lonerunner
Verified User
- Joined
- Nov 16, 2010
- Messages
- 56
I'm getting too many brute force attack notifications for ip 127.0.0.1 since this is server ip it's probably something internal. Attacks are all on same domain, but on different user names. In brute force monitor this is one line of log
ID IP User Attempts Filter Log Entry
13206481810011 127.0.0.1 [email protected] 1 dovecot1 Nov 7 07:42:39 hosting dovecot[2711]: imap-login: Disconnected (auth failed, 1 attempts): user=<[email protected]>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
attacks are always on dovecot and attempts are always just 1
is this maybe from some hacked file on server, where should i start to look for solution.
ID IP User Attempts Filter Log Entry
13206481810011 127.0.0.1 [email protected] 1 dovecot1 Nov 7 07:42:39 hosting dovecot[2711]: imap-login: Disconnected (auth failed, 1 attempts): user=<[email protected]>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
attacks are always on dovecot and attempts are always just 1
is this maybe from some hacked file on server, where should i start to look for solution.
