Re: [Samba] check accounts for known bad passwords
- Date: Fri, 21 Jul 2017 09:32:15 +0200
- From: "L.P.H. van Belle via samba" <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] check accounts for known bad passwords
Bit off topic for samba, but handy to know.
ah, yes, did not know that site, handy also.
I use iptables ipset geoip fail2ban and ufw combined.
Bit of these combined.
My setup is as followed,
Ufw and geoip for country blocking and regular rules.
For example, Port 25/80/443 open for the world, all other are restricted to countries, (Where possible.)
Fail2ban monitor a service logs, abuse, > 1 day block. ( use ipset here )
Why 1 day, spammers often return within a day, so if they do that they exend the block a day.
The use of ipset, i do that here, because of the ammount of blocks i have.
Normaly, about 1500 ips are blocked daily, and its better to have this in ipset that iptables.
Its faster in the hash tables and can handle up to about 65k rules.
I do this for example on my mail relay/antispam.
Cpu load dropped about 20%, spam mail getting through dropped about 80%.
from 10k mails through the antispam back to about 1.5k.
Also due the good use of postfix/postscreen.
If you need more tips, you can pm me ;-)
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] Namens mj via samba
> Verzonden: donderdag 20 juli 2017 17:23
> Aan: samba@xxxxxxxxxxxxxxx
> Onderwerp: Re: [Samba] check accounts for known bad passwords
> Yes it seems we are interesting.
> Following your advise, I have just started blocking whole
> countries, based on info found here:
> (started with china, and now also Venezuela, the Korea's
> Sudan, Indonesie and India.
> That seems to help astonishingly good, thanks!
> On 07/20/2017 04:19 PM, L.P.H. van Belle via samba wrote:
> > Hai M-J.
> > Still under attack..,,
> > A better thing maybe if possible for you..
> > Restrict imap/pop ports to only allow ips from netherlands
> through your firewall.
> > Now, if they are comming from within you own country, which
> makes it much more easy for legal steps.
> > Do you have one attacker ip for me, i'll do some checks.
> > And i found this:
> > https://www.mylinuxplace.com/samba-password-complexity-check/
> > Just dont know if that wil work for you, you have to try it out.
> > Greetz,
> > Louis
> >> -----Oorspronkelijk bericht-----
> >> Van: samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] Namens
> mj via samba
> >> Verzonden: donderdag 20 juli 2017 15:52
> >> Aan: samba
> >> Onderwerp: [Samba] check accounts for known bad passwords
> >> Hi,
> >> Des anyone know if a script of some sort or way to check my samba
> >> accounts for known bad passwords, such as "123321", "1q2w3e", and
> >> such?
> >> We are currently the target by a botnet, trying out those easy
> >> passwords on our imap server. While many (all?) of our users have
> >> good complex paswords, I am not 100% sure about
> >> *all* of them. If possible I'd like to disable their
> accounts, in the
> >> case of such bad passwords.
> >> It would be good if such a snippet would bypass the
> >> bad_password_count policies, etc, so that I could scan accounts
> >> without them becoming locked due to too many failed passwords.
> >> Anyone with an idea how to do this?
> >> MJ
> >> --
> >> To unsubscribe from this list go to the following URL and read the
> >> instructions: https://lists.samba.org/mailman/options/samba
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
To unsubscribe from this list go to the following URL and read the