On 13/05/18 12:09, Erwan David wrote:
Le 05/13/18 à 09:49, Matthew Broadhead a écrit :
i get loads of these from different ip addresses all over the world
with the exact same password. no idea what causes it. i always
wondered myself. e.g. cat /var/log/maillog | grep UGFzc3dvcmQ6
...
May 13 08:43:43 ns1 postfix/smtpd[8800]: warning:
unknown[46.148.27.71]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
May 13 08:44:28 ns1 postfix/smtpd[6191]: warning:
unknown[185.234.217.61]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
May 13 08:44:52 ns1 postfix/smtpd[11760]: warning:
unknown[181.214.206.20]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
May 13 08:45:17 ns1 postfix/smtpd[6191]: warning:
unknown[185.234.218.130]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
May 13 08:45:23 ns1 postfix/smtpd[11760]: warning:
unknown[5.101.40.66]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
May 13 08:45:30 ns1 postfix/smtpd[11766]: warning:
unknown[181.214.206.20]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
May 13 08:45:32 ns1 postfix/smtpd[6191]: warning:
unknown[181.214.206.101]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
May 13 08:46:05 ns1 postfix/smtpd[11760]: warning:
unknown[201.162.182.66]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
May 13 08:46:09 ns1 postfix/smtpd[11766]: warning:
unknown[181.214.206.101]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
May 13 08:47:33 ns1 postfix/smtpd[11766]: warning:
unknown[5.101.40.66]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
It is the base 64 encoding of Password:
yes i understood that but why is it continuously sent from random ip
addresses all over the world where none of my accounts would be signing
in from? if i do an ip trace they come from loads of different
countries. the hits must be coming from compromised machines?
