Mozilla Thunderbird email IMAP brute force login attempt
Hello,
One of my colleague email has been brute forcing when logged in the mozilla thunderbird like 200 attempts everyday. this is why our ip address was blacklisted by (hostgator) so we need 24hrs again to be whitelist and can use the thunderbird. I already changed the password and tried to remove the email in the mozilla thunderbird and re enter the new password but it's not working. What should I do? Thank you.
All Replies (8)
What didn't work? Removing the account from Tbird or the new password?
the brute force attacker tries to login using the old password of the email that I mentioned in the thunderbird. the new password works when logging in but after an hour our ip adress will be blacklisted because of brute force attack. removing account from thunderbird works too. it's just the brute force attackers.
So, this is happening with or without Tbird.
with tbird
Thunderbird doesn't brute-force its way into any account IF the password it's trying to use is invalid. This implies that Tbird is systematically trying to log in to the mail servers using different combinations of passwords in a bid to find the correct credential. That might as well make Tbird a hack tool! I've never heard of Tbird doing that. That's the stuff of hackers using software tools (scripts and/or malware such as bots), so unless that copy of Thunderbird is illegitimate (compromised; obtained from third-party sources), then you should not be seeing that behaviour from Tbird. Instead, you should be seeing an error for failure to login or a prompt for the correct password, assuming Thunderbird has a direct (no proxy) network connection to the mail server, is not getting tunnelled through a VPN and the server settings are correct.
On the affected computer, open Tbird and go to Help > Troubleshooting Information > Copy text to clipboard and paste it here pastebin.com then post the url in your next reply. This will show us if there is a strange configuration with that profile.
Maybe, somehow the new password fail to be saved because of some corrupted data or files. So then you can try this: First be sure that you have all your passwords (backup them somewhere). After that close TB and delete all saved passwords by moving* to desktop(?) key3.db, key4.db, cert9.db and logins.json files** - start TB and it should ask again for all passwords.
To find those files** - in TB at the top right of the Thunderbird window, click the menu button (or use the regular menu at the top), then select Help -> Troubleshooting Information. On profile area click Open Folder
p.s. moving* to desktop (but not just delete) it's important so you can have though a backup for those settings in case something is not right
Okay I will try your suggestion svlad2009..