[Dovecot] 64.31.19.48 attempt to break into my computer
John Alexander
john.alexander at preachain.org
Thu Sep 22 17:13:43 EEST 2011
Fail2Ban is an excellent tool to deal with this sort of thing.
On Mon, 19 Sep 2011 10:05:47 -0700, Rick Baartman wrote
> >From my secure log:
>
> Sep 19 01:16:44 lin12 dovecot-auth: pam_unix(dovecot:auth): check
> pass; user unknown
> Sep 19 01:16:44 lin12 dovecot-auth: pam_unix(dovecot:auth):
> authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=
> rhost=::ffff:64.31.19.48
> Sep 19 01:16:44 lin12 dovecot-auth: pam_succeed_if(dovecot:auth):
> error retrieving information about user aaron
> Sep 19 01:16:45 lin12 dovecot-auth: pam_unix(dovecot:auth): check
> pass; user unknown
> Sep 19 01:16:45 lin12 dovecot-auth: pam_unix(dovecot:auth):
> authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=
> rhost=::ffff:64.31.19.48
> Sep 19 01:16:45 lin12 dovecot-auth: pam_succeed_if(dovecot:auth):
> error retrieving information about user abby
>
> etc. Literally, 30,000 user names attempted.
> --
> rick baartman
>
> TRIUMF
> 4004 Wesbrook Mall
> Vancouver, BC
> V6T2A3
------------------------------------
I've stopped trying to catch up,
I'm just trying to limit the rate at which I'm falling behind
John Alexander
More information about the dovecot
mailing list