looks like someones box has been hacked it is a shopping site in Italy. Lin On Wed, Feb 5, 2014 at 12:54 PM, William Lewis &lt;kg6baj(a)n1oes.org&gt; wrote: > (Please trim inclusions from previous messages) > _______________________________________________ > Just a heads up to the 44 Group who run 44 addressed mail servers. > > Over the last few days I've had someone trying to break into my mail > server. > > After installing more detection software, I came up with IP Address > 178.33.151.117. > > Just a heads up he's probably scanning the network looking for others, so > heads up everyone. > > Bill / KG6BAJ > > ========================================== > > AUTOMATED NOTIFICATION ! > > The IP 178.33.151.117 has just been banned after several attempts against > dovecot. > > > Here are more information about 178.33.151.117: > > % This is the RIPE Database query service. > % The objects are in RPSL format. > % > % The RIPE Database is subject to Terms and Conditions. > % See http://www.ripe.net/db/support/db-terms-conditions.pdf > > % Note: this output has been filtered. > % To receive output for a database update, use the "-B" flag. > > % Information related to '178.33.151.112 - 178.33.151.127' > > % Abuse contact for '178.33.151.112 - 178.33.151.127' is &#39;abuse(a)ovh.net&#39; > > inetnum: 178.33.151.112 - 178.33.151.127 > netname: DVC-ITA > descr: DoveConviene.it Italian Network > country: IT > org: ORG-OS43-RIPE > admin-c: OTC5-RIPE > tech-c: OTC5-RIPE > status: ASSIGNED PA > mnt-by: OVH-MNT > source: RIPE # Filtered > > organisation: ORG-OS43-RIPE > org-name: OVH Srl > org-type: OTHER > address: Via trieste 25 > address: 20097 San Donato Milanese > address: Italia > abuse-mailbox: abuse(a)ovh.net > mnt-ref: OVH-MNT > mnt-by: OVH-MNT > source: RIPE # Filtered > > role: OVH IT Technical Contact > address: OVH Srl > address: Via trieste 25 > address: 20097 San Donato Milanese > address: Italia > admin-c: OK217-RIPE > tech-c: GM84-RIPE > nic-hdl: OTC5-RIPE > abuse-mailbox: abuse(a)ovh.net > mnt-by: OVH-MNT > source: RIPE # Filtered > > % Information related to '178.32.0.0/15AS16276' > > route: 178.32.0.0/15 > descr: OVH ISP > descr: Paris, France > origin: AS16276 > mnt-by: OVH-MNT > source: RIPE # Filtered > > % This query was served by the RIPE Database Query Service version 1.71 > (WHOIS1) > > > Lines containing IP:178.33.151.117 in /var/log/mail.log > > Feb 5 04:15:37 linux1 dovecot: pop3-login: Disconnected (auth failed, 1 > attempts): user=&lt;test(a)ampr.org&gt;rg>, method=PLAIN, rip=178.33.151.117, > lip=44.2.14.2 > Feb 5 04:17:23 linux1 dovecot: pop3-login: Disconnected (auth failed, 1 > attempts): user=&lt;test(a)ampr.org&gt;rg>, method=PLAIN, rip=178.33.151.117, > lip=44.2.14.2 > Feb 5 04:17:41 linux1 dovecot: pop3-login: Disconnected (auth failed, 1 > attempts): user=&lt;test(a)ampr.org&gt;rg>, method=PLAIN, rip=178.33.151.117, > lip=44.2.14.2 > ...... <snip> >