I (noob) just added a new admin with a very secure password. I did not send a welcome email, because the admin was only a way to get admin type emails to an extra email address. Also never attempted a login on the new account.
Only 2 hours later I started seeing unsuccessful Brute-Force attacks from a China IP trying to guess the new admins password. How would an outside source have seen the new admin name?
What might I need to look for?
One of the Brute Force Monitor entries (admin name is changed to "adminname"):
18262653060700 120.42.95.44 adminname 1 exim1 2011-12-30 09:09:34 login authenticator failed for (ylmf-pc) [120.42.95.44]: 535 Incorrect authentication data (set_id=adminname)
Only 2 hours later I started seeing unsuccessful Brute-Force attacks from a China IP trying to guess the new admins password. How would an outside source have seen the new admin name?
What might I need to look for?
One of the Brute Force Monitor entries (admin name is changed to "adminname"):
18262653060700 120.42.95.44 adminname 1 exim1 2011-12-30 09:09:34 login authenticator failed for (ylmf-pc) [120.42.95.44]: 535 Incorrect authentication data (set_id=adminname)
