnert (at mark) theanchoragesylvania.com>
wrote:
> Hi Blue*
>
> After the recent dovecot update, I noticed a log format change to the
> dovecot log files. Theoretically, the reason for running dfix is now
> gone. The old system lockups when our servers are subjected to brute
> force attacks to dovecot appear to be fixed with the current dovecot rpm.
>
> However, preventing system lockups is not the only reason to run dfix.
> Brute force attacks are designed to find bad or weak passwords. dfix
> will detect these attacks and temporarily black-list the attacker's IP
> address.
>
> Another new feature in the current version is the ability to detect http
> rfi (Remote File Include) attackers. If you upgrade to this version of
> dfix, you may be surprised just how many people are attempting to attack
> your websites.
>
> An explanation of RFI exploits can be found at
> http://en.wikipedia.org/wiki/Remote_File_Inclusion
>
> Anyway, the code for dfix is as always available at
> http://www.gregkuhnert.com/public:bq:dfix
>
> I plan to release another update soon - to cleanup the code.... till
> then, enjoy this version.
>
> Regards,
> Greg.