Email Account under attack (really) - anything I can do?When secure email, is not really secureSpam Mail -...
How to find program name(s) of an installed package?
Approximately how much travel time was saved by the opening of the Suez Canal in 1869?
A newer friend of my brother's gave him a load of baseball cards that are supposedly extremely valuable. Is this a scam?
Service Entrance Breakers Rain Shield
How to say job offer in Mandarin/Cantonese?
strToHex ( string to its hex representation as string)
Why not use SQL instead of GraphQL?
Mathematical cryptic clues
What typically incentivizes a professor to change jobs to a lower ranking university?
Why are 150k or 200k jobs considered good when there are 300k+ births a month?
To string or not to string
I’m planning on buying a laser printer but concerned about the life cycle of toner in the machine
Problem of parity - Can we draw a closed path made up of 20 line segments...
Can I make popcorn with any corn?
What do the dots in this tr command do: tr .............A-Z A-ZA-Z <<< "JVPQBOV" (with 13 dots)
Is it unprofessional to ask if a job posting on GlassDoor is real?
Python: next in for loop
Do I have a twin with permutated remainders?
What does "Puller Prush Person" mean?
"You are your self first supporter", a more proper way to say it
Dragon forelimb placement
How much RAM could one put in a typical 80386 setup?
Minkowski space
Which models of the Boeing 737 are still in production?
Email Account under attack (really) - anything I can do?
When secure email, is not really secureSpam Mail - have someone broke in to my shared hosting account?Could someone stop another from accessing their own online account?Can/do botnets brute force “high value” users of services like Gmail?Hijacked Aol Email Account - Lack of security?Sending password reset links in emailIs there more of a security risk by providing an email when creating a new account?How viable is MITM interception of email, really?Email really sent or not?A safer way to read emails on Android devices
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}
Over the last week, there is a constant barrage of authentication failures to my email account from a variety of ip addresses - usually in blocks of exactly 575 attempts.
My password is as strong as a password can be so the chance of brute force winning is infinitesimal. However as a result of the authentication failures, my hosting provider keeps locking the email account.
Is there anything I can do (or that I can ask my hosting provider to do), or am I just screwed until the botnet moves on? Anyone with similar experience who can comment on whether I can expect this to ever end?
email botnet
asked 13 hours ago
clemdiaclemdia
715
New contributor
clemdia is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
Over the last week, there is a constant barrage of authentication failures to my email account from a variety of ip addresses - usually in blocks of exactly 575 attempts.
My password is as strong as a password can be so the chance of brute force winning is infinitesimal. However as a result of the authentication failures, my hosting provider keeps locking the email account.
Is there anything I can do (or that I can ask my hosting provider to do), or am I just screwed until the botnet moves on? Anyone with similar experience who can comment on whether I can expect this to ever end?
email botnet
asked 13 hours ago
clemdiaclemdia
715
New contributor
clemdia is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
10
Ask your email provider to make a change, that's the only options. In the meantime, open a new account and forward all emails to your new account so that you are still functional?
– schroeder♦
13 hours ago
1
Are you using one of the big email providers (Gmail, etc) or something smaller?
– Anders
11 hours ago
If you're using Gmail, you might try setting up a second account and granting it delegate access. That might at least allow you to check your e-mail when the account gets locked, if Gmail doesn't also block delegates when locking.
– jpmc26
8 hours ago
1
Get a better provider that isn't so vulnerable to this kind of trivial DoS?
– Nate Eldredge
5 hours ago
Maybe another account is under attack (Bank? Facebook? Income tax refund? Domain in your possession?), and they are taking out your email so you don't get notified.
– jww
4 hours ago
add a comment |
Over the last week, there is a constant barrage of authentication failures to my email account from a variety of ip addresses - usually in blocks of exactly 575 attempts.
My password is as strong as a password can be so the chance of brute force winning is infinitesimal. However as a result of the authentication failures, my hosting provider keeps locking the email account.
Is there anything I can do (or that I can ask my hosting provider to do), or am I just screwed until the botnet moves on? Anyone with similar experience who can comment on whether I can expect this to ever end?
email botnet
asked 13 hours ago
clemdiaclemdia
715
New contributor
clemdia is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Over the last week, there is a constant barrage of authentication failures to my email account from a variety of ip addresses - usually in blocks of exactly 575 attempts.
My password is as strong as a password can be so the chance of brute force winning is infinitesimal. However as a result of the authentication failures, my hosting provider keeps locking the email account.
Is there anything I can do (or that I can ask my hosting provider to do), or am I just screwed until the botnet moves on? Anyone with similar experience who can comment on whether I can expect this to ever end?
email botnet
email botnet
asked 13 hours ago
clemdiaclemdia
715
New contributor
clemdia is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 13 hours ago
clemdiaclemdia
715
New contributor
clemdia is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 13 hours ago
clemdiaclemdia
715
New contributor
clemdia is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 13 hours ago
clemdiaclemdia
715
asked 13 hours ago
clemdiaclemdia
715
715
New contributor
clemdia is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
clemdia is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
clemdia is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
10
Ask your email provider to make a change, that's the only options. In the meantime, open a new account and forward all emails to your new account so that you are still functional?
– schroeder♦
13 hours ago
1
Are you using one of the big email providers (Gmail, etc) or something smaller?
– Anders
11 hours ago
If you're using Gmail, you might try setting up a second account and granting it delegate access. That might at least allow you to check your e-mail when the account gets locked, if Gmail doesn't also block delegates when locking.
– jpmc26
8 hours ago
1
Get a better provider that isn't so vulnerable to this kind of trivial DoS?
– Nate Eldredge
5 hours ago
Maybe another account is under attack (Bank? Facebook? Income tax refund? Domain in your possession?), and they are taking out your email so you don't get notified.
– jww
4 hours ago
add a comment |
10
Ask your email provider to make a change, that's the only options. In the meantime, open a new account and forward all emails to your new account so that you are still functional?
– schroeder♦
13 hours ago
1
Are you using one of the big email providers (Gmail, etc) or something smaller?
– Anders
11 hours ago
If you're using Gmail, you might try setting up a second account and granting it delegate access. That might at least allow you to check your e-mail when the account gets locked, if Gmail doesn't also block delegates when locking.
– jpmc26
8 hours ago
1
Get a better provider that isn't so vulnerable to this kind of trivial DoS?
– Nate Eldredge
5 hours ago
Maybe another account is under attack (Bank? Facebook? Income tax refund? Domain in your possession?), and they are taking out your email so you don't get notified.
– jww
4 hours ago
10
10
Ask your email provider to make a change, that's the only options. In the meantime, open a new account and forward all emails to your new account so that you are still functional?
– schroeder♦
13 hours ago
Ask your email provider to make a change, that's the only options. In the meantime, open a new account and forward all emails to your new account so that you are still functional?
– schroeder♦
13 hours ago
1
1
Are you using one of the big email providers (Gmail, etc) or something smaller?
– Anders
11 hours ago
Are you using one of the big email providers (Gmail, etc) or something smaller?
– Anders
11 hours ago
If you're using Gmail, you might try setting up a second account and granting it delegate access. That might at least allow you to check your e-mail when the account gets locked, if Gmail doesn't also block delegates when locking.
– jpmc26
8 hours ago
If you're using Gmail, you might try setting up a second account and granting it delegate access. That might at least allow you to check your e-mail when the account gets locked, if Gmail doesn't also block delegates when locking.
– jpmc26
8 hours ago
1
1
Get a better provider that isn't so vulnerable to this kind of trivial DoS?
– Nate Eldredge
5 hours ago
Get a better provider that isn't so vulnerable to this kind of trivial DoS?
– Nate Eldredge
5 hours ago
Maybe another account is under attack (Bank? Facebook? Income tax refund? Domain in your possession?), and they are taking out your email so you don't get notified.
– jww
4 hours ago
Maybe another account is under attack (Bank? Facebook? Income tax refund? Domain in your possession?), and they are taking out your email so you don't get notified.
– jww
4 hours ago
add a comment |
4 Answers
4
active
oldest
votes
A few thoughts:
- Usually my first recommendation would be to pick an extremely strong password. But you allready got that covered.
- If there is two factor authentication available, turn it on. If you are lucky, it might make you an unattractive target and cause the attacker to move on.
- If the account lock out doesn't affect other methods of reading your mail, like via IMAP, you could switch to that to maintain access. (To be honest, I don't know much about the security of IMAP, so you might want to consider that before turning it on.)
- Forwarding the mail somewhere else will also ensure that you can read it even if your account is locked.
- Finally, you can try contacting your email provider. I think your best bet here is to just describe the problem to them, and ask what they can do to help you.
answered 11 hours ago
AndersAnders
50k22143166
3
Would 2FA really help? The second factor isn't usually attemped until after a correct password is entered, and the attacker will never get that far.
– Barmar
10 hours ago
What makes you think he's not already using IMAP?
– Barmar
9 hours ago
@Barmar I say "if you are lucky" for a reason. If the attacker, either a human or a bot, can detect that 2FA is on, it might give up. Or not. At least it don't hurt.
– Anders
9 hours ago
2
@Barmar If the attacker's script isn't written to try to enter anything on the second factor, it might prevent the lock out. Worth a try at least.
– jpmc26
8 hours ago
2
I think most 2FA systems don't prompt for the second factor until after you successfully pass the first.
– Barmar
7 hours ago
|
show 1 more comment
No. That's pretty much the background noise of being on the internet.
From a random server I have with e-mail:
$ sudo grep -c "auth failed" /var/log/mail.log
1109
That's today. It's with fail2ban blocking more than five attempts from the same IP.
answered 11 hours ago
vidarlovidarlo
3,604723
2
This is not the same thing. He is referring to one specific account, not the complete authentication log for a mailserver. This is attempts at one specific user.
– John Keates
7 hours ago
True it is my account specifically - but I think vidario has it right in a general sense. My hosting company recently updated their implementation of csf, and I wonder if it’s too strict - I’ve been wondering if the attacks are nothing new - just a new policy of locking account after “x failed attempts in y minutes”...
– clemdia
41 mins ago
add a comment |
Yeah, it's pretty easy to have your official email address forward your emails to a new "burner" email account. Then in the new email account setup, you set your From: field to your official email address. That way mails go out like this.
From: account-I-always-had@oldserver.com
Subject: Re: so-and-so
In-Reply-To: <4735813474834434634@theirmail.com>
Sender: burneraccount@newserver.com
Or something like that.
Anyway, that lets you keep your identity at the official email address. The attacks on the login server are irrelevant to receiving and forwarding email.
As is evident from the above, your new email address may be obvious from headers so don't set up an autoresponder. Only correspond with people you trust. If this burner email account comes under attack, trash this burner account, setup another one, and tell the official email server to forward to the new burner.
Then, research who you sent mail to in the last 2 days to the last burner account. One of them compromised it. Use one tactic or another to trick them into attacking this or another burner account, that lets you distinguish who exactly did it.
answered 9 hours ago
HarperHarper
2,060413
Or if possible, change username to be different from the address. This way you reply from the same address and have the same mailbox, but prevent account lockout.
– Esa Jokinen
30 mins ago
add a comment |
You can set a firewall before your server and with right configuration you can reduce brute force attempts.
You try with your MTA configuration, an example can be Postfix:
smtpd_client_restrictions =
permit_sasl_authenticated,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client sbl-xbl.spamhaus.org,
permit permit_mynetworks,
permit_inet_interfaces,
answered 38 mins ago
MirsadMirsad
6,70352348
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "162"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
clemdia is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f206923%2femail-account-under-attack-really-anything-i-can-do%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
4 Answers
4
active
oldest
votes
4 Answers
4
active
oldest
votes
active
oldest
votes
active
oldest
votes
A few thoughts:
- Usually my first recommendation would be to pick an extremely strong password. But you allready got that covered.
- If there is two factor authentication available, turn it on. If you are lucky, it might make you an unattractive target and cause the attacker to move on.
- If the account lock out doesn't affect other methods of reading your mail, like via IMAP, you could switch to that to maintain access. (To be honest, I don't know much about the security of IMAP, so you might want to consider that before turning it on.)
- Forwarding the mail somewhere else will also ensure that you can read it even if your account is locked.
- Finally, you can try contacting your email provider. I think your best bet here is to just describe the problem to them, and ask what they can do to help you.
answered 11 hours ago
AndersAnders
50k22143166
3
Would 2FA really help? The second factor isn't usually attemped until after a correct password is entered, and the attacker will never get that far.
– Barmar
10 hours ago
What makes you think he's not already using IMAP?
– Barmar
9 hours ago
@Barmar I say "if you are lucky" for a reason. If the attacker, either a human or a bot, can detect that 2FA is on, it might give up. Or not. At least it don't hurt.
– Anders
9 hours ago
2
@Barmar If the attacker's script isn't written to try to enter anything on the second factor, it might prevent the lock out. Worth a try at least.
– jpmc26
8 hours ago
2
I think most 2FA systems don't prompt for the second factor until after you successfully pass the first.
– Barmar
7 hours ago
|
show 1 more comment
A few thoughts:
- Usually my first recommendation would be to pick an extremely strong password. But you allready got that covered.
- If there is two factor authentication available, turn it on. If you are lucky, it might make you an unattractive target and cause the attacker to move on.
- If the account lock out doesn't affect other methods of reading your mail, like via IMAP, you could switch to that to maintain access. (To be honest, I don't know much about the security of IMAP, so you might want to consider that before turning it on.)
- Forwarding the mail somewhere else will also ensure that you can read it even if your account is locked.
- Finally, you can try contacting your email provider. I think your best bet here is to just describe the problem to them, and ask what they can do to help you.
answered 11 hours ago
AndersAnders
50k22143166
3
Would 2FA really help? The second factor isn't usually attemped until after a correct password is entered, and the attacker will never get that far.
– Barmar
10 hours ago
What makes you think he's not already using IMAP?
– Barmar
9 hours ago
@Barmar I say "if you are lucky" for a reason. If the attacker, either a human or a bot, can detect that 2FA is on, it might give up. Or not. At least it don't hurt.
– Anders
9 hours ago
2
@Barmar If the attacker's script isn't written to try to enter anything on the second factor, it might prevent the lock out. Worth a try at least.
– jpmc26
8 hours ago
2
I think most 2FA systems don't prompt for the second factor until after you successfully pass the first.
– Barmar
7 hours ago
|
show 1 more comment
A few thoughts:
- Usually my first recommendation would be to pick an extremely strong password. But you allready got that covered.
- If there is two factor authentication available, turn it on. If you are lucky, it might make you an unattractive target and cause the attacker to move on.
- If the account lock out doesn't affect other methods of reading your mail, like via IMAP, you could switch to that to maintain access. (To be honest, I don't know much about the security of IMAP, so you might want to consider that before turning it on.)
- Forwarding the mail somewhere else will also ensure that you can read it even if your account is locked.
- Finally, you can try contacting your email provider. I think your best bet here is to just describe the problem to them, and ask what they can do to help you.
answered 11 hours ago
AndersAnders
50k22143166
A few thoughts:
- Usually my first recommendation would be to pick an extremely strong password. But you allready got that covered.
- If there is two factor authentication available, turn it on. If you are lucky, it might make you an unattractive target and cause the attacker to move on.
- If the account lock out doesn't affect other methods of reading your mail, like via IMAP, you could switch to that to maintain access. (To be honest, I don't know much about the security of IMAP, so you might want to consider that before turning it on.)
- Forwarding the mail somewhere else will also ensure that you can read it even if your account is locked.
- Finally, you can try contacting your email provider. I think your best bet here is to just describe the problem to them, and ask what they can do to help you.
answered 11 hours ago
AndersAnders
50k22143166
answered 11 hours ago
AndersAnders
50k22143166
answered 11 hours ago
AndersAnders
50k22143166
answered 11 hours ago
AndersAnders
50k22143166
50k22143166
3
Would 2FA really help? The second factor isn't usually attemped until after a correct password is entered, and the attacker will never get that far.
– Barmar
10 hours ago
What makes you think he's not already using IMAP?
– Barmar
9 hours ago
@Barmar I say "if you are lucky" for a reason. If the attacker, either a human or a bot, can detect that 2FA is on, it might give up. Or not. At least it don't hurt.
– Anders
9 hours ago
2
@Barmar If the attacker's script isn't written to try to enter anything on the second factor, it might prevent the lock out. Worth a try at least.
– jpmc26
8 hours ago
2
I think most 2FA systems don't prompt for the second factor until after you successfully pass the first.
– Barmar
7 hours ago
|
show 1 more comment
3
Would 2FA really help? The second factor isn't usually attemped until after a correct password is entered, and the attacker will never get that far.
– Barmar
10 hours ago
What makes you think he's not already using IMAP?
– Barmar
9 hours ago
@Barmar I say "if you are lucky" for a reason. If the attacker, either a human or a bot, can detect that 2FA is on, it might give up. Or not. At least it don't hurt.
– Anders
9 hours ago
2
@Barmar If the attacker's script isn't written to try to enter anything on the second factor, it might prevent the lock out. Worth a try at least.
– jpmc26
8 hours ago
2
I think most 2FA systems don't prompt for the second factor until after you successfully pass the first.
– Barmar
7 hours ago
3
3
Would 2FA really help? The second factor isn't usually attemped until after a correct password is entered, and the attacker will never get that far.
– Barmar
10 hours ago
Would 2FA really help? The second factor isn't usually attemped until after a correct password is entered, and the attacker will never get that far.
– Barmar
10 hours ago
What makes you think he's not already using IMAP?
– Barmar
9 hours ago
What makes you think he's not already using IMAP?
– Barmar
9 hours ago
@Barmar I say "if you are lucky" for a reason. If the attacker, either a human or a bot, can detect that 2FA is on, it might give up. Or not. At least it don't hurt.
– Anders
9 hours ago
@Barmar I say "if you are lucky" for a reason. If the attacker, either a human or a bot, can detect that 2FA is on, it might give up. Or not. At least it don't hurt.
– Anders
9 hours ago
2
2
@Barmar If the attacker's script isn't written to try to enter anything on the second factor, it might prevent the lock out. Worth a try at least.
– jpmc26
8 hours ago
@Barmar If the attacker's script isn't written to try to enter anything on the second factor, it might prevent the lock out. Worth a try at least.
– jpmc26
8 hours ago
2
2
I think most 2FA systems don't prompt for the second factor until after you successfully pass the first.
– Barmar
7 hours ago
I think most 2FA systems don't prompt for the second factor until after you successfully pass the first.
– Barmar
7 hours ago
|
show 1 more comment
No. That's pretty much the background noise of being on the internet.
From a random server I have with e-mail:
$ sudo grep -c "auth failed" /var/log/mail.log
1109
That's today. It's with fail2ban blocking more than five attempts from the same IP.
answered 11 hours ago
vidarlovidarlo
3,604723
2
This is not the same thing. He is referring to one specific account, not the complete authentication log for a mailserver. This is attempts at one specific user.
– John Keates
7 hours ago
True it is my account specifically - but I think vidario has it right in a general sense. My hosting company recently updated their implementation of csf, and I wonder if it’s too strict - I’ve been wondering if the attacks are nothing new - just a new policy of locking account after “x failed attempts in y minutes”...
– clemdia
41 mins ago
add a comment |
No. That's pretty much the background noise of being on the internet.
From a random server I have with e-mail:
$ sudo grep -c "auth failed" /var/log/mail.log
1109
That's today. It's with fail2ban blocking more than five attempts from the same IP.
answered 11 hours ago
vidarlovidarlo
3,604723
2
This is not the same thing. He is referring to one specific account, not the complete authentication log for a mailserver. This is attempts at one specific user.
– John Keates
7 hours ago
True it is my account specifically - but I think vidario has it right in a general sense. My hosting company recently updated their implementation of csf, and I wonder if it’s too strict - I’ve been wondering if the attacks are nothing new - just a new policy of locking account after “x failed attempts in y minutes”...
– clemdia
41 mins ago
add a comment |
No. That's pretty much the background noise of being on the internet.
From a random server I have with e-mail:
$ sudo grep -c "auth failed" /var/log/mail.log
1109
That's today. It's with fail2ban blocking more than five attempts from the same IP.
answered 11 hours ago
vidarlovidarlo
3,604723
No. That's pretty much the background noise of being on the internet.
From a random server I have with e-mail:
$ sudo grep -c "auth failed" /var/log/mail.log
1109
That's today. It's with fail2ban blocking more than five attempts from the same IP.
answered 11 hours ago
vidarlovidarlo
3,604723
answered 11 hours ago
vidarlovidarlo
3,604723
answered 11 hours ago
vidarlovidarlo
3,604723
answered 11 hours ago
vidarlovidarlo
3,604723
3,604723
2
This is not the same thing. He is referring to one specific account, not the complete authentication log for a mailserver. This is attempts at one specific user.
– John Keates
7 hours ago
True it is my account specifically - but I think vidario has it right in a general sense. My hosting company recently updated their implementation of csf, and I wonder if it’s too strict - I’ve been wondering if the attacks are nothing new - just a new policy of locking account after “x failed attempts in y minutes”...
– clemdia
41 mins ago
add a comment |
2
This is not the same thing. He is referring to one specific account, not the complete authentication log for a mailserver. This is attempts at one specific user.
– John Keates
7 hours ago
True it is my account specifically - but I think vidario has it right in a general sense. My hosting company recently updated their implementation of csf, and I wonder if it’s too strict - I’ve been wondering if the attacks are nothing new - just a new policy of locking account after “x failed attempts in y minutes”...
– clemdia
41 mins ago
2
2
This is not the same thing. He is referring to one specific account, not the complete authentication log for a mailserver. This is attempts at one specific user.
– John Keates
7 hours ago
This is not the same thing. He is referring to one specific account, not the complete authentication log for a mailserver. This is attempts at one specific user.
– John Keates
7 hours ago
True it is my account specifically - but I think vidario has it right in a general sense. My hosting company recently updated their implementation of csf, and I wonder if it’s too strict - I’ve been wondering if the attacks are nothing new - just a new policy of locking account after “x failed attempts in y minutes”...
– clemdia
41 mins ago
True it is my account specifically - but I think vidario has it right in a general sense. My hosting company recently updated their implementation of csf, and I wonder if it’s too strict - I’ve been wondering if the attacks are nothing new - just a new policy of locking account after “x failed attempts in y minutes”...
– clemdia
41 mins ago
add a comment |
Yeah, it's pretty easy to have your official email address forward your emails to a new "burner" email account. Then in the new email account setup, you set your From: field to your official email address. That way mails go out like this.
From: account-I-always-had@oldserver.com
Subject: Re: so-and-so
In-Reply-To: <4735813474834434634@theirmail.com>
Sender: burneraccount@newserver.com
Or something like that.
Anyway, that lets you keep your identity at the official email address. The attacks on the login server are irrelevant to receiving and forwarding email.
As is evident from the above, your new email address may be obvious from headers so don't set up an autoresponder. Only correspond with people you trust. If this burner email account comes under attack, trash this burner account, setup another one, and tell the official email server to forward to the new burner.
Then, research who you sent mail to in the last 2 days to the last burner account. One of them compromised it. Use one tactic or another to trick them into attacking this or another burner account, that lets you distinguish who exactly did it.
answered 9 hours ago
HarperHarper
2,060413
Or if possible, change username to be different from the address. This way you reply from the same address and have the same mailbox, but prevent account lockout.
– Esa Jokinen
30 mins ago
add a comment |
Yeah, it's pretty easy to have your official email address forward your emails to a new "burner" email account. Then in the new email account setup, you set your From: field to your official email address. That way mails go out like this.
From: account-I-always-had@oldserver.com
Subject: Re: so-and-so
In-Reply-To: <4735813474834434634@theirmail.com>
Sender: burneraccount@newserver.com
Or something like that.
Anyway, that lets you keep your identity at the official email address. The attacks on the login server are irrelevant to receiving and forwarding email.
As is evident from the above, your new email address may be obvious from headers so don't set up an autoresponder. Only correspond with people you trust. If this burner email account comes under attack, trash this burner account, setup another one, and tell the official email server to forward to the new burner.
Then, research who you sent mail to in the last 2 days to the last burner account. One of them compromised it. Use one tactic or another to trick them into attacking this or another burner account, that lets you distinguish who exactly did it.
answered 9 hours ago
HarperHarper
2,060413
Or if possible, change username to be different from the address. This way you reply from the same address and have the same mailbox, but prevent account lockout.
– Esa Jokinen
30 mins ago
add a comment |
Yeah, it's pretty easy to have your official email address forward your emails to a new "burner" email account. Then in the new email account setup, you set your From: field to your official email address. That way mails go out like this.
From: account-I-always-had@oldserver.com
Subject: Re: so-and-so
In-Reply-To: <4735813474834434634@theirmail.com>
Sender: burneraccount@newserver.com
Or something like that.
Anyway, that lets you keep your identity at the official email address. The attacks on the login server are irrelevant to receiving and forwarding email.
As is evident from the above, your new email address may be obvious from headers so don't set up an autoresponder. Only correspond with people you trust. If this burner email account comes under attack, trash this burner account, setup another one, and tell the official email server to forward to the new burner.
Then, research who you sent mail to in the last 2 days to the last burner account. One of them compromised it. Use one tactic or another to trick them into attacking this or another burner account, that lets you distinguish who exactly did it.
answered 9 hours ago
HarperHarper
2,060413
Yeah, it's pretty easy to have your official email address forward your emails to a new "burner" email account. Then in the new email account setup, you set your From: field to your official email address. That way mails go out like this.
From: account-I-always-had@oldserver.com
Subject: Re: so-and-so
In-Reply-To: <4735813474834434634@theirmail.com>
Sender: burneraccount@newserver.com
Or something like that.
Anyway, that lets you keep your identity at the official email address. The attacks on the login server are irrelevant to receiving and forwarding email.
As is evident from the above, your new email address may be obvious from headers so don't set up an autoresponder. Only correspond with people you trust. If this burner email account comes under attack, trash this burner account, setup another one, and tell the official email server to forward to the new burner.
Then, research who you sent mail to in the last 2 days to the last burner account. One of them compromised it. Use one tactic or another to trick them into attacking this or another burner account, that lets you distinguish who exactly did it.
answered 9 hours ago
HarperHarper
2,060413
answered 9 hours ago
HarperHarper
2,060413
answered 9 hours ago
HarperHarper
2,060413
answered 9 hours ago
HarperHarper
2,060413
2,060413
Or if possible, change username to be different from the address. This way you reply from the same address and have the same mailbox, but prevent account lockout.
– Esa Jokinen
30 mins ago
add a comment |
Or if possible, change username to be different from the address. This way you reply from the same address and have the same mailbox, but prevent account lockout.
– Esa Jokinen
30 mins ago
Or if possible, change username to be different from the address. This way you reply from the same address and have the same mailbox, but prevent account lockout.
– Esa Jokinen
30 mins ago
Or if possible, change username to be different from the address. This way you reply from the same address and have the same mailbox, but prevent account lockout.
– Esa Jokinen
30 mins ago
add a comment |
You can set a firewall before your server and with right configuration you can reduce brute force attempts.
You try with your MTA configuration, an example can be Postfix:
smtpd_client_restrictions =
permit_sasl_authenticated,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client sbl-xbl.spamhaus.org,
permit permit_mynetworks,
permit_inet_interfaces,
answered 38 mins ago
MirsadMirsad
6,70352348
add a comment |
You can set a firewall before your server and with right configuration you can reduce brute force attempts.
You try with your MTA configuration, an example can be Postfix:
smtpd_client_restrictions =
permit_sasl_authenticated,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client sbl-xbl.spamhaus.org,
permit permit_mynetworks,
permit_inet_interfaces,
answered 38 mins ago
MirsadMirsad
6,70352348
add a comment |
You can set a firewall before your server and with right configuration you can reduce brute force attempts.
You try with your MTA configuration, an example can be Postfix:
smtpd_client_restrictions =
permit_sasl_authenticated,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client sbl-xbl.spamhaus.org,
permit permit_mynetworks,
permit_inet_interfaces,
answered 38 mins ago
MirsadMirsad
6,70352348
You can set a firewall before your server and with right configuration you can reduce brute force attempts.
You try with your MTA configuration, an example can be Postfix:
smtpd_client_restrictions =
permit_sasl_authenticated,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client sbl-xbl.spamhaus.org,
permit permit_mynetworks,
permit_inet_interfaces,
answered 38 mins ago
MirsadMirsad
6,70352348
answered 38 mins ago
MirsadMirsad
6,70352348
answered 38 mins ago
MirsadMirsad
6,70352348
answered 38 mins ago
MirsadMirsad
6,70352348
6,70352348
add a comment |
add a comment |
clemdia is a new contributor. Be nice, and check out our Code of Conduct.
clemdia is a new contributor. Be nice, and check out our Code of Conduct.
clemdia is a new contributor. Be nice, and check out our Code of Conduct.
clemdia is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Information Security Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f206923%2femail-account-under-attack-really-anything-i-can-do%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
10
Ask your email provider to make a change, that's the only options. In the meantime, open a new account and forward all emails to your new account so that you are still functional?
– schroeder♦
13 hours ago
1
Are you using one of the big email providers (Gmail, etc) or something smaller?
– Anders
11 hours ago
If you're using Gmail, you might try setting up a second account and granting it delegate access. That might at least allow you to check your e-mail when the account gets locked, if Gmail doesn't also block delegates when locking.
– jpmc26
8 hours ago
1
Get a better provider that isn't so vulnerable to this kind of trivial DoS?
– Nate Eldredge
5 hours ago
Maybe another account is under attack (Bank? Facebook? Income tax refund? Domain in your possession?), and they are taking out your email so you don't get notified.
– jww
4 hours ago