As I posted last week, I was working on a variant of the email module for quotes, which caused an idea to develop, and some extra work, but it will improve security and performance.
You see, in testing the new module, I just happened to find myself inspecting the servers logs to ensure that there were no transmission errors, but, I spotted a hacker trying to gain access to our clustered mail server. Oh dear oh dear, as I shake my head, why to they bother was my first thought? You see, our usernames are not email addresses, and I could see from the logs, repeated attempts from the same IP address to guess a password erroneously assuming the username is an email address.
I later considered, that all this was doing was taking up resources, processing these password rejections. It would be good if I could simply block the hacker and keep a database of all the rogue hackers IP addresses so that our servers can then self protect themselves by simply denying any form of service to the hacker.
Developing this thought further, I decided that I could create a database of IP addresses. First I had to write another program to extract the IP address from the mail servers log file, check if it is already on our “HackerIP” database list, and if not, append it. Then, all the servers in the cluster have access to the same rogue hacker IP address information. Now it was merely a trivial matter of writing out a parameters file for the mail server software on each of the mail servers in our cluster to take note of.
As this code, called “anti-hack”, went into production overnight, it has picked up another 81 hackers. We’re building up a nice little database of self generated rogue hacker IP addresses and improving security and performance at the same time.
Bye bye hackers.
#Security #MailServers #Hackers #HackerIPAddresses
Sir Winston Churchill
