Abuse Message [AbuseID:847894:1F]: AbuseNormal: Attempts to crack our server by 94.130.188.201

I am a sysadmin for Cumby Telephone Coop
 <http://www.cumbytel.com>.
 
 Our intrusion detector has reported that a user on your network tried to
 crack our server. The log exerpts follow. Times are CDT (UTC-0500).
 
 On dns.cumbytel.com (208.101.213.20):
  From the maillog:
 Mar 20 08:10:02 dns dovecot: pop3-login: Disconnected: Inactivity (auth failed, 3 attempts in 180 secs): user=<scasto@cumbytel.com>, method=LOGIN, rip=94.130.188.201, lip=208.101.213.20, TLS, session=<ZfQ4gve9RPJegrzJ>
 Mar 20 18:10:07 dns dovecot: pop3-login: Disconnected: Inactivity (auth failed, 3 attempts in 179 secs): user=<cityofcumby@cumbytel.com>, method=LOGIN, rip=94.130.188.201, lip=208.101.213.20, TLS, session=<vutP5P+9xuRegrzJ>
 
  From the secure log:
 Mar 20 08:07:03 dns auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=scasto rhost=94.130.188.201 user=scasto
 Mar 20 08:07:11 dns auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=scasto rhost=94.130.188.201 user=scasto
 Mar 20 18:07:08 dns auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=cityofcumby rhost=94.130.188.201 user=cityofcumby
 Mar 20 18:07:16 dns auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=cityofcumby rhost=94.130.188.201 user=cityofcumby
 
 So far as I know, he didn’t get in.
 
 Let me know if you need any more information.
 
 Cheers,
 —
 Bob McClure, Jr. Bobcat Open Systems, Inc.
 bob@bobcatos.com https://www.bobcatos.com
 The fear of the Lord is the beginning of wisdom; all who follow his
 precepts have good understanding. To him belongs eternal praise.
 Psalm 111:10
 

Добавить комментарий

Ваш адрес email не будет опубликован.