Has my server been hacked?

2 posts / 0 new
Last post
#1 Mon, 04/27/2015 - 13:10
romanromeo

Has my server been hacked?

This is a recent syslog activity: I what it means and how can I stop it? Thanks.

Apr 27 20:46:46 debian7 postfix/anvil[6886]: statistics: max connection rate 1/60s for (smtp:209.183.26.175) at Apr 27 20:43:23
Apr 27 20:46:46 debian7 postfix/anvil[6886]: statistics: max connection count 1 for (smtp:209.183.26.175) at Apr 27 20:43:23
Apr 27 20:46:46 debian7 postfix/anvil[6886]: statistics: max cache size 1 at Apr 27 20:43:23
Apr 27 20:49:36 debian7 postfix/smtpd[7524]: connect from host-209-183-26-175.static.dsl.primus.ca[209.183.26.175]
Apr 27 20:49:39 debian7 postfix/smtpd[7524]: warning: host-209-183-26-175.static.dsl.primus.ca[209.183.26.175]: SASL LOGIN authentication failed: authentication failure
Apr 27 20:49:39 debian7 postfix/smtpd[7524]: disconnect from host-209-183-26-175.static.dsl.primus.ca[209.183.26.175]
Apr 27 20:50:01 debian7 /USR/SBIN/CRON[7535]: (root) CMD (/etc/webmin/status/monitor.pl)
Apr 27 20:52:03 debian7 dbus[2669]: [system] Activating service name='org.freedesktop.PackageKit' (using servicehelper)
Apr 27 20:52:03 debian7 dbus[2669]: [system] Successfully activated service 'org.freedesktop.PackageKit'
Apr 27 20:52:59 debian7 postfix/anvil[7526]: statistics: max connection rate 1/60s for (smtp:209.183.26.175) at Apr 27 20:49:36
Apr 27 20:52:59 debian7 postfix/anvil[7526]: statistics: max connection count 1 for (smtp:209.183.26.175) at Apr 27 20:49:36
Apr 27 20:52:59 debian7 postfix/anvil[7526]: statistics: max cache size 1 at Apr 27 20:49:36
Apr 27 20:55:01 debian7 /USR/SBIN/CRON[8035]: (root) CMD (/etc/webmin/status/monitor.pl)
Apr 27 20:55:46 debian7 postfix/smtpd[8304]: connect from host-209-183-26-175.static.dsl.primus.ca[209.183.26.175]
Apr 27 20:55:49 debian7 postfix/smtpd[8304]: warning: host-209-183-26-175.static.dsl.primus.ca[209.183.26.175]: SASL LOGIN authentication failed: authentication failure
Apr 27 20:55:49 debian7 postfix/smtpd[8304]: disconnect from host-209-183-26-175.static.dsl.primus.ca[209.183.26.175]
Mon, 04/27/2015 - 14:09
Diabolico
Diabolico's picture

Looks to me someone is trying brute force your email, just install fail2ban and activate postfix protection.

- I often come to the conclusion that my brain has too many tabs open. -
Failing at desktop publishing & graphic design since 1994.

Topic locked