I'm not a guru like some on this list but I believe someone knows you're
using SIMS and is trying to hack into the server. I put that IP in
SamSpade.org and it appears to be from China Telcom. Possibly trying to
hijack your server for spam.
Can you block all accesses from that IP address ... perhaps with your
firewall software?
Peter
> From: Chris Wagner <[EMAIL PROTECTED]>
> Reply-To: "SIMS Discussions" <[EMAIL PROTECTED]>
> Date: Tue, 28 Oct 2003 17:03:24 -0600
> To: "SIMS Discussions" <[EMAIL PROTECTED]>
> Subject: DDoS?
>
> Got a slew of these in the log yesterday.
>
> Just curious if this looks like a serious attempt at compromising the
> system.
>
>
> 11:47:09 1 SMTP {web} AUTH failed: password(54321) is wrong. Connection from
> [218.70.9.34:3101]
> 11:47:10 0 SYSTEM Account {web} Resources open failed. Error Code=-43
> 11:47:10 1 SMTP {web} AUTH failed: password(00000000) is wrong. Connection
> from [218.70.9.34:3101]
> 11:47:11 0 SYSTEM Account {web} Resources open failed. Error Code=-43
> 11:47:11 1 SMTP {web} AUTH failed: password(88888888) is wrong. Connection
> from [218.70.9.34:3101]
> 11:47:12 0 SYSTEM Account {web} Resources open failed. Error Code=-43
> 11:47:12 1 SMTP {web} AUTH failed: password(admin) is wrong. Connection from
> [218.70.9.34:3101]
> 11:47:12 0 SYSTEM Account {web} Resources open failed. Error Code=-43
> 11:47:12 1 SMTP {web} AUTH failed: password(root) is wrong. Connection from
> [218.70.9.34:3101]
> 11:47:13 0 SYSTEM Account {web} Resources open failed. Error Code=-43
> 11:47:13 1 SMTP {web} AUTH failed: password(pass) is wrong. Connection from
> [218.70.9.34:3101]
> 11:47:14 0 SYSTEM Account {web} Resources open failed. Error Code=-43
> 11:47:14 1 SMTP {web} AUTH failed: password(passwd) is wrong. Connection
> from [218.70.9.34:3101]
> 11:47:15 0 SYSTEM Account {web} Resources open failed. Error Code=-43
> 11:47:15 1 SMTP {web} AUTH failed: password(password) is wrong. Connection
> from [218.70.9.34:3101]
> 11:47:16 0 SYSTEM Account {web} Resources open failed. Error Code=-43
> 11:47:16 1 SMTP {web} AUTH failed: password(super) is wrong. Connection from
> [218.70.9.34:3101]
> 11:47:16 0 SYSTEM Account {web} Resources open failed. Error Code=-43
> 11:47:16 1 SMTP {web} AUTH failed: password([EMAIL PROTECTED]&*) is wrong. Connection
> from [218.70.9.34:3101]
> 11:47:17 0 SYSTEM Account {www} Resources open failed. Error Code=-43
> 11:47:17 1 SMTP {www} AUTH failed: password(www) is wrong. Connection from
> [218.70.9.34:3101]
>
> Just curious.
> Thought it looked an awful like attempts at hacking the admin account or
> getting root level access, especially given the transition in the different
> passwords (the progression from pass to passwd for password).
>
> The rest of the entries are much more convincing.
>
> Looks like SIMS knocked them out, and that's fine, just was wondering.
>
> Thanks!
>
> Chris
>
>
>
> #############################################################
> This message is sent to you because you are subscribed to
> the mailing list <[EMAIL PROTECTED]>.
> To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
> Send administrative queries to <[EMAIL PROTECTED]>
>
#############################################################
This message is sent to you because you are subscribed to
the mailing list <[EMAIL PROTECTED]>.
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to <[EMAIL PROTECTED]>
