[Prev] Thread [Next] |
[Prev] Date [Next]
[Logwatch] Weird vpopmail experiences
Tue Nov 11 08:00:50 2008
While scanning through the logwatch email sent via cronjob, I noticed that
there were quite a lot of entries reported by vpopmail as being no such
user. It smacked of a dictionary attack in that there were hundreds of
names tried 30+ times each. My conf is set to report on "yesterday", so I
looked at my maillog from yesterday and the entries are NOT in there! So I
figure there's a hack and a problem. However, I can rerun logwatch and the
report gets regenerated, emailed to me, and guess what... the "dictionary
attack" of user names is still on the report!
So, how can this be?? How can I not be able to grep the maillog for the
entries but logwatch can see them and report them?
Thanks in advance.
Logwatch mailing list