Re: hacker or server problem

Wed, 16 Nov 2016 01:54:13 -0800 


Le 16/11/2016 à 11:45, li...@lazygranch.com a écrit :

Is this a hack or a server problem. IP was listed in abusedb about a
year ago.

<pattern repeats>
Nov 16 09:14:36 theranch postfix/smtpd[6094]: connect from 
unknown[87.236.215.11]
Nov 16 09:14:36 theranch postfix/smtpd[6094]: lost connection after AUTH from 
unknown[87.236.215.11]
Nov 16 09:14:36 theranch postfix/smtpd[6094]: disconnect from 
unknown[87.236.215.11] ehlo=1 auth=0/1 commands=1/2
Nov 16 09:14:36 theranch postfix/smtpd[6094]: connect from 
unknown[87.236.215.11]
Nov 16 09:14:37 theranch postfix/smtpd[6094]: lost connection after AUTH from 
unknown[87.236.215.11]
Nov 16 09:14:37 theranch postfix/smtpd[6094]: disconnect from 
unknown[87.236.215.11] ehlo=1 auth=0/1 commands=1/2
Nov 16 09:14:37 theranch postfix/smtpd[6094]: connect from 
unknown[87.236.215.11]
Nov 16 09:14:38 theranch postfix/smtpd[6094]: lost connection after AUTH from 
unknown[87.236.215.11]
Nov 16 09:14:38 theranch postfix/smtpd[6094]: disconnect from 
unknown[87.236.215.11] ehlo=1 auth=0/1 commands=1/2
Nov 16 09:14:38 theranch postfix/smtpd[6094]: connect from 
unknown[87.236.215.11]
Nov 16 09:14:39 theranch postfix/smtpd[6094]: lost connection after AUTH from 
unknown[87.236.215.11]
Nov 16 09:14:39 theranch postfix/smtpd[6094]: disconnect from 
unknown[87.236.215.11] ehlo=1 auth=0/1 commands=1/2
Nov 16 09:14:39 theranch postfix/smtpd[6094]: connect from 
unknown[87.236.215.11]
Nov 16 09:14:39 theranch postfix/smtpd[6094]: lost connection after AUTH from 
unknown[87.236.215.11]
Nov 16 09:14:39 theranch postfix/smtpd[6094]: disconnect from 
unknown[87.236.215.11] ehlo=1 auth=0/1 commands=1/2
Nov 16 09:14:40 theranch postfix/smtpd[6094]: connect from 
unknown[87.236.215.11]
Nov 16 09:14:40 theranch postfix/smtpd[6094]: lost connection after AUTH from 
unknown[87.236.215.11]
Nov 16 09:14:40 theranch postfix/smtpd[6094]: disconnect from 
unknown[87.236.215.11] ehlo=1 auth=0/1 commands=1/2
Nov 16 09:18:00 theranch postfix/anvil[6096]: statistics: max connection rate 
70/60s for (smtp:87.236.215.11) at Nov 16 09:14:40
Nov 16 09:18:00 theranch postfix/anvil[6096]: statistics: max connection count 
1 for (smtp:87.236.215.11) at Nov 16 09:13:45
Nov 16 09:18:00 theranch postfix/anvil[6096]: statistics: max cache size 1 at 
Nov 16 09:13:45


Hi,
This is a trace of 6 connections tries from IP 87.236.215.11 with bad credential (user/passwd). 

Someone is trying to enter your server emails. Call it a hack.

Patrick

www.top-secured.com

Reply via email to