GMS has identified a potential attempt to discover the user name and password of an account via the AUTH command in POP3. There have been too many failed or bad authentication attempts by the client that is currently connected so GMS has disconnected and added the client’s IP address to the dynamic deny list. This means that future connections from this IP address will also be rejected for a period of time. GMS has inbuilt password policy and delays to help prevent this type of u201cbrute forceu201d attack. This means that each incorrect attempt to authenticate will delay the next attempt by twice as long.
In this particular case, session Undefined has just dropped a connection from the client at Undefined which was attempting to log on Undefined@Undefined.
No action is required by you. However, you can change the maximum number of bad commands (MaxBadCommand) or contact the person using the POP3 client and suggest they upgrade or use GMS Webmail.
- How do I contact the owner of a client?
- How do alerts work?
- What is APOP authentication?
- What password protection is there in GMS?
Keywords:password attack pop3 deny AUTH MaxBadCOmmand RFC1734 8160