Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Webmail attack
  •  
keywerks

Messages: 73
Karma: -2
Send a private message to this user
Hi all

In the last few days our Mailserver becomes a victim of a hacker attack. Someone sends useless requests to port 80 every second the whole day long. This attack produces an additional traffic of about 4 GB a day. After switching the standard webmail port to another higher port, the attack ended. Unfortunately we weren't able to identify the sender ip nor define a corresponding ipfw ruleset.

Because of being more comfortable for our clients, we would like to switch back to port 80, but we can not do this without securing the server.

Does anybody can help us defining an ipfw ruleset to prevent such an attack?

Thanks a lot,
Wolfgang

[Updated on: Thu, 22 March 2007 11:06]


*************************************
PHPStar - the missing gear in your web engine
Visit http://phpstar.keywerks.de
*************************************
  •  
My IT Indy

Messages: 1262
Karma: 40
Send a private message to this user
I hate to say this, but port 80 is not a secure port. You really should be using HTTPS, which is port 443 instead. If you go back to port 80, that hacking attempt could grab a password and then use your mail server as a relay.

[Updated on: Thu, 22 March 2007 11:26]


-
My IT Indy
Kerio Certified Reseller and Hosted Provider
http://www.myitindy.com
  •  
freakinvibe

Messages: 1552
Karma: 62
Send a private message to this user
You should be able to find out the IP address of the attacker through the debug log (enable web). If it is coming from a single IP address or address range, you could block port 80 for this address.

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
mdhmi

Messages: 62
Karma: 0
Send a private message to this user
I'd block all incoming traffic from the hackers IP on your firewalls and disable http via Kerio. What is wrong with only using https? I don't have http enabled on my customer sites.
  •  
-nob-

Messages: 25
Karma: 0
Send a private message to this user
Yes, changing to https is a fast action to stop the attack without having hassle...
Previous Topic: More Spam
Next Topic: Mettings with outlook connector and outlook 2007
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sat Nov 18 19:02:21 CET 2017

Total time taken to generate the page: 0.00446 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.