Facing Directory Harvest Attacks (DHA) - Seeking Solutions and Experiences
-
Hello everyone,
I'm facing what appears to be a large number of Directory Harvest Attacks (DHA) targeted at my MDaemon server. I've identified several IPs with an unusually high number of failed SMTP login attempts.
Symptoms:
High volume of SMTP connections with failed authentication.
Multiple IPs involved in the attack.
Log files indicating multiple "500 5.0.0 Unrecognized command" entries.Has anyone else experienced this type of issue?
Are there any built-in MDaemon features or third-party tools you'd recommend to mitigate this kind of attack more effectively?Thanks.
-
Arron Staff
You can use Location Screening to block authentication from countries where nobody should be trying to authenticate with your server.
https://help.mdaemon.com/MDaemon/en/screening_location-screening.html
You can use Dynamic Screening to monitor failed authentication attempts and block IPs and IP ranges that are being malicious. You can also automatically freeze accounts that may be vulnerable.
https://help.mdaemon.com/MDaemon/en/dynamic-screening_auth-failure-tracking.html
-
Hello Arron,
Thank you for the guidance on using Location and Dynamic Screening. I've implemented these solutions, and I'm happy to say the issue is now solved.
Much appreciated,
Winston