I got this in the Mail-in-a-Box usage report today:
User logins per hour
════════════════════
imap smtp │ timespan
────────────────────────────────────────────┼───────────
secretlogin@box.mymaindomain.com 6000.0 0.0 │ 15:28
otherlogin@myotherdomain.com 0.0 0.1 │ 3.0 days
...
The account with 6000 logins is the administrator login. I never ever (to my knowledge) logged into it via IMAP/SMTP. A couple days ago I logged into it via Roundcube and sent some test mails IIRC, otherwise I don’t log into it via Roundcube either (I just forward all the usage reports and stuff like that to another non-admin address).
I’m guessing such a round number probably isn’t a hack attempt. Some rounding error maybe?
Do you think this was likely to be a hack? I’m fairly sure I followed all the instructions properly when upgrading to v0.40. I used very long unique passwords for all the accounts and 2FA wherever possible for server stuff, and root access is only possible via SSH key.
Anyway, forgot to mention, the totals by time of day at the bottom are roughly correct if you ignore the 6000 figure.
Also, the usage report message was apparently sent twice. It wasn’t unusual to me at the time since I occasionally get stuff prompting me to manually run apt-get, but I’ve checked now and I only got one copy of the usage report for the previous weeks.