New hack attempt?

Discussion in 'Server Operation' started by bswinnerton, Jul 29, 2008.

  1. bswinnerton

    bswinnerton New Member

    Hi everyone,

    Was just looking through my logs and found a bunch like this:

    Code:
    Jul 28 12:30:54 myserver saslauthd[4788]: pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=  user=root
    Jul 28 12:30:55 myserver saslauthd[4792]: pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=  user=root
    Jul 28 12:30:56 myserver saslauthd[4788]: DEBUG: auth_pam: pam_authenticate failed: Authentication failure
    Jul 28 12:30:56 myserver saslauthd[4788]: do_auth         : auth failure: [user=root] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
    Jul 28 12:30:57 myserver saslauthd[4795]: pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=  user=root
    
    I've never seen it before, so I wasn't sure what to think about it. How is this being done? Is it something I should be concerned about
     
  2. falko

    falko Super Moderator ISPConfig Developer

    You could install fail2ban to prevent brute-force attacks.
     
  3. bswinnerton

    bswinnerton New Member

    I do have fail2ban installed, but i've never seen that kind of attack before, how are they doing it?
     

Share This Page