Brute-force protection for your IMAP server. Stop password-guessing attacks on IMAP.
RdpGuard
Intrusion prevention system for your Windows Server
 
Follow:
Twitter
Facebook
RSS
Share:

IMAP Brute-Force Protection.

Internet Message Access Protocol (IMAP) is one of the most popular protocols for email retrieval nowadays. Almost every mail server supports IMAP.

Anyone is able to download ready-to-go tools and start abusing your server's resources. Being so popular, it's no surprise that this protocol becomes the target for brute-force attacks very often - the Internet is full of tools for IMAP brute-forcing. Anyone is able to download ready-to-go tools and start abusing your server's resources.

If you are running IMAP on your server, you may notice thousands of repeating entries in your logs like the one below: 

#Software: MailEnable IMAP Server
#Version: 1.2
#Date: 03/31/18 00:00:08
#Fields: date time c-ip agent account cs-username s-ip s-port cs-method cs-uristem cs-uriquery s-computername sc-bytes cs-bytes time-taken
31-03-13 06:26:01 185.222.209.113 IMAP-IN contoso.com - 66.249.66.134 5216 AUTHENTICATE cXdlcnR5 2+NO+AUTHENTICATE+LOGIN+failed+-+Invalid+username+or+password. WIN-MN0B8V95FLF 64 0 4282
31-03-13 06:42:00 185.222.209.113 IMAP-IN contoso.com - 66.249.66.134 7156 AUTHENTICATE cXdlcnR5 2+NO+AUTHENTICATE+LOGIN+failed+-+Invalid+username+or+password. WIN-MN0B8V95FLF 64 0 4290
31-03-13 06:49:43 185.222.209.113 IMAP-IN contoso.com - 66.249.66.134 4876 AUTHENTICATE cGFzc3cw 2+NO+AUTHENTICATE+LOGIN+failed+-+Invalid+username+or+password. WIN-MN0B8V95FLF 64 0 4297
31-03-13 07:08:15 185.222.209.113 IMAP-IN contoso.com - 66.249.66.134 4876 AUTHENTICATE cGFzc3cw 2+NO+AUTHENTICATE+LOGIN+failed+-+Invalid+username+or+password. WIN-MN0B8V95FLF 64 0 4297
31-03-13 07:15:41 185.222.209.113 IMAP-IN contoso.com - 66.249.66.134 5548 AUTHENTICATE c29jY2Vy 2+NO+AUTHENTICATE+LOGIN+failed+-+Invalid+username+or+password. WIN-MN0B8V95FLF 64 0 4281
31-03-13 07:26:32 185.222.209.113 IMAP-IN contoso.com - 66.249.66.134 6580 AUTHENTICATE c29jY2Vy 2+NO+AUTHENTICATE+LOGIN+failed+-+Invalid+username+or+password. WIN-MN0B8V95FLF 64 0 4288
31-03-13 07:29:59 185.222.209.113 IMAP-IN contoso.com - 66.249.66.134 3636 AUTHENTICATE c29jY2Vy 2+NO+AUTHENTICATE+LOGIN+failed+-+Invalid+username+or+password. WIN-MN0B8V95FLF 64 0 4298
31-03-13 07:31:53 185.222.209.113 IMAP-IN contoso.com - 66.249.66.134 6828 AUTHENTICATE c29jY2Vy 2+NO+AUTHENTICATE+LOGIN+failed+-+Invalid+username+or+password. WIN-MN0B8V95FLF 64 0 4313
31-03-13 07:32:29 185.222.209.113 IMAP-IN contoso.com - 66.249.66.134 5148 AUTHENTICATE Y2F0Y2F0 2+NO+AUTHENTICATE+LOGIN+failed+-+Invalid+username+or+password. WIN-MN0B8V95FLF 64 0 4328
31-03-13 07:34:32 185.222.209.113 IMAP-IN contoso.com - 66.249.66.134 6916 AUTHENTICATE c29jY2Vy 2+NO+AUTHENTICATE+LOGIN+failed+-+Invalid+username+or+password. WIN-MN0B8V95FLF 64 0 4281
31-03-13 07:40:37 185.222.209.113 IMAP-IN contoso.com - 66.249.66.134 4160 AUTHENTICATE Y2F0Y2F0 2+NO+AUTHENTICATE+LOGIN+failed+-+Invalid+username+or+password. WIN-MN0B8V95FLF 64 0 4300
31-03-13 07:41:41 185.222.209.113 IMAP-IN contoso.com - 66.249.66.134 3568 AUTHENTICATE Y2F0Y2F0 2+NO+AUTHENTICATE+LOGIN+failed+-+Invalid+username+or+password. WIN-MN0B8V95FLF 64 0 4281
31-03-13 07:42:47 185.222.209.113 IMAP-IN contoso.com - 66.249.66.134 6320 AUTHENTICATE Y2F0Y2F0 2+NO+AUTHENTICATE+LOGIN+failed+-+Invalid+username+or+password. WIN-MN0B8V95FLF 64 0 4268
31-03-13 07:43:13 185.222.209.113 IMAP-IN contoso.com - 66.249.66.134 3568 AUTHENTICATE c29jY2Vy 2+NO+AUTHENTICATE+LOGIN+failed+-+Invalid+username+or+password. WIN-MN0B8V95FLF 64 0 4282
31-03-13 07:47:10 185.222.209.113 IMAP-IN contoso.com - 66.249.66.134 4172 AUTHENTICATE c29jY2Vy 2+NO+AUTHENTICATE+LOGIN+failed+-+Invalid+username+or+password. WIN-MN0B8V95FLF 64 0 4312
31-03-13 07:49:54 185.222.209.113 IMAP-IN contoso.com - 66.249.66.134 2288 AUTHENTICATE c29jY2Vy 2+NO+AUTHENTICATE+LOGIN+failed+-+Invalid+username+or+password. WIN-MN0B8V95FLF 64 0 4268
31-03-13 07:52:03 185.222.209.113 IMAP-IN contoso.com - 66.249.66.134 5036 AUTHENTICATE Y2F0Y2F0 2+NO+AUTHENTICATE+LOGIN+failed+-+Invalid+username+or+password. WIN-MN0B8V95FLF 64 0 4281
31-03-13 07:55:31 185.222.209.113 IMAP-IN contoso.com - 66.249.66.134 6728 AUTHENTICATE Y2F0Y2F0 2+NO+AUTHENTICATE+LOGIN+failed+-+Invalid+username+or+password. WIN-MN0B8V95FLF 64 0 4282
31-03-13 07:58:03 185.222.209.113 IMAP-IN contoso.com - 66.249.66.134 5096 AUTHENTICATE Y2F0Y2F0 2+NO+AUTHENTICATE+LOGIN+failed+-+Invalid+username+or+password. WIN-MN0B8V95FLF 64 0 4328
31-03-13 07:58:32 185.222.209.113 IMAP-IN contoso.com - 66.249.66.134 6256 AUTHENTICATE Y2F0Y2F0 2+NO+AUTHENTICATE+LOGIN+failed+-+Invalid+username+or+password. WIN-MN0B8V95FLF 64 0 4285
31-03-13 08:00:48 185.222.209.113 IMAP-IN contoso.com - 66.249.66.134 7484 AUTHENTICATE Y2F0Y2F0 2+NO+AUTHENTICATE+LOGIN+failed+-+Invalid+username+or+password. WIN-MN0B8V95FLF 64 0 4301
31-03-13 08:06:12 185.222.209.113 IMAP-IN contoso.com - 66.249.66.134 4332 AUTHENTICATE Tgd7dgw3 2+NO+AUTHENTICATE+LOGIN+failed+-+Invalid+username+or+password. WIN-MN0B8V95FLF 64 0 4280
31-03-13 08:07:37 185.222.209.113 IMAP-IN contoso.com - 66.249.66.134 8948 AUTHENTICATE YW50aG9u 2+NO+AUTHENTICATE+LOGIN+failed+-+Invalid+username+or+password. WIN-MN0B8V95FLF 64 0 4313
31-03-13 08:08:02 185.222.209.113 IMAP-IN contoso.com - 66.249.66.134 8552 AUTHENTICATE aW5mb0Bo 2+NO+AUTHENTICATE+LOGIN+failed+-+Invalid+username+or+password. WIN-MN0B8V95FLF 64 0 4297
31-03-13 08:08:22 185.222.209.113 IMAP-IN contoso.com - 66.249.66.134 8948 AUTHENTICATE aW5mb0Bp 2+NO+AUTHENTICATE+LOGIN+failed+-+Invalid+username+or+password. WIN-MN0B8V95FLF 64 0 4297
31-03-13 08:09:52 185.222.209.113 IMAP-IN contoso.com - 66.249.66.134 9008 AUTHENTICATE Y2F0Y2F0 2+NO+AUTHENTICATE+LOGIN+failed+-+Invalid+username+or+password. WIN-MN0B8V95FLF 64 0 4289
31-03-13 08:13:53 185.222.209.113 IMAP-IN contoso.com - 66.249.66.134 4944 AUTHENTICATE Y2F0Y2F0 2+NO+AUTHENTICATE+LOGIN+failed+-+Invalid+username+or+password. WIN-MN0B8V95FLF 64 0 4301
31-03-13 08:16:36 185.222.209.113 IMAP-IN contoso.com - 66.249.66.134 4988 AUTHENTICATE Y2F0Y2F0 2+NO+AUTHENTICATE+LOGIN+failed+-+Invalid+username+or+password. WIN-MN0B8V95FLF 64 0 4312
31-03-13 08:17:39 185.222.209.113 IMAP-IN contoso.com - 66.249.66.134 7344 AUTHENTICATE amVzc2ll 2+NO+AUTHENTICATE+LOGIN+failed+-+Invalid+username+or+password. WIN-MN0B8V95FLF 64 0 4297

Those repeating failed login attempts are actually brute-force attacks on your IMAP service. These attacks consume your server's resources such as bandwidth, RAM, CPU, and free disk space.

If some of your IMAP users have weak passwords, attackers may succeed in brute-forcing their way into the user's mailbox and gain unauthorized access to their emails and other personal information.

RdpGuard provides effective protection for your IMAP server against brute-force attacks by detecting invalid login attempts and automatically blocking the attacker's IP address.

RdpGuard is compatible with all IMAP server software, making it a versatile solution for protecting your email service.

RdpGuard monitors the IMAP port(s) or logs on your server and detects failed login attempts. When the number of failed login attempts from a single IP address reaches a pre-set limit (by default, three), RdpGuard automatically blocks the attacker's IP address.

For Windows Vista/7/8/8.1/10/11 and Windows Server 2008/2012/2016/2019/2022

See Also

How to enable and configure IMAP Brute-Force Protection

RdpGuard 9.0.3 Free Trial

RdpGuard protects:

Social Connection
RdpGuard Logo
 
People like RdpGuard!
Our Other Products
TntDrive
Easily mount Amazon S3 Bucket as a Windows Drive
S3 Browser
Powerful Windows Client for Amazon S3 and Amazon CloudFront
FastGlacier
Windows Client for Amazon Glacier - new low-cost storage for data archiving and backup.
Copyright © 2012-2023 NetSDK Software. All rights reserved.  Terms of Use.  Privacy Policy.