Forum
  1. Forums
  2. Imunify360
  3. Imunify360 and Imunify Sensor
  1. Mauritz K
  2. Friday, August 03, 2018
  3.  Subscribe via email
We have a huge issue with Imunify blocking legitimate users.

For example,

There is an office with 10 people.
1 user is entering a password incorrectly, triggering:

Dovecot Invalid User Login Attempt.
Exim Auth failed
Dovecot brute force attack (multiple auth failures).

This 1 user then gets the entire office IP blocked and 9 other people can't get their mail.

cPHulk will actually block only the 1 offending mail user.

How can we solve this?
Rate this post:
  1. 03.08.2018 12:08:04
  2. # 1
Posts: 172
Joined: 31.01.2017
0
Votes
Undo
Hi Mauritz,

We are going to resolve this issue in our advanced bruteforce protection module (internal task id DEF-4079). Meanwhile, you can add the IP address into Imunify360 whitelist so no blocking will occur for it going forward.
  1. 03.08.2018 13:08:23
  2. # 2
Mauritz K Accepted Answer
Posts: 2
Joined: 03.08.2018
0
Votes
Undo
Hi,

When is the Advanced Bruteforce Module scheduled for release? I know you can't say exactly, but are we talking days, weeks or months from now?
  1. 03.08.2018 14:08:07
  2. # 3
Posts: 172
Joined: 31.01.2017
0
Votes
Undo
Current ETA is Q4'2018
  1. 04.08.2018 06:08:08
  2. # 4
Mauritz K Accepted Answer
Posts: 2
Joined: 03.08.2018
0
Votes
Undo
Thank you.

In the meantime, can we disable the rules being triggered and enable cPhulk until Q3 ?
  1. 05.08.2018 20:08:32
  2. # 5
Posts: 172
Joined: 31.01.2017
0
Votes
Undo
Yes, just re-enable cPHulk and it will make Imunify360 disable ossec IDS.
  1. 28.11.2018 13:11:40
  2. # 6
Mauritz Accepted Answer
Do we know if this has been implemented in 3.8.x already?

This issue is killing us.
  1. 28.11.2018 14:11:44
  2. # 7
Posts: 172
Joined: 31.01.2017
0
Votes
Undo
Mauritz,

No, it is not there in 3.8.x. Please, re-enable cPHulk if your are sure it is Imunify360 IDS (ossec) that causing the issue.
  • Page :
  • 1


There are no replies made for this post yet.
Be one of the first to reply to this post!
Guest
Submit Your Response
Upload files or images for this discussion by clicking on the upload button below. Supports gif,jpg,png,zip,rar,pdf
• Remove Upload Files (Maximum File Size: 2 MB)
You may insert polls into your post. The poll would then appear in the post.
Vote Options
Captcha
To protect the site from bots and unauthorized scripts, we require that you enter the captcha codes below before posting your question.