under some kind of attack

Tanstaafl tanstaafl at libertytrek.org
Tue Jul 18 22:48:23 EEST 2017


Welcome to the world of mail admin...

On 7/18/2017, 3:44:20 PM, mj <lists at merit.unu.edu> wrote:
> Hi all,
> 
> It seems we are under some kind of password guessing attack:
> 
>> Jul 18 21:33:33 auth: Info: ldap(username1,103.6.223.61,<W7wLl5xUfABnBt89>): invalid credentials (given password: 1q2w3e4r5t)
>> Jul 18 21:34:16 auth: Info: ldap(username1,221.4.61.180,<89WnmZxUrADdBD20>): invalid credentials (given password: 1q2w3e4r5t)
>> Jul 18 21:36:13 auth: Info: ldap(username2,117.243.180.225,<ESWBoJxUdQB187Th>): invalid credentials (given password: 1q2w3e4r)
>> Jul 18 21:36:50 auth: Info: ldap(username2,58.59.103.230,<j7fQopxUNgA6O2fm>): invalid credentials (given password: 1q2w3e4r)
>> Jul 18 21:36:56 auth: Info: ldap(username4,58.215.13.154,<gtY5o5xUlQA61w2a>): invalid credentials (given password: 1q2w3e4r5t)
>> Jul 18 21:37:18 auth: Info: ldap(username3,220.175.154.205,<lFxppJxUFADcr5rN>): invalid credentials (given password: 1q2w3e4r)
>> Jul 18 21:37:25 auth: Info: ldap(username5,14.142.29.142,<40zopJxUSgAOjh2O>): invalid credentials (given password: 1q2w3e4r)
>> Jul 18 21:37:27 auth: Info: ldap(username4,119.1.98.121,<JDQOpZxUCwB3AWJ5>): invalid credentials (given password: 1q2w3e4r5t)
>> Jul 18 21:37:54 auth: Info: ldap(username3,218.76.156.11,<OMqtppxUMADaTJwL>): invalid credentials (given password: 1q2w3e4r)
> 
> Different IPs, different usernames, but all (almost) the same password.
> 
> Any idea what we can do about this??
> 
> Any advice you could give us would be very much appreciated.
> 
> MJ
> 



More information about the dovecot mailing list