This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Attack on WebAdmin-port: many failed logins

Does anyone else experience attacks on the WebAdmin-port with many failed logins? [WARN-005]

This evening I received from all of the Sophos UTM's from my clients (15 in The Netherlands) notifications of failed logins. All with username "admin" and all from 65.21.141.30 (Germany) [edit: correction: Finland].

I can block this off course, but I don't understand who could find out all the ip-addresses. Only Sophos can know those from the update servers. So I would like to know if others are experiencing the same.



This thread was automatically locked due to age.