Hi,
I use MagicSpam Pro in Plesk, latest version of both (formerly Obsidian).
I got a lot of LFD blocked attempts for SMTP AUTH failed logins, so I blocked in the almost all countries in Country Authentication Restrictions except the ones we know we need.
Still I got the same number of attempts, I restarted the service, email services, and still the same.
Any clues? I use Juggernauth Firewall too there.
Best
Country Authentication Restrictions NOT working
Re: Country Authentication Restrictions NOT working
Hello chcxab,
Thank you for your post.
Please note that SMTP AUTH failures are normally reported for any failed authentication from countries that are blocked in your MagicSpam. This is currently done this way as authentications are rejected on the SMTP layer and not right away when the connection was made That said, we do have an upcoming release, which will block them earlier in the process (e.g: connection level) and we also have new AUTH blocking features available, including the RATS-AUTH RBL, and other reputation lists that you can enable.
Our RATS-AZURE, RATS-GCLOUD, and RATS-AWS are also good tools to block AUTH attacks, they will form the basis of RATS-CLOUD since those ranges are unlikely to be doing normal authentication, compared to say regular email clients.
We will also update our development team, as we can see how our MagicSpam customers would like to block them earlier to reduce the appearance of them in the logs, and make it easier to identify that MagicSpam is working effectively against AUTH attacks.
Thank you for your feedback!
Thank you for your post.
Please note that SMTP AUTH failures are normally reported for any failed authentication from countries that are blocked in your MagicSpam. This is currently done this way as authentications are rejected on the SMTP layer and not right away when the connection was made That said, we do have an upcoming release, which will block them earlier in the process (e.g: connection level) and we also have new AUTH blocking features available, including the RATS-AUTH RBL, and other reputation lists that you can enable.
Our RATS-AZURE, RATS-GCLOUD, and RATS-AWS are also good tools to block AUTH attacks, they will form the basis of RATS-CLOUD since those ranges are unlikely to be doing normal authentication, compared to say regular email clients.
We will also update our development team, as we can see how our MagicSpam customers would like to block them earlier to reduce the appearance of them in the logs, and make it easier to identify that MagicSpam is working effectively against AUTH attacks.
Thank you for your feedback!
-- MagicSpam Support Team --
Re: Country Authentication Restrictions NOT working
Hi, sorry for re-opening this old thread, but I believe this "Country Authentication Restrictions" function is (still) NOT working at all - at least with Plesk.With 'botnets' reaching staggering sizes, the 'bad guys' have millions of machines and IP(s) to spread out their attacks. Modern hackers have found they can make more money from reading and accessing your email accounts and services, than just using it to send spam. While not the complete solution, blocking authentication from countries that your customers never visit can reduce the amount of ways hackers can try to access your email accounts. Just remember, your customers do travel and vacation, but this has proven one of our most popular tools.
I have tried blocking all countries (except of course the server country which is whitelisted by default).
Trying to login from different IPs in different countries and it never blocks any authentication attempt.
Tested with several different Plesk versions on different Linux distros (Centos 7 + Ubuntu) over the past 2 years
Currently still not working and recently tested with Plesk Obsidian 18.0.41 on both mentioned distros.
Could you please have a look into this? Thanks.
Re: Country Authentication Restrictions NOT working
Hello MSZ,
We haven't been able to replicate the reported issue with the Country Authentication Restrictions. In order to investigate further, would you please provide us with a screenshot of the Country Authentication Restrictions along with the Authentication Log results. The best way to provide us with the following information would be through email.
Thank you.
We haven't been able to replicate the reported issue with the Country Authentication Restrictions. In order to investigate further, would you please provide us with a screenshot of the Country Authentication Restrictions along with the Authentication Log results. The best way to provide us with the following information would be through email.
Thank you.
Who is online
Users browsing this forum: No registered users and 1 guest