[imp] Block IP

Filipe Azevedo fazevedo at netmadeira.com
Fri Mar 27 10:23:31 UTC 2009


    I had the same issue, so I ended up developing a script to run 
through the logs and match failed logins from the same IP during a given 
time period. Whenever an IP address failed over a given amount of 
logins, the script would generate a .htaccess file, thus preventing the 
IP from accessing the site.

    Note that this is just the basic concept of this mechanism, it would 
be advisable to implement some kind of history and unblock mechanism, 
because the thresholds will end up failing one way or another.
Best regards,

Filipe Azevedo

Jacky Chan wrote:
> Hi all,
> I am wondering whether Horde-IMP has this function for security concerns.
> I used IMP as Horde authentication application.
> But I logged there are plenty login failure record generated for IMP.
> And the username is obivously generated from dictionary.
> And the login retry period is so short from one IP that seems to be machine
> generated.
> That let me believe that I was under dictionary attack.
> I would like to ask IMP or Horde can deny the IP when number of login
> failure over certain limit in short range? Or Horde/IMP doesn't handle,
> please give me hints on this from third party.
> Thanks.
> Regards,
> Jacky

More information about the imp mailing list