I am a sysadmin for Cumby Telephone Coop
<http://www.cumbytel.com>.
Our intrusion detector has reported that a user on your network tried to
crack our server. The log exerpts follow. Times are CDT (UTC-0500).
On dns.cumbytel.com (208.101.213.20):
From the maillog:
Mar 17 13:50:47 dns dovecot: pop3-login: Disconnected: Inactivity (auth failed, 3 attempts in 179 secs): user=<maspears@cumbytel.com>, method=LOGIN, rip=78.47.243.6, lip=208.101.213.20, TLS, session=<ltxV67+9GMZOL/MG>
From the secure log:
Mar 17 13:47:48 dns auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=maspears rhost=78.47.243.6 user=maspears
Mar 17 13:47:56 dns auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=maspears rhost=78.47.243.6 user=maspears
So far as I know, he didn’t get in.
Let me know if you need any more information.
Cheers,
—
Bob McClure, Jr. Bobcat Open Systems, Inc.
bob@bobcatos.com https://www.bobcatos.com
Arise, Lord! Lift up your hand, O God. Do not forget the helpless.
Psalm 10:12
