Web server down for a few minutes yesterday around 10:45. Found several attacks on mail and web server. The attacks came from a Windows Remote Desktop Server in Bulgaria with no other ports open.
It is likely the Bulgarian server was compromised and the culprit could have been anywhere. There is a black market in compromised IPs (Internet Protocol addresses) which can be bought for a few pennies each.
After a restart of the web server, the attacker disappeared and normal service resumed.