[CentOS] Script to kill dictionary spam attacks
Chris Mason (Lists)
lists at masonc.com
Sun Mar 26 15:02:03 UTC 2006
Craig White wrote:
>
> ---
> there's no way to script that - you have to configure your smtp server
> and since you don't mention which smtp server you are using nor what you
> have looked at in terms of documentation, there's little anyone could
> suggest.
>
>
I did find a perl script from 2001 should be effective and I am testing
now. It's called rumplekill.pl and the way it works is pretty simple. It
greps for "Unknown user" in the last 1,000 entries in /var/log/maillog
| counts the occurrences of the ip, if the count > $threshold then it
writes that ip to a file /var/log/blocked_ips
That's what I need. I am testing now.
--
Chris Mason
NetConcepts
(264) 497-5670 Fax: (264) 497-8463
Int: (305) 704-7249 Fax: (815)301-9759 UK 44.207.183.0271
Cell: 264-235-5670
Yahoo IM: netconcepts_anguilla at yahoo.com
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the CentOS
mailing list