Strange usernames in logs, during backup

[jasne]

Hello everyone,

After directadmin backup I discovered strange usernames in /var/log/directadmin/errortask.log

Strange because:
receptionist - doesn't exist in server and never been
178.209.51.109 - doesn't exist in server and never been. Haven't idea what's going on with this ip and where it's from.
domian123123123.com - it's my one of domain pointed on my server, but it's not a user...
autorepairstart123 - it's ok . my real user.

logs:

2015:05:22-11:01:01: Username receptionist is 12 characters long, but the directadmin.conf has this setting 'max_username_length=10'
2015:05:22-11:01:01: Username receptionist is 12 characters long, but the directadmin.conf has this setting 'max_username_length=10'
2015:05:22-11:20:47: Username autorepairstart123 is 12 characters long, but the directadmin.conf has this setting 'max_username_length=10'
2015:05:22-11:20:47: Username 178.209.51.109 is 12 characters long, but the directadmin.conf has this setting 'max_username_length=10'
2015:05:22-11:20:47: Username domian123123123.com is 12 characters long, but the directadmin.conf has this setting 'max_username_length=10'

 

[LawsHosting]

I saw this too while debugging an API issue, especially domain names as usernames

 

[BBM]

Seen those as well starting some time ago.
I think it's just hackers trying complete usernames as log-in credentials.
DA uses a default max. 10 characters for a username, unless changed, so anything over 10 characters fails by default (I think).

 

[jasne]

Above usernames in logs, looks like unsuccessful login to various services in servers. for example pop, smtp , ftp etc..
But somehow are jointed to processing during backup process

 

[jasne]

Today i've discovered that this case happen without backup process... and above usernames I've found in BRUTE FORCE MONITOR...