[Samba] check accounts for known bad passwords
L.P.H. van Belle
belle at bazuin.nl
Fri Jul 21 07:32:15 UTC 2017
Hai M-J,
Bit off topic for samba, but handy to know.
ah, yes, did not know that site, handy also.
I use iptables ipset geoip fail2ban and ufw combined.
Bit of these combined.
http://blog.jeshurun.ca/technology/block-countries-ubuntu-iptables-xtables-geoip
https://www.dghost.com/techno/internet/banning-an-entire-country-with-iptablesipset
https://tipstricks.itmatrix.eu/blocking-all-traffic-from-individual-countries-using-ipset-and-iptables/
My setup is as followed,
Ufw and geoip for country blocking and regular rules.
For example, Port 25/80/443 open for the world, all other are restricted to countries, (Where possible.)
Fail2ban monitor a service logs, abuse, > 1 day block. ( use ipset here )
Why 1 day, spammers often return within a day, so if they do that they exend the block a day.
The use of ipset, i do that here, because of the ammount of blocks i have.
Normaly, about 1500 ips are blocked daily, and its better to have this in ipset that iptables.
Its faster in the hash tables and can handle up to about 65k rules.
I do this for example on my mail relay/antispam.
Cpu load dropped about 20%, spam mail getting through dropped about 80%.
from 10k mails through the antispam back to about 1.5k.
Also due the good use of postfix/postscreen.
If you need more tips, you can pm me ;-)
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens mj via samba
> Verzonden: donderdag 20 juli 2017 17:23
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] check accounts for known bad passwords
>
> Hi,
>
> Yes it seems we are interesting.
>
> Following your advise, I have just started blocking whole
> countries, based on info found here:
>
> https://www.iplocation.net/
>
> (started with china, and now also Venezuela, the Korea's
> Sudan, Indonesie and India.
>
> That seems to help astonishingly good, thanks!
>
> MJ
>
> On 07/20/2017 04:19 PM, L.P.H. van Belle via samba wrote:
> > Hai M-J.
> >
> > Still under attack..,,
> >
> > A better thing maybe if possible for you..
> > Restrict imap/pop ports to only allow ips from netherlands
> through your firewall.
> >
> > Now, if they are comming from within you own country, which
> makes it much more easy for legal steps.
> >
> > Do you have one attacker ip for me, i'll do some checks.
> >
> > And i found this:
> > https://www.mylinuxplace.com/samba-password-complexity-check/
> > Just dont know if that wil work for you, you have to try it out.
> >
> >
> > Greetz,
> >
> > Louis
> >
> >
> >> -----Oorspronkelijk bericht-----
> >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> mj via samba
> >> Verzonden: donderdag 20 juli 2017 15:52
> >> Aan: samba
> >> Onderwerp: [Samba] check accounts for known bad passwords
> >>
> >> Hi,
> >>
> >> Des anyone know if a script of some sort or way to check my samba
> >> accounts for known bad passwords, such as "123321", "1q2w3e", and
> >> such?
> >>
> >> We are currently the target by a botnet, trying out those easy
> >> passwords on our imap server. While many (all?) of our users have
> >> good complex paswords, I am not 100% sure about
> >> *all* of them. If possible I'd like to disable their
> accounts, in the
> >> case of such bad passwords.
> >>
> >> It would be good if such a snippet would bypass the
> >> bad_password_count policies, etc, so that I could scan accounts
> >> without them becoming locked due to too many failed passwords.
> >>
> >> Anyone with an idea how to do this?
> >>
> >> MJ
> >>
> >> --
> >> To unsubscribe from this list go to the following URL and read the
> >> instructions: https://lists.samba.org/mailman/options/samba
> >>
> >
> >
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list