Switching Off Port 993 - Is Anyone Using It?
I'm getting pounded by distributed attacks on imap port 993. I've used ConfigServer Firewall to lock down access to only the EU, US, Aus and Canada which has helped but the country source of the attacks now has migrated with my rule change.
I'm pretty sure none of my users use 993 so I could just switch it off but I'd like to be sure.
Where can I view or monitor successful connections to 993 by legitimate users so I can see that there are none, or see who's using it and talk them into using POP instead?
TY!
-
IMAP SSL uses port 993 How to Configure Your Firewall for cPanel Services - cPanel Knowledge Base - cPanel Documentation 0 -
I know how to configure the firewall - I know how to block port 993... I want to know if any of my server users are using it and if so which. Is there a way to do that? 0 -
See this post on StackExchange superuser.com/questions/604998/monitor-tcp-traffic-on-specific-port/848966#848966 - you could probably modify it to suit your needs 0 -
If none of your users is connecting to the server using IMAP securely then there really should be no issues with filtering the port, though I wouldn't recommend this course of action, in the event one your users would like to at some point. Thanks! 0 -
I don't know if any of them are - I want to monitor the port for successful logins so I can find out. I would ask them all but none of my clients know the difference between imap and pop3 I don't suspect. 0 -
The suggestions provided by @rpvw might be best to observe that behavior then. Just modify the dport line to reflect 993 and the --log-prefix to something that reflects what you're doing "993 logins" or similar. 0
Please sign in to leave a comment.
Comments
6 comments