Hi All,
We have someone trying to access Audit logs. How are they able to get this and how can we turn this off.
Eventlog ID:
The description for Event ID 10000 from source MailEnable cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
MailEnable SMTP Service (C:\PROGRA~2\MAILEN~1\Bin64\MESMTPC.EXE) error: 3
Timed out waiting to access audit file (D:\Mail Enable\CONFIG\Audit\xxxxxx.com\shit...\AUDIT-190903.log) to log Invalid authorisation attempt from 103.125.191.109 by [SMTP] for shit.... Client IP: 103.125.191.109. Result=3
the message resource is present but the message is not found in the string/message table
Hacking Attempt
-
- Posts: 26
- Joined: Mon Nov 05, 2007 9:56 am
Re: Hacking Attempt
What I see in your message is the following:
- Invalid authorisation attempt from 103.125.191.109
- MailEnable SMTP Service (C:\PROGRA~2\MAILEN~1\Bin64\MESMTPC.EXE) failed to log it to audit file
You may want to check if the audit file exists and not locked.
- Invalid authorisation attempt from 103.125.191.109
- MailEnable SMTP Service (C:\PROGRA~2\MAILEN~1\Bin64\MESMTPC.EXE) failed to log it to audit file
You may want to check if the audit file exists and not locked.