Article 14871 at 09/01/26 05:38:33 From: midintertech (at mark) hotmail.com Subject: [coba-e:14871] Re: dfix.sh Update

Index: [Article Count Order] [Thread]
Date:  Sun, 25 Jan 2009 14:38:25 -0600
From:  Tom W <midintertech (at mark) hotmail.com>
Subject:  [coba-e:14871] Re: dfix.sh Update
To:  "coba-e (at mark) bluequartz.org" <coba-e (at mark) bluequartz.org>
Message-Id:  <BAY107-W3247720FA8A970400542D2D1CD0 (at mark) phx.gbl>
In-Reply-To:  <VPOP31.5.0m.20090125100825.590.2725.1.505a6688 (at mark) t1.tec1.net>
References:  <VPOP31.5.0m.20090125100825.590.2725.1.505a6688 (at mark) t1.tec1.net>
X-Mail-Count: 14871


----------------------------------------
> Date: Sun, 25 Jan 2009 10:08:25 +0000
> From: bluequartz (at mark) ozin.com
> Subject: [coba-e:14868] Re: dfix.sh Update
> To: coba-e (at mark) bluequartz.org
>
> Greg there seems to be a bug in the current script as posted on your site.
> If freezes here:
>
> ###################################
>
> # Check for other disconnects
> grep "dovecot.*Disconnected.*auth failed.*rip=" | sed -e "s/.*rip=//" | cut -d "," -f 1 | grep -v -f $GLOGIP>> $TLOGIP
>
> ###################################
>
> I think there is a $TLOGFILE missing.
>
> Please advise as I foolishly wrote over my old version and have temporarily fixed by commenting that line out.
>
> Jason
>
> ----- Original Message -----
> From: "Greg Kuhnert" 
> To: "BQ List" ; "BlueOnyx General Mailing List"
> 
> Sent: Monday, January 19, 2009 6:52 AM
> Subject: [coba-e:14799] dfix.sh Update
>
>
>> Hi Blue*
>>
>> After the recent dovecot update, I noticed a log format change to the
>> dovecot log files. Theoretically, the reason for running dfix is now gone.
>> The old system lockups when our servers are subjected to brute force
>> attacks to dovecot appear to be fixed with the current dovecot rpm.
>>
>> However, preventing system lockups is not the only reason to run dfix.
>> Brute force attacks are designed to find bad or weak passwords. dfix will
>> detect these attacks and temporarily black-list the attacker's IP address.
>>
>> Another new feature in the current version is the ability to detect http
>> rfi (Remote File Include) attackers. If you upgrade to this version of
>> dfix, you may be surprised just how many people are attempting to attack
>> your websites.
>>
>> An explanation of RFI exploits can be found at
>> http://en.wikipedia.org/wiki/Remote_File_Inclusion
>>
>> Anyway, the code for dfix is as always available at
>> http://www.gregkuhnert.com/public:bq:dfix
>>
>> I plan to release another update soon - to cleanup the code.... till then,
>> enjoy this version.
>>
>> Regards,
>> Greg.
>>
>
>
>



Yes we posted about the missing $TLOGFILE on the blueonyx
mail list yesterday. If you need old version we have it, 
but you can also just click on top of his webpage on the 
old revision button to get the old version of dfix.

http://www.gregkuhnert.com/public:bq:dfix?do=revisions


best regards


_________________________________________________________________
Windows Live�: E-mail. Chat. Share. Get more ways to connect. 
http://windowslive.com/howitworks?ocid=TXT_TAGLM_WL_t2_allup_howitworks_012009