Results 1 to 2 of 2

Thread: Too many brute force attacks from ip 127.0.0.1

  1. #1
    Join Date
    Nov 2010
    Posts
    56

    Too many brute force attacks from ip 127.0.0.1

    I'm getting too many brute force attack notifications for ip 127.0.0.1 since this is server ip it's probably something internal. Attacks are all on same domain, but on different user names. In brute force monitor this is one line of log

    ID IP User Attempts Filter Log Entry
    13206481810011 127.0.0.1 omerc@bankerinter.net 1 dovecot1 Nov 7 07:42:39 hosting dovecot[2711]: imap-login: Disconnected (auth failed, 1 attempts): user=<omerc@bankerinter.net>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured

    attacks are always on dovecot and attempts are always just 1
    is this maybe from some hacked file on server, where should i start to look for solution.

  2. #2
    Join Date
    Apr 2005
    Location
    GMT +7.00
    Posts
    13,579
    Check apache logs, as somebody is probably brute-forcing your webmail.
    Regards, Alex G.

    - Get the best commercial DirectAdmin support and hire me on poralix.com
    - Follow and like @Poralix on Facebook

Similar Threads

  1. Too many Brute force attacks from Google IP's
    By lonerunner in forum System-Level Technical Discussion
    Replies: 5
    Last Post: 05-14-2012, 02:56 PM
  2. Help on Brute Force attacks
    By TestUser in forum Off-Topic Discussion
    Replies: 8
    Last Post: 05-10-2012, 07:40 AM
  3. Avoiding brute force attacks
    By WiseBeetle in forum General Technical Discussion & Troubleshooting
    Replies: 1
    Last Post: 02-24-2012, 04:45 AM
  4. Brute-Force attacks from server itself?
    By Cybex in forum General Technical Discussion & Troubleshooting
    Replies: 2
    Last Post: 01-06-2012, 04:44 AM
  5. Brute Force Attacks
    By ssi.inc in forum DirectAdmin General Discussion
    Replies: 12
    Last Post: 10-14-2005, 11:30 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •