Brute-force protection for your IMAP server. Stop password-guessing attacks on IMAP.
RdpGuard
Intrusion prevention system for your Windows Server
 
Follow:
Like:
Share:

IMAP Brute-Force Protection.

Internet Message Access Protocol (IMAP) is one of the most popular protocols for email retrieval novadays. Almost every mail server supports IMAP.

Being so popular, it's not surprise that this protocol becomes the target for brute-force attacks very often - the Internet is full of tools for IMAP brute-forcing. Anyone is able to download ready-to-go tools and start abusing your server's resources.

If you are running IMAP on your server, you may notice thousands repeating entries in your logs like below:

#Software: MailEnable IMAP Server
#Version: 1.2
#Date: 03/31/18 00:00:08
#Fields: date time c-ip agent account cs-username s-ip s-port cs-method cs-uristem cs-uriquery s-computername sc-bytes cs-bytes time-taken
31-03-13 06:26:01 185.222.209.113 IMAP-IN contoso.com - 66.249.66.134 5216 AUTHENTICATE cXdlcnR5 2+NO+AUTHENTICATE+LOGIN+failed+-+Invalid+username+or+password. WIN-MN0B8V95FLF 64 0 4282
31-03-13 06:42:00 185.222.209.113 IMAP-IN contoso.com - 66.249.66.134 7156 AUTHENTICATE cXdlcnR5 2+NO+AUTHENTICATE+LOGIN+failed+-+Invalid+username+or+password. WIN-MN0B8V95FLF 64 0 4290
31-03-13 06:49:43 185.222.209.113 IMAP-IN contoso.com - 66.249.66.134 4876 AUTHENTICATE cGFzc3cw 2+NO+AUTHENTICATE+LOGIN+failed+-+Invalid+username+or+password. WIN-MN0B8V95FLF 64 0 4297
31-03-13 07:08:15 185.222.209.113 IMAP-IN contoso.com - 66.249.66.134 4876 AUTHENTICATE cGFzc3cw 2+NO+AUTHENTICATE+LOGIN+failed+-+Invalid+username+or+password. WIN-MN0B8V95FLF 64 0 4297
31-03-13 07:15:41 185.222.209.113 IMAP-IN contoso.com - 66.249.66.134 5548 AUTHENTICATE c29jY2Vy 2+NO+AUTHENTICATE+LOGIN+failed+-+Invalid+username+or+password. WIN-MN0B8V95FLF 64 0 4281
31-03-13 07:26:32 185.222.209.113 IMAP-IN contoso.com - 66.249.66.134 6580 AUTHENTICATE c29jY2Vy 2+NO+AUTHENTICATE+LOGIN+failed+-+Invalid+username+or+password. WIN-MN0B8V95FLF 64 0 4288
31-03-13 07:29:59 185.222.209.113 IMAP-IN contoso.com - 66.249.66.134 3636 AUTHENTICATE c29jY2Vy 2+NO+AUTHENTICATE+LOGIN+failed+-+Invalid+username+or+password. WIN-MN0B8V95FLF 64 0 4298
31-03-13 07:31:53 185.222.209.113 IMAP-IN contoso.com - 66.249.66.134 6828 AUTHENTICATE c29jY2Vy 2+NO+AUTHENTICATE+LOGIN+failed+-+Invalid+username+or+password. WIN-MN0B8V95FLF 64 0 4313
31-03-13 07:32:29 185.222.209.113 IMAP-IN contoso.com - 66.249.66.134 5148 AUTHENTICATE Y2F0Y2F0 2+NO+AUTHENTICATE+LOGIN+failed+-+Invalid+username+or+password. WIN-MN0B8V95FLF 64 0 4328
31-03-13 07:34:32 185.222.209.113 IMAP-IN contoso.com - 66.249.66.134 6916 AUTHENTICATE c29jY2Vy 2+NO+AUTHENTICATE+LOGIN+failed+-+Invalid+username+or+password. WIN-MN0B8V95FLF 64 0 4281
31-03-13 07:40:37 185.222.209.113 IMAP-IN contoso.com - 66.249.66.134 4160 AUTHENTICATE Y2F0Y2F0 2+NO+AUTHENTICATE+LOGIN+failed+-+Invalid+username+or+password. WIN-MN0B8V95FLF 64 0 4300
31-03-13 07:41:41 185.222.209.113 IMAP-IN contoso.com - 66.249.66.134 3568 AUTHENTICATE Y2F0Y2F0 2+NO+AUTHENTICATE+LOGIN+failed+-+Invalid+username+or+password. WIN-MN0B8V95FLF 64 0 4281
31-03-13 07:42:47 185.222.209.113 IMAP-IN contoso.com - 66.249.66.134 6320 AUTHENTICATE Y2F0Y2F0 2+NO+AUTHENTICATE+LOGIN+failed+-+Invalid+username+or+password. WIN-MN0B8V95FLF 64 0 4268
31-03-13 07:43:13 185.222.209.113 IMAP-IN contoso.com - 66.249.66.134 3568 AUTHENTICATE c29jY2Vy 2+NO+AUTHENTICATE+LOGIN+failed+-+Invalid+username+or+password. WIN-MN0B8V95FLF 64 0 4282
31-03-13 07:47:10 185.222.209.113 IMAP-IN contoso.com - 66.249.66.134 4172 AUTHENTICATE c29jY2Vy 2+NO+AUTHENTICATE+LOGIN+failed+-+Invalid+username+or+password. WIN-MN0B8V95FLF 64 0 4312
31-03-13 07:49:54 185.222.209.113 IMAP-IN contoso.com - 66.249.66.134 2288 AUTHENTICATE c29jY2Vy 2+NO+AUTHENTICATE+LOGIN+failed+-+Invalid+username+or+password. WIN-MN0B8V95FLF 64 0 4268
31-03-13 07:52:03 185.222.209.113 IMAP-IN contoso.com - 66.249.66.134 5036 AUTHENTICATE Y2F0Y2F0 2+NO+AUTHENTICATE+LOGIN+failed+-+Invalid+username+or+password. WIN-MN0B8V95FLF 64 0 4281
31-03-13 07:55:31 185.222.209.113 IMAP-IN contoso.com - 66.249.66.134 6728 AUTHENTICATE Y2F0Y2F0 2+NO+AUTHENTICATE+LOGIN+failed+-+Invalid+username+or+password. WIN-MN0B8V95FLF 64 0 4282
31-03-13 07:58:03 185.222.209.113 IMAP-IN contoso.com - 66.249.66.134 5096 AUTHENTICATE Y2F0Y2F0 2+NO+AUTHENTICATE+LOGIN+failed+-+Invalid+username+or+password. WIN-MN0B8V95FLF 64 0 4328
31-03-13 07:58:32 185.222.209.113 IMAP-IN contoso.com - 66.249.66.134 6256 AUTHENTICATE Y2F0Y2F0 2+NO+AUTHENTICATE+LOGIN+failed+-+Invalid+username+or+password. WIN-MN0B8V95FLF 64 0 4285
31-03-13 08:00:48 185.222.209.113 IMAP-IN contoso.com - 66.249.66.134 7484 AUTHENTICATE Y2F0Y2F0 2+NO+AUTHENTICATE+LOGIN+failed+-+Invalid+username+or+password. WIN-MN0B8V95FLF 64 0 4301
31-03-13 08:06:12 185.222.209.113 IMAP-IN contoso.com - 66.249.66.134 4332 AUTHENTICATE Tgd7dgw3 2+NO+AUTHENTICATE+LOGIN+failed+-+Invalid+username+or+password. WIN-MN0B8V95FLF 64 0 4280
31-03-13 08:07:37 185.222.209.113 IMAP-IN contoso.com - 66.249.66.134 8948 AUTHENTICATE YW50aG9u 2+NO+AUTHENTICATE+LOGIN+failed+-+Invalid+username+or+password. WIN-MN0B8V95FLF 64 0 4313
31-03-13 08:08:02 185.222.209.113 IMAP-IN contoso.com - 66.249.66.134 8552 AUTHENTICATE aW5mb0Bo 2+NO+AUTHENTICATE+LOGIN+failed+-+Invalid+username+or+password. WIN-MN0B8V95FLF 64 0 4297
31-03-13 08:08:22 185.222.209.113 IMAP-IN contoso.com - 66.249.66.134 8948 AUTHENTICATE aW5mb0Bp 2+NO+AUTHENTICATE+LOGIN+failed+-+Invalid+username+or+password. WIN-MN0B8V95FLF 64 0 4297
31-03-13 08:09:52 185.222.209.113 IMAP-IN contoso.com - 66.249.66.134 9008 AUTHENTICATE Y2F0Y2F0 2+NO+AUTHENTICATE+LOGIN+failed+-+Invalid+username+or+password. WIN-MN0B8V95FLF 64 0 4289
31-03-13 08:13:53 185.222.209.113 IMAP-IN contoso.com - 66.249.66.134 4944 AUTHENTICATE Y2F0Y2F0 2+NO+AUTHENTICATE+LOGIN+failed+-+Invalid+username+or+password. WIN-MN0B8V95FLF 64 0 4301
31-03-13 08:16:36 185.222.209.113 IMAP-IN contoso.com - 66.249.66.134 4988 AUTHENTICATE Y2F0Y2F0 2+NO+AUTHENTICATE+LOGIN+failed+-+Invalid+username+or+password. WIN-MN0B8V95FLF 64 0 4312
31-03-13 08:17:39 185.222.209.113 IMAP-IN contoso.com - 66.249.66.134 7344 AUTHENTICATE amVzc2ll 2+NO+AUTHENTICATE+LOGIN+failed+-+Invalid+username+or+password. WIN-MN0B8V95FLF 64 0 4297

These repeating failed login attempts are brute-force attacks on your IMAP service. They waste your server's resources- bandwidth, RAM, CPU and free disk space.

If some of your IMAP users have weak passwords, attackers may succeed and get access to the user's mailbox.

RdpGuard effectively protects your IMAP server from brute-force attacks by detecting invalid login attempts and blocking attacker's IP addresses.

RdpGuard works with any IMAP Server software.

It monitors IMAP port(s) or logs on your server and detects failed login attempts. If the number of failed login attempts from a single IP address reaches a set limit (three by default), the attacker's IP address will be blocked.

For Windows XP, Vista, 7, 8, 8.1, 10 and Windows Server 2003 (R2), 2008 (R2), 2012 (R2), 2016

See Also

How to enable and configure IMAP Brute-Force Protection

RdpGuard 5.3.5 Free Trial

RdpGuard protects:

Social Connection
RdpGuard Logo
 
People like RdpGuard!
Our Other Products
FastGlacier
Windows Client for Amazon Glacier - new low-cost storage for data archiving and backup.
Copyright © 2012-2018 NetSDK Software. All rights reserved.  Terms of Use.  Privacy Policy.