[Samba] check accounts for known bad passwords

mj lists at merit.unu.edu
Thu Jul 20 15:23:16 UTC 2017


Yes it seems we are interesting.

Following your advise, I have just started blocking whole countries, 
based on info found here:


(started with china, and now also Venezuela, the Korea's Sudan, 
Indonesie and India.

That seems to help astonishingly good, thanks!


On 07/20/2017 04:19 PM, L.P.H. van Belle via samba wrote:
> Hai M-J.
> Still under attack..,,
> A better thing maybe if possible for you..
> Restrict imap/pop ports to only allow ips from netherlands through your firewall.
> Now, if they are comming from within you own country, which makes it much more easy for legal steps.
> Do you have one attacker ip for me, i'll do some checks.
> And i found this:
> https://www.mylinuxplace.com/samba-password-complexity-check/
> Just dont know if that wil work for you, you have to try it out.
> Greetz,
> Louis
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens mj via samba
>> Verzonden: donderdag 20 juli 2017 15:52
>> Aan: samba
>> Onderwerp: [Samba] check accounts for known bad passwords
>> Hi,
>> Des anyone know if a script of some sort or way to check my
>> samba accounts for known bad passwords, such as "123321",
>> "1q2w3e", and such?
>> We are currently the target by a botnet, trying out those
>> easy passwords on our imap server. While many (all?) of our
>> users have good complex paswords, I am not 100% sure about
>> *all* of them. If possible I'd like to disable their
>> accounts, in the case of such bad passwords.
>> It would be good if such a snippet would bypass the
>> bad_password_count policies, etc, so that I could scan
>> accounts without them becoming locked due to too many failed
>> passwords.
>> Anyone with an idea how to do this?
>> MJ
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list