High Server Load from checkpassword-reply
Hello All,
I keep getting high server load and when i do top -c i see lots of /usr/local/cpanel/bin/dovecot-wrap /usr/libexec/dovecot/checkpassword-reply
Sometimes as much as over processes of /usr/local/cpanel/bin/dovecot-wrap /usr/libexec/dovecot/checkpassword-reply
What is causing this and how can i stop it.
-
It seems you are being attacked, I would recommend installing CSF+LFD and configure the LF_ settings to try to mitigate the attack, you can download CSF by using the following link, ConfigServer Security & Firewall (csf) 0 -
I already have CSF+LFD installed but i am still still getting lots of /usr/local/cpanel/bin/dovecot-wrap /usr/libexec/dovecot/checkpassword-reply. What settings do i need to adjust 0 -
Make sure LFD is up and running. LF settings to check are, LF_SMTPAUTH LF_DISTATTACK LF_DISTSMTP LF_DISTSMTP_UNIQ LF_DISTSMTP_PERM LF_SMTPAUTH LF_SMTPAUTH_PERM LF_IMAPD LF_IMAPD_PERM LF_POP3D LF_POP3D_PERM 0 -
Hello, First you have to check connection on the server using netstat command. If there is too many connection from particulars IPs then you have to blocked those IP. Also, You may need to consult with a qualified system administrator or your data center to check this as CSF is helpful, but it won't always prevent any and all attacks. 0 -
Hello, The following command is helpful if you want to track the number of login attempts on the Dovecot service: grep 'Login: user' /var/log/maillog | awk '{print "("$1" "$2")"}' | uniq -c
Excessive number of login attempts typically suggests a brute force attack, and the solutions offered in the previous posts should help. Note that internal case CPANEL-11098 is open report occurrences where a high load is generated from /usr/libexec/dovecot/checkpassword-reply when a server is under a brute force attack. I'll update this thread with more information on the status of this case as it becomes available, however the recommended solution at this point is to block the brute force attack itself. Thank you.0
Please sign in to leave a comment.
Comments
5 comments