similar to: What are they trying to do here?

Hi, I?ve posted this before but no one was able to help. I can?t figure out what they are trying to do, and if I should be concerned. I am running dovecot version 0.99.14 on Fedora Core 4. It appears that my dovecot server is under attack. This morning in my system e-mail I saw this: dovecot: Authentication Failures: rhost= : 23431 Time(s)

Hi there, I know this is the classic RTFM list question but... I've really tried hard on this and no result! This is what I'm receving from logcheck: System Events =-=-=-=-=-=-= Apr 3 06:55:13 bsg sshd[32246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.233.245.226 user=root Apr 3 06:55:19 bsg sshd[32248]: pam_unix(sshd:auth):

The good news is I believe I got Weakforce running 1) curl -X GET http://127.0.0.1:8084/?command=ping -u wforce:ourpassword {"status":"ok"}[ 2) after running the sample for loop: for a in {1..101}; do curl -X POST -H "Content-Type: application/json" --data '{"login":"ahu", "remote": "127.0.0.1",

I am seeing lots of these in my logs and there are often a hundered or so imap/dovecat process running. I am running RC Core3. Can anyone shead some light on how to correct this ? Jun 16 08:38:24 jidmail dovecot(pam_unix)[27653]: check pass; user unknown Jun 16 08:38:24 jidmail dovecot(pam_unix)[27653]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= Jun 16 08:38:24 jidmail

I noticed that my server has a lot ca. 1000x auth failure from different alocated in China / Romania and Netherlands per day since 3 days It looks to me like somebody was trying to get into server by guessing my password by brute force. what would be the best to stop this attack and how? the server running apache mysql and ftp PORT STATE SERVICE 21/tcp open ftp 80/tcp open http 443/tcp

Hi, My denyhosts stop working. How do i check why isnt it working anymore for me? Thanks Oct 2 22:59:17 beyond sshd[15690]: Failed password for root from 221.7.37.142 port 49836 ssh2 Oct 2 22:59:17 beyond sshd[15692]: Received disconnect from 221.7.37.142: 11: Bye Bye Oct 2 22:59:18 beyond sshd[15701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser=

> > After that you'll probably have to turn up logging in sssd and check its > logs to see what it's doing. i have set logging in sssd to 9: cache_credentials = true debug_level = 9 I first tried a user with the correct host attribute, then a user without the host attribute. The output in the logfiles are the same. Note: USER ist not a local user. Without correct ldap password

We upgraded our Centos 4.3 box's samba from 3.0.10 to 3.0.22 using sernet.de rpms. Prior to upgrading, we had this box authenticating to AD just fine, but now it is broken. Here is part of my log file that might show what is going on. Jun 13 09:21:06 cent02 login(pam_unix)[2728]: check pass; user unknown Jun 13 09:21:06 cent02 login(pam_unix)[2728]: authentication failure; logname=LOGIN

Hi, I have one real domain (abusar.org) and the others are virtual. So I configured dovecot.conf as the following: # for abusar.org, real domain mail_location = mbox:~/.mail/:INBOX=/var/mail/%n # for the remaining virtual domains userdb static { args = uid=17 gid=17 home=/var/spool/virtual/%d/.home/%n mail=mbox:/var/spool/virtual/%d/home/%n:INBOX=/var/spool/virtual/%d/%n } passdb

>From my secure log: Sep 19 01:16:44 lin12 dovecot-auth: pam_unix(dovecot:auth): check pass; user unknown Sep 19 01:16:44 lin12 dovecot-auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser= rhost=::ffff:64.31.19.48 Sep 19 01:16:44 lin12 dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user aaron Sep 19 01:16:45 lin12

On 28/06/2023 17:52, Marco Gaiarin via samba wrote: > Mandi! Rowland Penny via samba > In chel di` si favelave... > >> I didn't try turning the last one off, but at least you are getting >> somewhere :-) > > With very little steps... ;-) > > >> When you say 'back to login screen', do you mean that you cannot just >> click the screen,

Hai.   Config. Debian Stretch, samba 4.7.7. member server AD backend. Network setup like in the howtos here. : https://github.com/thctlo/samba4/tree/master/howtos      Today i discovered that somehow a disabled user was able to login after a few retries.   I run a SSH/SFTP server for data exchange with the customer of the company here.   The SSH/SFTP server is restricted by groups, this

I installed Dovecot on our FC3 sendmail server and get this from our Dallas office ( out of state to me ). dovecot(pam_unix)[13823]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost Only one Dallas user can get mail (pop3 or imap). All local users work fine. I ended upgoing back to UW and all works fine. What should I look for? Thanks -------------- next part --------------

Debian Lenny, Dovecot v 1.0.15. I'm getting a lot of what I think is a local socket asking dovecot:auth to verify username/passwords: > May 31 09:00:54 server dovecot-auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=admin rhost= Note the empty 'rhost='. That's why I think it's on the server. I see others that look like bots:

Package: logcheck-database Version: 1.2.68 Severity: normal I'm using ldap to authenticate users. And thus pam_unix is sufficient, but allowed to fail. It has now started to spam the logs with lots of Jan 2 09:22:57 sisko sshd[28511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=host92-22-static.38-79-b.business.telecomitalia.it user=root And on

1) Does 'getent passwd policia\gafranchello' produce output when run on a Unix client ? If try to logon on unis console --> auth.log Jul 2 14:13:59 samba-cliente sshd[11654]: Invalid user POLICIA+gafranchello from 172.33.10.1 Jul 2 14:13:59 samba-cliente sshd[11654]: input_userauth_request: invalid user POLICIA+gafranchello [preauth] Jul 2 14:14:04 samba-cliente sshd[11654]:

I am running Centos 6.4 64bit. Dovecot 2.0.9 I am getting the following messages in /var/log/secure, which looks like the pam authentication is not working but the users are allowed to login and the system works great. I am wondering if pam is actually failing and yet the system is getting the login info from elsewhere, or is this just a nuisance message? /var/log/secure Jun 12 23:11:29 smtp

Hi I hope that I am not totally wrong when asking this on a Samba list, but as I followed a tutorial found at the SAMBA wiki I hope I can find someone how is able to help me. My goal is to set up a server acting as a SAMBA AD Server with single sign on for linux users. I use a Ubuntu Server 13.10 as the base. On top of this I installed a SAMBA 4.1.2 from GIT, did provisioning, Kerberos

On 20/07/2020 12:09, Yakov Revyakin wrote: > OK, trying to define the environment more clearly. > OK, I 'think' I know what is going on here, haven't got a fix though :-( Can you run this command on the Linux DC's and a Linux client: wbinfo --online-status On DC's, I get this: BUILTIN : active connection EXAMPLE : active connection SAMDOM : active connection But on

Hi all, we are facing a strange issue about trust domain user issue. In the beginning. we are using samba-winbind integrated with Window AD(Server 2012r2 and Server 2008R2), they are working pretty well. but recently， the winbind client cloud not get the correct trust domian's user group info as well, like: id A\\user only show: uid=16077216(A\user) gid=16077216(A\domain