Global settings g_hack

  1. Home
  2. Knowledge Base
  3. Settings
  4. Global settings g_hack
  1. Home
  2. Knowledge Base
  3. Security
  4. Global settings g_hack

g_hack_detect_disable – Stop admin emails when users login with a weak password

Useful if you must have weak passwords for some reason

Syntax: g_hack_detect_disable bool

g_hack_msg – Message to send to users with a weak password

Message to send to users with a weak password

Syntax: g_hack_msg string

g_hack_noemail – Disable weak password reports

This setting has no further documentation currently available

Syntax: g_hack_noemail bool

g_hack_report – Address to send weak password reports to

This setting has no further documentation currently available

Syntax: g_hack_report string

g_hack_touser – Send warnings about hacking directly to users

Send warnings directly to users

Syntax: g_hack_touser bool

g_hack_url – Url for users to change password

Url to your server for users to change password, if not given the user.cgi url will be generated

Syntax: g_hack_url string

g_hacker_alert – Email manager if address is locked out

This setting has no further documentation currently available

Syntax: g_hacker_alert bool

g_hacker_days – Days to keep ipaddress locked out, default 7

This setting has no further documentation currently available

Syntax: g_hacker_days int

g_hacker_fwd – Email manager if user sets fowarding rule

Useful to identify a spammer trying to set a bounce address to pickup incoming email

Syntax: g_hacker_fwd bool

g_hacker_max – Login guesses for one ip address before we lockout the ip address

Stops hackers from guessing passwords every day until they find one, use tellmail unlock ip.number to unlock, or whitelist it…

Syntax: g_hacker_max int

g_hacker_more – Be more restrictive, don’t allow /24 netblocks based on loginip

This setting has no further documentation currently available

Syntax: g_hacker_more bool

g_hacker_password – If hacker attempts to login with account name as password, then blacklist ip

Good for stopping robots guessing accounts

Syntax: g_hacker_password bool

g_hacker_passwords – Failed logins that use these passwords will lockout the ip address

List commonly guessed passwords, e.g. 12345678

Syntax: g_hacker_passwords string

g_hacker_poison – Poison accounts. Instantly blacklist ip address e.g. root@*

If user tries to login with this account then their ip address is blocked from further logins. Give full domain name or wild card, e.g. root@your.domain,staff@*

Syntax: g_hacker_poison string

g_hacker_weak – If user tries weak password, lockout ip address

If someone is ‘guessing’ weak passwords their ip address will be locked out

Syntax: g_hacker_weak bool

g_hacker_whitelist – Ip addresses to avoid guessing issues

Whitelist for gateways or other systems that you expect multiple failed logins from (e.g. webmail host)

Syntax: g_hacker_whitelist string

Was this article helpful?

Related Articles