On 10/28/03 at 15:03, Chris Wagner wrote:
> Got a slew of these in the log yesterday.
>
> Just curious if this looks like a serious attempt at compromising the
> system.
>
> 11:47:09 1 SMTP {web} AUTH failed: password(54321) is wrong.
> Connection from [218.70.9.34:3101]
> 11:47:10 0 SYSTEM Account {web} Resources open failed. Error Code=-43
[snip]
>
> Just curious.
> Thought it looked an awful like attempts at hacking the admin account
> or getting root level access, especially given the transition in the
> different passwords (the progression from pass to passwd for
> password).
Yup, it's a dictionary attack trying to crack an admin password. Note the
address of the source, 218.70.9.34. It's in China, and it's in the Spamhaus
SBL. Draw your own conclusions... ;-)
--
Christopher Bort | [EMAIL PROTECTED]
Webmaster, Global Homes | [EMAIL PROTECTED]
<http://www.globalhomes.com/>
#############################################################
This message is sent to you because you are subscribed to
the mailing list <[EMAIL PROTECTED]>.
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to <[EMAIL PROTECTED]>
