Am 20.03.2018 um 10:33 schrieb lists ([email protected]): > Hi, > > We are getting log lines like this: > >> <158>1 2018-03-20T10:17:49.544178+01:00 sogoserver sogo - - Mar 20 >> 10:17:45 sogod [28582]: <0x0x7fbcb177c880[SOGoWebAuthenticator]> tried >> wrong password for user >> 'ZawE0cMY4hOVWGhBgt/ycpig2IavEcsEme1EYTs/cd/HOQOWgHmO/00WKsUyK0nfiR/gYKnhjMDavlYVTZjgKvYkwHj0bisq5F9JbiPmN1Y04wFbgUC/TBTZJLphMeSVqL7WXKipUSxb71mlYYDVe8F5Tpr3/77PLlsEM9bg=='! >> > > The above is just a sample, there are more lines like that, but with > different strings. > > Could anyone explain what that means? > > As you can perhaps guess, this is not a username on our systems. > > (this is sogo 2.3.23 on wheezy) >
Someone is trying to authenticate with an invalid user password pair. We have those too. It is always a base64 encoded string. I read somewhere, that the big chinese firewall is using such strings to test services with encrypted communication. Not sure if that is true, but we get those all the time. Nothing to worry about. Kind regards, Christian Mack -- Christian Mack Universität Konstanz Kommunikations-, Informations-, Medienzentrum (KIM) Abteilung Basisdienste 78457 Konstanz +49 7531 88-4416
smime.p7s
Description: S/MIME Cryptographic Signature
