Huge increase of Dovecot Brute Force
Anyone else getting bruteforce notices against dovecot? I am up to about 1 per 3 minute. Its coming from a botnet, so no way for me to just block a single IP. There is only a minor mention of a timing vulnerability that i can find online. Is cPanel folks aware of this, or have any suggestions to ensure the bruteforce doesn't lead to a successful comprimise?
-
Yep. I have noticed the same activity from IP's all over the world trying to brute force Dovecot credentials. There must be an exploit in the wild. Have not seen any notice from Cpanel about this issue. 0 -
I have a link to what may be a known exploit (nothing I discovered), though its a few weeks old at this point, so the attempts may just be residual at this point. I'm going to send the cPanel folks a support ticket with it. 0 -
I have a link to what may be a known exploit (nothing I discovered), though its a few weeks old at this point, so the attempts may just be residual at this point. I'm going to send the cPanel folks a support ticket with it.
Hello, Internal case CPANEL-12790 was opened to inquire about that specific vulnerability. We'll update the version of Dovecot offered through cPanel with any security-related patches once Dovecot publishes them upstream. In addition to using ConfigServer Security & Firewall (csf) Thank you.0 -
Already use CPHulk and CSF, yet we are getting hundreds of Dovecot brute forces attempts (mostly from China and dubious EU server farms). We have black listed those IP ranges yet new ones keep popping up. We don't use any server side email so it's a wasted attempt on their part. So that leads me to believe there is an exploit out there. 0 -
Hey , Any update on this yet ? 0 -
Hey , Any update on this yet ?
Hello, The particular vulnerability referenced earlier in this thread is addressed by Dovecot in : Implemented case CPANEL-14248: Update dovecot to 2.2.31-1.cp1162.0
Please sign in to leave a comment.
Comments
6 comments