From my maillog - IP address shown is genuine.

Mar 17 04:20:16 www in.qpopper[17140]: EOF from at 217.59.60.50
(217.59.60.50): [0] 29 (Illegal seek); 0 (Success)
Mar 17 04:20:16 www in.qpopper[17140]: (null) at 217.59.60.50
(217.59.60.50): -ERR POP EOF or I/O Error: 29 (Illegal seek); 0 (Success)
Mar 17 04:20:17 www imapd[17141]: imap service init from 217.59.60.50
Mar 17 04:20:18 www in.qpopper[17144]: EOF from at 217.59.60.50
(217.59.60.50): [0] 29 (Illegal seek); 0 (Success)
Mar 17 04:20:18 www in.qpopper[17144]: (null) at 217.59.60.50
(217.59.60.50): -ERR POP EOF or I/O Error: 29 (Illegal seek); 0 (Success)
Mar 17 04:20:23 www in.qpopper[17167]: root at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Access is blocked for UIDs below 10
Mar 17 04:20:24 www in.qpopper[17168]: EOF from at 217.59.60.50
(217.59.60.50): [0] 29 (Illegal seek); 0 (Success)
Mar 17 04:20:24 www in.qpopper[17168]: (null) at 217.59.60.50
(217.59.60.50): -ERR POP EOF or I/O Error: 29 (Illegal seek); 0 (Success)
Mar 17 04:20:35 www in.qpopper[17170]: backup at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "backup" is incorrect.
Mar 17 04:20:40 www in.qpopper[17175]: backup at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "backup" is incorrect.
Mar 17 04:20:43 www in.qpopper[17183]: access at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "access" is incorrect.
Mar 17 04:20:46 www in.qpopper[17192]: backup at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "backup" is incorrect.
Mar 17 04:20:46 www in.qpopper[17194]: access at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "access" is incorrect.
Mar 17 04:20:46 www in.qpopper[17195]: account at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "account" is incorrect.
Mar 17 04:20:47 www in.qpopper[17196]: account at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "account" is incorrect.
Mar 17 04:20:48 www in.qpopper[17197]: webmaster at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "webmaster" is incorrect.
Mar 17 04:20:49 www in.qpopper[17199]: webmaster at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "webmaster" is incorrect.
Mar 17 04:20:50 www in.qpopper[17201]: data at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "data" is incorrect.
Mar 17 04:20:50 www in.qpopper[17202]: backup at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "backup" is incorrect.
Mar 17 04:20:52 www in.qpopper[17204]: data at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "data" is incorrect.
Mar 17 04:20:52 www in.qpopper[17205]: sybase at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "sybase" is incorrect.

<similar snipped to reduce message size for WHT>

Mar 17 04:20:59 www in.qpopper[17218]: webmaster at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "webmaster" is incorrect.
Mar 17 04:21:00 www in.qpopper[17214]: backup at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "backup" is incorrect.
Mar 17 04:21:00 www in.qpopper[17222]: oracle at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "oracle" is incorrect.
Mar 17 04:21:01 www in.qpopper[17223]: data at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "data" is incorrect.
Mar 17 04:21:01 www in.qpopper[17224]: backup at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "backup" is incorrect.
Mar 17 04:21:01 www in.qpopper[17226]: webmaster at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "webmaster" is incorrect.
Mar 17 04:21:02 www in.qpopper[17227]: data at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "data" is incorrect.
Mar 17 04:21:02 www in.qpopper[17228]: sybase at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "sybase" is incorrect.
Mar 17 04:21:03 www imapd[17141]: Command stream end of file, while reading
line user=??? host=[217.59.60.50]
Mar 17 04:21:04 www sendmail[17280]: g2H4L4C17280:
from=<cobalt-security-admin@list.cobalt.com>, size=3647, class=-60,
nrcpts=1, msgid=<20020314234304.2eb4a0e5.nico.meijer@zonnet.nl>,
proto=ESMTP, daemon=MTA, relay=[213.165.144.113]
Mar 17 04:21:04 www sendmail[17281]: g2H4L4C17280:
to=<eddie@qbit-testing.com>, delay=00:00:00, xdelay=00:00:00, mailer=local,
pri=139536, dsn=2.0.0, stat=Sent
Mar 17 04:21:05 www in.qpopper[17255]: access at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "access" is incorrect.
Mar 17 04:21:05 www in.qpopper[17256]: sybase at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "sybase" is incorrect.
Mar 17 04:21:05 www sendmail[17171]: NOQUEUE: [217.59.60.50] did not issue
MAIL/EXPN/VRFY/ETRN during connection to MTA
Mar 17 04:21:06 www in.qpopper[17258]: test at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "test" is incorrect.
Mar 17 04:21:09 www in.qpopper[17263]: access at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "access" is incorrect.
Mar 17 04:21:09 www in.qpopper[17266]: user at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "user" is incorrect.
Mar 17 04:21:09 www in.qpopper[17264]: account at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "account" is incorrect.
Mar 17 04:21:09 www in.qpopper[17267]: user at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "user" is incorrect.
Mar 17 04:21:09 www in.qpopper[17268]: user at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "user" is incorrect.
Mar 17 04:21:09 www in.qpopper[17265]: account at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "account" is incorrect.
Mar 17 04:21:09 www in.qpopper[17270]: webmaster at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "webmaster" is incorrect.
Mar 17 04:21:10 www in.qpopper[17271]: backup at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "backup" is incorrect.
Mar 17 04:21:10 www in.qpopper[17272]: oracle at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "oracle" is incorrect.
Mar 17 04:21:11 www in.qpopper[17273]: data at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "data" is incorrect.
Mar 17 04:21:11 www in.qpopper[17274]: backup at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "backup" is incorrect.
Mar 17 04:21:11 www in.qpopper[17275]: webmaster at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "webmaster" is incorrect.
Mar 17 04:21:13 www in.qpopper[17276]: data at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "data" is incorrect.
Mar 17 04:21:13 www in.qpopper[17277]: sybase at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "sybase" is incorrect.
Mar 17 04:21:14 www in.qpopper[17278]: oracle at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "oracle" is incorrect.
Mar 17 04:21:16 www in.qpopper[17283]: access at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "access" is incorrect.
Mar 17 04:21:16 www in.qpopper[17284]: sybase at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "sybase" is incorrect.
Mar 17 04:21:18 www in.qpopper[17286]: test at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "test" is incorrect.
Mar 17 04:21:20 www in.qpopper[17288]: access at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "access" is incorrect.
Mar 17 04:21:20 www in.qpopper[17291]: user at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "user" is incorrect.
Mar 17 04:21:20 www in.qpopper[17290]: account at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "account" is incorrect.
Mar 17 04:21:20 www in.qpopper[17292]: user at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "user" is incorrect.
Mar 17 04:21:20 www in.qpopper[17293]: account at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "account" is incorrect.
Mar 17 04:21:20 www in.qpopper[17289]: user at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "user" is incorrect.
Mar 17 04:21:20 www in.qpopper[17294]: webmaster at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "webmaster" is incorrect.
Mar 17 04:21:20 www in.qpopper[17295]: web at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "web" is incorrect.
Mar 17 04:21:21 www in.qpopper[17296]: backup at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "backup" is incorrect.
Mar 17 04:21:21 www in.qpopper[17297]: oracle at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "oracle" is incorrect.
Mar 17 04:21:21 www in.qpopper[17298]: data at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "data" is incorrect.
Mar 17 04:21:21 www in.qpopper[17299]: web at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "web" is incorrect.
Mar 17 04:21:21 www in.qpopper[17300]: backup at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "backup" is incorrect.
Mar 17 04:21:22 www in.qpopper[17302]: webmaster at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "webmaster" is incorrect.
Mar 17 04:21:23 www in.qpopper[17303]: data at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "data" is incorrect.

Looks like a brute force username/password attack. You of course should block the IP and notify their ISP.

You probably won't be able to take it further, since it's an italian IP address.

If it's still going on, you could always set up a honeypot in an attempt to gather more information.

LOL, I had to chuckle a bit as I read this one. By profession, I'm a relational DBA. Seeing people trying to log in as "sybase" and "oracle" is pretty funny to me. It's pretty unlikey that most web hosts would have Sybase or Oracle installed on a box.

Frank