[BlueOnyx:00296] dfix.sh Update
Greg Kuhnert
greg.kuhnert at theanchoragesylvania.com
Mon Jan 19 06:52:19 -05 2009
Hi Blue*
After the recent dovecot update, I noticed a log format change to the
dovecot log files. Theoretically, the reason for running dfix is now
gone. The old system lockups when our servers are subjected to brute
force attacks to dovecot appear to be fixed with the current dovecot rpm.
However, preventing system lockups is not the only reason to run dfix.
Brute force attacks are designed to find bad or weak passwords. dfix
will detect these attacks and temporarily black-list the attacker's IP
address.
Another new feature in the current version is the ability to detect http
rfi (Remote File Include) attackers. If you upgrade to this version of
dfix, you may be surprised just how many people are attempting to attack
your websites.
An explanation of RFI exploits can be found at
http://en.wikipedia.org/wiki/Remote_File_Inclusion
Anyway, the code for dfix is as always available at
http://www.gregkuhnert.com/public:bq:dfix
I plan to release another update soon - to cleanup the code.... till
then, enjoy this version.
Regards,
Greg.
More information about the Blueonyx
mailing list