Is Someone Trying to Hack Into My Server?

Hello,

Today i was going through my server logs and came across these in /var/log/messages;

Oct 20 05:37:19 www pop(pam_unix)[20320]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=xyz

There are hundreds such attempts for almost every user that exists in my passwd file, is someone trying to gain entry using pop3 daemon with uid=0?

I am running Red Hat Linux 7.1 and ipop3d.

Thanks,
Vivek

 

 

 

 

Top