> OT: I was a bit surprised to find my CMS user being spammed even > though I never published that anywhere so must have been through > guessing. Makes you wonder.
Not at all. It's a basic brute force dictionary attack technique. We get probes of 5 to 10 addresses (mostly from hijacked PCs originating from home DSL networks in Brazil and Argentina) about 5-7 times a minute that are trying sequential strings of letters and numbers. If you have enough zombies, you don't need to be smart about discovering addresses, you just try them all. DNS dynamic RBLs are your friend. -- db