Hello,
Since a couple of days I got brute-force messages from localhost from a not existing user (not in DA and not in passwd file)
"A brute force attack has been detected in one of your service logs.
IP 127.0.0.1 has 275 failed login attempts: dovecot1=39&proftpd1=236
User mtcn has 155 failed login attempts: proftpd1=155
Check 'Admin Level -> Brute Force Monitor' for more information
http://help.directadmin.com/item.php?id=404"
In the proftpd log i see login attempts (530 error)
I cant find the dovecot log files.
Is there a way to find out who is trying to login?
Thanks.
Since a couple of days I got brute-force messages from localhost from a not existing user (not in DA and not in passwd file)
"A brute force attack has been detected in one of your service logs.
IP 127.0.0.1 has 275 failed login attempts: dovecot1=39&proftpd1=236
User mtcn has 155 failed login attempts: proftpd1=155
Check 'Admin Level -> Brute Force Monitor' for more information
http://help.directadmin.com/item.php?id=404"
In the proftpd log i see login attempts (530 error)
I cant find the dovecot log files.
Is there a way to find out who is trying to login?
Thanks.