I got this in the Mail-in-a-Box usage report today:
User logins per hour ════════════════════ imap smtp │ timespan ────────────────────────────────────────────┼─────────── email@example.com 6000.0 0.0 │ 15:28 firstname.lastname@example.org 0.0 0.1 │ 3.0 days ...
The account with 6000 logins is the administrator login. I never ever (to my knowledge) logged into it via IMAP/SMTP. A couple days ago I logged into it via Roundcube and sent some test mails IIRC, otherwise I don’t log into it via Roundcube either (I just forward all the usage reports and stuff like that to another non-admin address).
I’m guessing such a round number probably isn’t a hack attempt. Some rounding error maybe?