Delivered-To: vmail-abuse@hetzner.com
I am a sysadmin for Cumby Telephone Coop
<http://www.cumbytel.com>.
Our intrusion detector has reported that a user on your network tried to
crack our server. The log exerpts follow. Times are CDT (UTC-0500).
On dns.cumbytel.com (208.101.213.20):
From the maillog:
Apr 29 09:19:16 dns dovecot: pop3-login: Disconnected: Inactivity (auth failed, 4 attempts): user=<jstaz1993@cumbytel.com>, method=PLAIN, rip=159.69.18.32, lip=208.101.213.20, TLS
From the secure log:
Apr 29 09:16:17 dns auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=jstaz1993 rhost=159.69.18.32 user=jstaz1993
Apr 29 09:16:25 dns auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=jstaz1993 rhost=159.69.18.32 user=jstaz1993
Apr 29 09:16:33 dns auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=jstaz1993@cumbytel.com rhost=159.69.18.32
Apr 29 09:16:45 dns auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=jstaz1993@cumbytel.com rhost=159.69.18.32
So far as I know, he didn’t get in.
Let me know if you need any more information.
Cheers,
—
Bob McClure, Jr. Bobcat Open Systems, Inc.
bob@bobcatos.com http://www.bobcatos.com
Search me, God, and know my heart; test me and know my anxious
thoughts. See if there is any offensive way in me, and lead me in the
way everlasting. Psalm 139:23-24
