Any of you using CSF have seen these alerts:
Well over the last couple of weeks I must have been 'hit' a thousand times. So a question ...
How can I tell which domain is being attacked?
Why are they doing this
And are 'they' just hitting "webmail.domain.com" or using some other technique.
Thanks in advance.
My VPS is used for less than a handful of my domains and only ONE is a live site.Time: Mon Feb 24 14:46:54 2014 -0700
IP: 27.251.177.239 (IN/India/abs-static-239.177.251.27.aircel.co.in)
Failures: 5 (smtpauth)
Interval: 300 seconds
Blocked: Temporary Block
Log entries:
2014-02-24 14:46:00 dovecot_login authenticator failed for ([192.168.2.33]) [27.251.177.239]:52469: 535 Incorrect authentication data (set_id=admin)
2014-02-24 14:46:06 dovecot_login authenticator failed for ([192.168.2.33]) [27.251.177.239]:52469: 535 Incorrect authentication data (set_id=admin)
2014-02-24 14:46:16 dovecot_login authenticator failed for ([192.168.2.33]) [27.251.177.239]:52469: 535 Incorrect authentication data (set_id=admin)
2014-02-24 14:46:33 dovecot_login authenticator failed for ([192.168.2.33]) [27.251.177.239]:52469: 535 Incorrect authentication data (set_id=admin)
2014-02-24 14:46:50 dovecot_login authenticator failed for ([192.168.2.33]) [27.251.177.239]:52469: 535 Incorrect authentication data (set_id=admin)
Well over the last couple of weeks I must have been 'hit' a thousand times. So a question ...
How can I tell which domain is being attacked?
Why are they doing this
And are 'they' just hitting "webmail.domain.com" or using some other technique.
Thanks in advance.