Max. username length errors in /errortaskq.log

BBM

BBM

Verified User
Joined
Jun 8, 2013
Messages
399
Location
Dutch Mountains
After the recent DA update (I think) I'm now seeing a number of 'max. usernamelength' errors in errortaskq.log;

Code: 
2014:09:30-18:58:01: Username dutch*******ars.com is 19 characters long, but the directadmin.conf has this setting 'max_username_length=10'
2014:10:01-04:47:01: Username qualit******************nts.com is 31 characters long, but the directadmin.conf has this setting 'max_username_length=10'
2014:10:02-03:55:01: Username v*******gs.nl is 13 characters long, but the directadmin.conf has this setting 'max_username_length=10'


I *seems* as if DA is looking at domainnames as usernames somehow and now spouts errors about it.
Any clues where something could've gone wrong or what to check?
 
Any clue as to which command or what action is being run when those errors show up?
Try cross-referencing the timestamps on the left with the log:
/var/log/directadmin/2014-Oct-02.log

to see which CMD_* was being run.

John
 
Ok, thanks for the tip. I just had to do a bit more searching in the logs it seems indeed.

I just found this in /exim/rejectlog, right before the error in /errortaskq;
Code: 
2014-10-01 04:46:58 login authenticator failed for (USER) [181.66.157.166]: 535 Incorrect authentication data (set_id=qualit******************nts.com)

And also found this entry in /exim/rejectlog;
Code: 
2014-10-02 03:54:10 login authenticator failed for (USER) [180.191.161.236]: 535 Incorrect authentication data (set_id=v*******gs.nl)
2014-10-02 03:54:50 login authenticator failed for (USER) [180.191.161.236]: 535 Incorrect authentication data (set_id=v*******gs.nl)

(The IP in the logs are not mine.)

It looks like hack-attempts and I think they are probably trying to use the domainname as the complete username as the login or something.
I'm not worried and at least now know what caused the errors in the errortaskq log.
 
I've only updated one of my clients to the latest version of DirectAdmin. He's noticed something similar; in his case the username Administrator complete with upper-case A was being caught in errortaskq.log as a username.

Any way to filter these out so they don't get logged?

Jeff
 
You must log in or register to reply here.
Back
Top