Educause Security Discussion mailing list archives
Re: Compromise Email Accounts
From: Daniel Bennett <dbennett () PCT EDU>
Date: Tue, 3 Feb 2009 07:30:36 -0500
We currently have a similar script that I created in vb.net. It reads our syslogs of our spam filter every 15 minutes and based on a threshold passed to the program it will alert our sysadmins of accounts that sent over x amount of emails in that time frame. The log files are then archived every hour. I need to build functionality into it that takes another threshold to disable accounts. Daniel Bennett IT Security Analyst Security+ PA College of Technology One College Ave Williamsport PA 17701 (P) 570.329.4989 -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Russell Fulton Sent: Tuesday, February 03, 2009 2:36 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Compromise Email Accounts On 31/01/2009, at 5:23 AM, Joe Vieira wrote:
Currently we have a python script to detect compromised accounts(runs once an hour). it runs thru postfix logs looking for bounces, and at a certain threshold will lock out your account. Basically the idea is that, NO ONE actually generates 100+ bounces in one hour, and if they do, they are probably spamming people.
BIngo! why didn't I think of that! Will modify my script to do that and see how it goes... Thanks, Russell
Current thread:
- Re: Compromise Email Accounts, (continued)
- Re: Compromise Email Accounts Jesse Thompson (Jan 21)
- Re: Compromise Email Accounts Zach Jansen (Jan 21)
- Re: Compromise Email Accounts Roger Safian (Jan 21)
- Re: Compromise Email Accounts Mike Porter (Jan 21)
- Re: Compromise Email Accounts Schumacher, Adam J (Jan 21)
- Re: Compromise Email Accounts Jesse Thompson (Jan 21)
- Re: Compromise Email Accounts Russell Fulton (Jan 29)
- Re: Compromise Email Accounts Sabo, Eric (Jan 29)
- Re: Compromise Email Accounts Joe Vieira (Jan 30)
- Re: Compromise Email Accounts Russell Fulton (Feb 02)
- Re: Compromise Email Accounts Daniel Bennett (Feb 03)
- Re: Compromise Email Accounts Steven Tardy (Feb 03)
- Re: Compromise Email Accounts Jeremy Mooney (Feb 03)
- Re: Compromise Email Accounts Steven Tardy (Feb 03)
- Re: Compromise Email Accounts Jeremy Mooney (Feb 04)
- Re: Compromise Email Accounts Kellogg, Brian D. (Feb 04)