General discussion on installation and configuration of SOGo

Text archives Help


Re: [SOGo] SOGoWebAuthenticator, wrong passwords


Chronological Thread 
  • From: "Christian Mack" ( ) < >
  • To:
  • Subject: Re: [SOGo] SOGoWebAuthenticator, wrong passwords
  • Date: Wed, 21 Mar 2018 14:09:26 +0100
  • Dmarc-filter: OpenDMARC Filter v1.2.0 mail.inverse.ca 4082DC04259

Am 20.03.2018 um 10:33 schrieb lists
( ):
> Hi,
>
> We are getting log lines like this:
>
>> <158>1 2018-03-20T10:17:49.544178+01:00 sogoserver sogo  - - Mar 20
>> 10:17:45 sogod [28582]: <0x0x7fbcb177c880[SOGoWebAuthenticator]> tried
>> wrong password for user
>> 'ZawE0cMY4hOVWGhBgt/ycpig2IavEcsEme1EYTs/cd/HOQOWgHmO/00WKsUyK0nfiR/gYKnhjMDavlYVTZjgKvYkwHj0bisq5F9JbiPmN1Y04wFbgUC/TBTZJLphMeSVqL7WXKipUSxb71mlYYDVe8F5Tpr3/77PLlsEM9bg=='!
>>
>
> The above is just a sample, there are more lines like that, but with
> different strings.
>
> Could anyone explain what that means?
>
> As you can perhaps guess, this is not a username on our systems.
>
> (this is sogo 2.3.23 on wheezy)
>

Someone is trying to authenticate with an invalid user password pair.
We have those too.
It is always a base64 encoded string.
I read somewhere, that the big chinese firewall is using such strings to
test services with encrypted communication.
Not sure if that is true, but we get those all the time.
Nothing to worry about.


Kind regards,
Christian Mack

--
Christian Mack
Universität Konstanz
Kommunikations-, Informations-, Medienzentrum (KIM)
Abteilung Basisdienste
78457 Konstanz
+49 7531 88-4416

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature




Archive powered by MHonArc 2.6.18.

Top of page