[Dovecot] 64.31.19.48 attempt to break into my computer

Nighoo nighoo at googlemail.com
Thu Sep 22 17:18:23 EEST 2011


Am 19.09.2011 19:05, schrieb Rick Baartman:
> From my secure log:
> 
> Sep 19 01:16:44 lin12 dovecot-auth: pam_unix(dovecot:auth): check pass; user unknown
> Sep 19 01:16:44 lin12 dovecot-auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser= rhost=::ffff:64.31.19.48 
> Sep 19 01:16:44 lin12 dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user aaron
> Sep 19 01:16:45 lin12 dovecot-auth: pam_unix(dovecot:auth): check pass; user unknown
> Sep 19 01:16:45 lin12 dovecot-auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser= rhost=::ffff:64.31.19.48 
> Sep 19 01:16:45 lin12 dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user abby
> 
> etc. Literally, 30,000 user names attempted.
I can advice you to use Fail2Ban. This will block that Ip-Adresse after
a customizable number of failed logins.

In addition you can `whois` this ip adresse and send an email to his
abuse at provider.




More information about the dovecot mailing list