Hi,
Recently I moved one of my websites from one VPS to another. Both VPS's are centos and runs directadmin.
Just after transfering the site to the new server, I started to have brute-force attack alerts and all the alerts are coming from my servers own ip.
For example, the last one (89.xx.xxx.92 is my server's ip):
From brute-force monitor:
By the way, I have no email accounts on this domain.
What can it be?
Recently I moved one of my websites from one VPS to another. Both VPS's are centos and runs directadmin.
Just after transfering the site to the new server, I started to have brute-force attack alerts and all the alerts are coming from my servers own ip.
For example, the last one (89.xx.xxx.92 is my server's ip):
Code:
A brute force attack has been detected in one of your service logs.
IP 89.xx.xxx.92 has 169 failed login attempts: exim2=169
Check 'Admin Level -> Brute Force Monitor' for more information
http://help.directadmin.com/item.php?id=404
Code:
14167583420000 89.xx.xxx.92 [email protected] 1 exim2 2014-11-23 17:58:22 login authenticator failed for (mail.doctus.org) [89.xx.xxx.92]: 535 Incorrect authentication data ([email protected])
14167584010000 89.xx.xxx.92 [email protected] 1 exim2 2014-11-23 17:59:23 login authenticator failed for (mail.doctus.org) [89.xx.xxx.92]: 535 Incorrect authentication data ([email protected])By the way, I have no email accounts on this domain.
What can it be?
