Too many brute force attacks from ip 127.0.0.1

lonerunner

Verified User
Joined
Nov 16, 2010
Messages
56
I'm getting too many brute force attack notifications for ip 127.0.0.1 since this is server ip it's probably something internal. Attacks are all on same domain, but on different user names. In brute force monitor this is one line of log

ID IP User Attempts Filter Log Entry
13206481810011 127.0.0.1 omerc@bankerinter.net 1 dovecot1 Nov 7 07:42:39 hosting dovecot[2711]: imap-login: Disconnected (auth failed, 1 attempts): user=<omerc@bankerinter.net>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured

attacks are always on dovecot and attempts are always just 1
is this maybe from some hacked file on server, where should i start to look for solution.
 
Top