search for: neovisionlab

I'm seeing strings of failed POP3 login attempts with obvious bogus usernames coming from different IP addresses. Today's originated from 216.31.146.19 (which resolves to neovisionlabs.com). This looks like a botnet attack. I got a similar probe a couple days ago. Is anyone else seeing these? The attack involves trying about 20 different names, about 3-4 seconds apart. Here's a few sample log lines: dovecot: Aug 15 04:15:45 Error: auth-worker(default): pam(mike,216.31....