Results 1 to 2 of 2

Thread: Too many brute force attacks from ip

  1. #1
    Join Date
    Nov 2010

    Too many brute force attacks from ip

    I'm getting too many brute force attack notifications for ip since this is server ip it's probably something internal. Attacks are all on same domain, but on different user names. In brute force monitor this is one line of log

    ID IP User Attempts Filter Log Entry
    13206481810011 1 dovecot1 Nov 7 07:42:39 hosting dovecot[2711]: imap-login: Disconnected (auth failed, 1 attempts): user=<>, method=PLAIN, rip=, lip=, secured

    attacks are always on dovecot and attempts are always just 1
    is this maybe from some hacked file on server, where should i start to look for solution.

  2. #2
    Join Date
    Apr 2005
    GMT +7.00
    Check apache logs, as somebody is probably brute-forcing your webmail.
    Regards, Alex G.

    - Get the best commercial DirectAdmin support and hire me on
    - Follow and like @Poralix on Facebook

Similar Threads

  1. Too many Brute force attacks from Google IP's
    By lonerunner in forum System-Level Technical Discussion
    Replies: 5
    Last Post: 05-14-2012, 02:56 PM
  2. Help on Brute Force attacks
    By TestUser in forum Off-Topic Discussion
    Replies: 8
    Last Post: 05-10-2012, 07:40 AM
  3. Avoiding brute force attacks
    By WiseBeetle in forum General Technical Discussion & Troubleshooting
    Replies: 1
    Last Post: 02-24-2012, 04:45 AM
  4. Brute-Force attacks from server itself?
    By Cybex in forum General Technical Discussion & Troubleshooting
    Replies: 2
    Last Post: 01-06-2012, 04:44 AM
  5. Brute Force Attacks
    By in forum DirectAdmin General Discussion
    Replies: 12
    Last Post: 10-14-2005, 11:30 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts