| glyn3332 |
10-13-2008 03:49 AM |
POP3 brute force attack help
Hi guys,
I appear to be facing a brute force attack attempt on my POP3 server. Here is an excerpt from the log file:
Code:
pop3:
Unknown Entries:
authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=admin: 1 Time(s)
authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=nobody: 1 Time(s)
authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=root: 1 Time(s)
And also:
Code:
**Unmatched Entries**
Disconnected, ip=[::ffff:88.191.65.244]: 1 Time(s)
Disconnected, ip=[::ffff:91.65.20.97]: 1 Time(s)
LOGIN FAILED, user=admin, ip=[::ffff:88.191.65.244]: 1 Time(s)
LOGIN FAILED, user=alan, ip=[::ffff:88.191.65.244]: 1 Time(s)
LOGIN FAILED, user=alex, ip=[::ffff:88.191.65.244]: 1 Time(s)
LOGIN FAILED, user=aron, ip=[::ffff:88.191.65.244]: 1 Time(s)
LOGIN FAILED, user=brett, ip=[::ffff:88.191.65.244]: 1 Time(s)
LOGIN FAILED, user=danny, ip=[::ffff:88.191.65.244]: 1 Time(s)
LOGIN FAILED, user=data, ip=[::ffff:88.191.65.244]: 1 Time(s)
LOGIN FAILED, user=http, ip=[::ffff:88.191.65.244]: 1 Time(s)
LOGIN FAILED, user=httpd, ip=[::ffff:88.191.65.244]: 1 Time(s)
LOGIN FAILED, user=mike, ip=[::ffff:88.191.65.244]: 1 Time(s)
LOGIN FAILED, user=nobody, ip=[::ffff:88.191.65.244]: 1 Time(s)
LOGIN FAILED, user=root, ip=[::ffff:88.191.65.244]: 1 Time(s)
LOGIN FAILED, user=sharon, ip=[::ffff:88.191.65.244]: 1 Time(s)
LOGIN FAILED, user=test, ip=[::ffff:88.191.65.244]: 1 Time(s)
LOGIN FAILED, user=www-data, ip=[::ffff:88.191.65.244]: 1 Time(s)
This has been going on over the weekend as far as I can tell from the logs. And as usual from a different IP daily.
My Set up is:
- CentOS 5
- Postfix
- ClamAV with Amavis and Spamassassin
- Courier for POP3 and IMAP access.
Any help welcome :) |
