Blocking legitimate mail users
Forum
  1. Forums
  2. Imunify360
  3. Imunify360 and Imunify Sensor
  1. Mauritz K
  2. Friday, 03 August 2018
  3.  Subscribe via email
We have a huge issue with Imunify blocking legitimate users.

For example,

There is an office with 10 people.
1 user is entering a password incorrectly, triggering:

Dovecot Invalid User Login Attempt.
Exim Auth failed
Dovecot brute force attack (multiple auth failures).

This 1 user then gets the entire office IP blocked and 9 other people can't get their mail.

cPHulk will actually block only the 1 offending mail user.

How can we solve this?
Rate this post:
  1. 03.08.2018 12:08:04
  2. # 1
Posts: 185
Joined: 31.01.2017
0
Votes
Undo
Hi Mauritz,

We are going to resolve this issue in our advanced bruteforce protection module (internal task id DEF-4079). Meanwhile, you can add the IP address into Imunify360 whitelist so no blocking will occur for it going forward.
  1. 03.08.2018 13:08:23
  2. # 2
Mauritz K Accepted Answer
Posts: 3
Joined: 03.08.2018
0
Votes
Undo
Hi,

When is the Advanced Bruteforce Module scheduled for release? I know you can't say exactly, but are we talking days, weeks or months from now?
  1. 03.08.2018 14:08:07
  2. # 3
Posts: 185
Joined: 31.01.2017
0
Votes
Undo
Current ETA is Q4'2018
  1. 04.08.2018 06:08:08
  2. # 4
Mauritz K Accepted Answer
Posts: 3
Joined: 03.08.2018
0
Votes
Undo
Thank you.

In the meantime, can we disable the rules being triggered and enable cPhulk until Q3 ?
  1. 05.08.2018 20:08:32
  2. # 5
Posts: 185
Joined: 31.01.2017
0
Votes
Undo
Yes, just re-enable cPHulk and it will make Imunify360 disable ossec IDS.
  1. 28.11.2018 13:11:40
  2. # 6
Mauritz Accepted Answer
Do we know if this has been implemented in 3.8.x already?

This issue is killing us.
  1. 28.11.2018 14:11:44
  2. # 7
Posts: 185
Joined: 31.01.2017
0
Votes
Undo
Mauritz,

No, it is not there in 3.8.x. Please, re-enable cPHulk if your are sure it is Imunify360 IDS (ossec) that causing the issue.
  1. 13.02.2019 14:02:08
  2. # 8
Mauritz K Accepted Answer
Posts: 3
Joined: 03.08.2018
0
Votes
Undo
Hi,

Q4, 2018 has come and gone.

Is this still going to be implemented at some point?
  1. 18.02.2019 20:02:50
  2. # 9
Posts: 185
Joined: 31.01.2017
0
Votes
Undo
This might be implemented (no confirmed ETA as of now) as part of mail protocols' captcha - users will receive a custom response in their email agents with instructions how to unblock their IP. Another workaround can be to point a browser from an office IP to any http(s) website on the server and pass Imunify360 captcha - the office IP address will be added to Imunify360 whitelist upon that.
  • Page :
  • 1


There are no replies made for this post yet.
Be one of the first to reply to this post!
Guest
Submit Your Response
Upload files or images for this discussion by clicking on the upload button below. Supports gif,jpg,png,zip,rar,pdf
• Insert • Remove Upload Files (Maximum File Size: 2 MB)
Captcha
To protect the site from bots and unauthorized scripts, we require that you enter the captcha codes below before posting your question.