Hi All,
some out there is trying to crack (IMHO) my zimbra, I already search the forum and got http://www.zimbra.com/forums/adminis...threquest.html

but it I can't any solution in there
I already track the log, but only the zimbra IP address (my own machine), and add to my confuse is, I'm not open my zimbra administration port to the public.

and here's my log

Code:
AUDIT.LOG
2012-09-12 07:38:09,642 WARN  [btpool0-396://ns1-mailserver.kantor.co.id:7071/service/admin/soap/] [name=user@kantor.co.id;ip=192.168.101.99;] security - cmd=Auth;
account=user@kantor.co.id; protocol=soap; error=authentication failed for user@kantor.co.id, invalid password;
2012-09-12 07:38:10,694 WARN  [btpool0-396://ns1-mailserver.kantor.co.id:7071/service/admin/soap/] [name=user@kantor.co.id;ip=192.168.101.99;] security - cmd=Auth; account=user@kantor.co.id; protocol=soap; error=authentication failed for user@kantor.co.id, invalid password;
2012-09-12 07:38:11,685 WARN  [btpool0-396://ns1-mailserver.kantor.co.id:7071/service/admin/soap/] [name=user@kantor.co.id;ip=192.168.101.99;] security - cmd=Auth; account=user@kantor.co.id; protocol=soap; error=authentication failed for user@kantor.co.id, invalid password;
Code:
MAILBOX.LOG
[btpool0-396://ns1-mailserver.kantor.co.id:7071/service/admin/soap/] [ip=192.168.101.99;] soap - AuthRequest
2012-09-12 07:38:10,694 INFO  [btpool0-396://ns1-mailserver.kantor.co.id:7071/service/admin/soap/] [name=user@kantor.co.id;ip=192.168.101.99;] SoapEngine - handler exception: authentication failed for user@kantor.co.id, invalid password
2012-09-12 07:38:10,696 WARN  [btpool0-396] [] log - SSL renegotiate denied: java.nio.channels.SocketChannel[connected local=/192.168.101.99:7071 remote=/192.168.101.99:54921]
2012-09-12 07:38:11,537 INFO  [btpool0-396://ns1-mailserver.kantor.co.id:7071/service/admin/soap/] [ip=192.168.101.99;] soap - AuthRequest
2012-09-12 07:38:11,686 INFO  [btpool0-396://ns1-mailserver.kantor.co.id:7071/service/admin/soap/] [name=user@kantor.co.id;ip=192.168.101.99;] SoapEngine - handler exception: authentication failed for user@kantor.co.id, invalid password
2012-09-12 07:38:11,688 WARN  [btpool0-396] [] log - SSL renegotiate denied: java.nio.channels.SocketChannel[connected local=/192.168.101.99:7071 remote=/192.168.101.99
Code:
Jetty log access_log.2012-09-12
192.168.101.99 -  -  [12/Sep/2012:07:07:38 +0000] "POST /service/admin/soap/ HTTP/1.1" 500 3868 "-" "-"

My question is

1.Is there a way for me to figure the attacker IP address
2.What kind of kind of crack the hacker trying in my zimbra
3. If I upgrade my zimbra would this problem disappear

that's all from me thank you very much for you answer