Abuse Message [AbuseID:5B197A:28]: AbuseNormal: Attempts to crack our server by 159.69.18.32

Delivered-To: vmail-abuse@hetzner.com

I am a sysadmin for Cumby Telephone Coop
<http://www.cumbytel.com>.

Our intrusion detector has reported that a user on your network tried to
crack our server. The log exerpts follow. Times are CDT (UTC-0500).

On dns.cumbytel.com (208.101.213.20):
From the maillog:
Apr 29 09:19:16 dns dovecot: pop3-login: Disconnected: Inactivity (auth failed, 4 attempts): user=<jstaz1993@cumbytel.com>, method=PLAIN, rip=159.69.18.32, lip=208.101.213.20, TLS

From the secure log:
Apr 29 09:16:17 dns auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=jstaz1993 rhost=159.69.18.32 user=jstaz1993
Apr 29 09:16:25 dns auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=jstaz1993 rhost=159.69.18.32 user=jstaz1993
Apr 29 09:16:33 dns auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=jstaz1993@cumbytel.com rhost=159.69.18.32
Apr 29 09:16:45 dns auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=jstaz1993@cumbytel.com rhost=159.69.18.32

So far as I know, he didn’t get in.

Let me know if you need any more information.

Cheers,

Bob McClure, Jr. Bobcat Open Systems, Inc.
bob@bobcatos.com http://www.bobcatos.com
Search me, God, and know my heart; test me and know my anxious
thoughts. See if there is any offensive way in me, and lead me in the
way everlasting. Psalm 139:23-24