View previous topic :: View next topic |
Author |
Message |
rasc
Joined: 11 Oct 2009 Posts: 95
|
Posted: Wed Mar 09, 2011 3:58 am Post subject: [HowTo] check text (log) file for growth? |
|
|
Hi all,
hope one of you got an idea how to solve DOS attacks against our mail server (using HostMon)*.
I liked to watch the log file and if it grows for more than X [lines | kB] per time get alarmed.
How would I achieve that in HM?
Thanks, Rasc
*The issue is: Every other week any 'malicious person' tries to spy out usernames/passwords of local POP3 accounts.
After enough attacks the server crashes.
Unfortunately the log (plain text log file) is pretty bad/unusable. A typical login looks like
Connection from 1.2.3.4, Wed Mar 09 10:17:06 2011
User Fred, (2) 0 messages, 0 bytes
0 sec. elapsed, connection closed Wed Mar 09 10:17:06 2011
and a typical attack like this:
Connection from 178.239.83.1, Wed Mar 09 10:15:17 2011
1 sec. elapsed, connection closed Wed Mar 09 10:15:18 2011 |
|
Back to top |
|
|
KS-Soft Europe
Joined: 16 May 2006 Posts: 2832
|
|
Back to top |
|
|
rasc
Joined: 11 Oct 2009 Posts: 95
|
Posted: Wed Mar 09, 2011 11:27 am Post subject: |
|
|
Thank you very much for your suggestion. Works like a charm! |
|
Back to top |
|
|
rasc
Joined: 11 Oct 2009 Posts: 95
|
Posted: Wed Mar 09, 2011 9:23 pm Post subject: |
|
|
...really works like a charm!
Had to get up tonight at 02:40 am and 4:10 am because POP3 and IMAP were attacked. But that's much better than 30min server downtime
Thanks again! |
|
Back to top |
|
|
KS-Soft
Joined: 03 Apr 2002 Posts: 12795 Location: USA
|
Posted: Thu Mar 10, 2011 10:39 am Post subject: |
|
|
You are welcome
Regards
Alex |
|
Back to top |
|
|
|