Dziwne logi

.net · Wrzesień 3, 2009

Witajcie,

są to moje początki z serwerem VPS i mam problemy, mianowicie do moich logów doszły dziwne wpisy.

Dziś około 5 rano odczytałem dziwne logi, czy mógłby ktoś pomoc mi w ich analizie?

Sep 3 00:37:23 nedbudge su[32291]: (pam_unix) session opened for user nobody by (uid=0)
Sep 3 00:39:02 nedbudge CRON[11879]: (pam_unix) session opened for user root by (uid=0)

Sep 3 00:39:20 nedbudge CRON[11879]: (pam_unix) session closed for user root

Sep 3 00:39:20 nedbudge /USR/SBIN/CRON[11880]: (root) CMD ( [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm)

Sep 3 00:40:50 nedbudge su[32291]: (pam_unix) session closed for user nobody

Sep 3 00:40:58 nedbudge CRON[27966]: (pam_unix) session closed for user root

Sep 3 00:40:58 nedbudge syslogd 1.4.1#18: restart.

Sep 3 00:46:46 nedbudge postfix/smtpd[16341]: warning: cannot get certificate from file /etc/postfix/ssl/smtpd.crt

Sep 3 00:46:46 nedbudge postfix/smtpd[16341]: warning: TLS library problem: 16341:error:02001002:system library:fopen:No such file or directory:bss_file.c:352:fopen('/etc/postfix/ssl/smtpd.crt','r'):

Sep 3 00:46:46 nedbudge postfix/smtpd[16341]: warning: TLS library problem: 16341:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:354:

Sep 3 00:46:46 nedbudge postfix/smtpd[16341]: warning: TLS library problem: 16341:error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib:ssl_rsa.c:720:

Sep 3 00:46:46 nedbudge postfix/smtpd[16341]: cannot load RSA certificate and key data

Sep 3 00:46:46 nedbudge postfix/smtpd[16341]: connect from 118-169-194-143.dynamic.hinet.net[118.169.194.143]

Sep 3 00:46:47 nedbudge postfix/smtpd[16341]: NOQUEUE: reject: RCPT from 118-169-194-143.dynamic.hinet.net[118.169.194.143]: 554 5.7.1 <candy59839@yahoo.com.tw>: Relay access denied; from=<michael78694@MyMainServer.com> to=<candy59839@yahoo.com.tw> proto=SMTP helo=<www.MyMainServer.com>

Sep 3 00:46:47 nedbudge postfix/smtpd[16341]: lost connection after RCPT from 118-169-194-143.dynamic.hinet.net[118.169.194.143]

Sep 3 00:46:47 nedbudge postfix/smtpd[16341]: disconnect from 118-169-194-143.dynamic.hinet.net[118.169.194.143]

Sep 3 00:50:07 nedbudge postfix/anvil[16344]: statistics: max connection rate 1/60s for (smtp:118.169.194.143) at Sep 3 00:46:46

Sep 3 00:50:07 nedbudge postfix/anvil[16344]: statistics: max connection count 1 for (smtp:118.169.194.143) at Sep 3 00:46:46

Sep 3 00:50:07 nedbudge postfix/anvil[16344]: statistics: max cache size 1 at Sep 3 00:46:46

Sep 3 01:06:01 nedbudge CRON[28065]: (pam_unix) session opened for user root by (uid=0)

Sep 3 01:06:01 nedbudge CRON[28065]: (pam_unix) session closed for user root

Sep 3 01:06:01 nedbudge /USR/SBIN/CRON[28106]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)

Sep 3 01:09:01 nedbudge CRON[9618]: (pam_unix) session opened for user root by (uid=0)

Sep 3 01:09:43 nedbudge CRON[9618]: (pam_unix) session closed for user root

Sep 3 01:09:43 nedbudge /USR/SBIN/CRON[9622]: (root) CMD ( [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm)

Sep 3 01:37:43 nedbudge -- MARK --

Sep 3 01:39:01 nedbudge CRON[1937]: (pam_unix) session opened for user root by (uid=0)

Sep 3 01:39:02 nedbudge CRON[1937]: (pam_unix) session closed for user root

Sep 3 01:39:02 nedbudge /USR/SBIN/CRON[1938]: (root) CMD ( [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm)

Sep 3 01:57:43 nedbudge -- MARK --

Sep 3 02:06:01 nedbudge CRON[9584]: (pam_unix) session opened for user root by (uid=0)

Sep 3 02:06:01 nedbudge CRON[9584]: (pam_unix) session closed for user root

Sep 3 02:06:01 nedbudge /USR/SBIN/CRON[9586]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)

Sep 3 02:09:01 nedbudge CRON[20159]: (pam_unix) session opened for user root by (uid=0)

Sep 3 02:09:01 nedbudge CRON[20159]: (pam_unix) session closed for user root

Sep 3 02:09:01 nedbudge /USR/SBIN/CRON[20162]: (root) CMD ( [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm)

Sep 3 02:37:43 nedbudge -- MARK --

Sep 3 02:39:01 nedbudge CRON[30377]: (pam_unix) session opened for user root by (uid=0)

Sep 3 02:39:03 nedbudge CRON[30377]: (pam_unix) session closed for user root

Sep 3 02:39:03 nedbudge /USR/SBIN/CRON[30379]: (root) CMD ( [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm)

Sep 3 02:57:44 nedbudge -- MARK --

Sep 3 03:06:01 nedbudge CRON[5561]: (pam_unix) session opened for user root by (uid=0)

Sep 3 03:06:01 nedbudge CRON[5561]: (pam_unix) session closed for user root

Sep 3 03:06:01 nedbudge /USR/SBIN/CRON[5564]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)

Sep 3 03:09:02 nedbudge CRON[19521]: (pam_unix) session opened for user root by (uid=0)

Sep 3 03:09:03 nedbudge CRON[19521]: (pam_unix) session closed for user root

Sep 3 03:09:03 nedbudge /USR/SBIN/CRON[19522]: (root) CMD ( [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm)

Sep 3 03:37:44 nedbudge -- MARK --

Sep 3 03:39:01 nedbudge CRON[5552]: (pam_unix) session opened for user root by (uid=0)

Sep 3 03:39:02 nedbudge /USR/SBIN/CRON[7541]: (root) CMD ( [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm)

Sep 3 03:39:03 nedbudge CRON[5552]: (pam_unix) session closed for user root

Sep 3 03:57:44 nedbudge -- MARK --

Sep 3 04:06:03 nedbudge CRON[13669]: (pam_unix) session opened for user root by (uid=0)

Sep 3 04:06:05 nedbudge CRON[13669]: (pam_unix) session closed for user root

Sep 3 04:06:05 nedbudge /USR/SBIN/CRON[16106]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)

Sep 3 04:09:02 nedbudge CRON[26210]: (pam_unix) session opened for user root by (uid=0)

Sep 3 04:09:10 nedbudge /USR/SBIN/CRON[26493]: (root) CMD ( [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm)

Sep 3 04:09:11 nedbudge CRON[26210]: (pam_unix) session closed for user root

Sep 3 04:37:50 nedbudge -- MARK --

Sep 3 04:39:12 nedbudge CRON[13901]: (pam_unix) session opened for user root by (uid=0)

Sep 3 04:39:24 nedbudge CRON[13901]: (pam_unix) session closed for user root

Sep 3 04:39:24 nedbudge /USR/SBIN/CRON[17519]: (root) CMD ( [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm)

Sep 3 04:57:54 nedbudge -- MARK --

Sep 3 05:02:06 nedbudge CRON[17843]: (pam_unix) session opened for user logcheck by (uid=0)

Sep 3 05:02:14 nedbudge /USR/SBIN/CRON[19646]: (logcheck) CMD ( if [ -x /usr/sbin/logcheck ]; then nice -n10 /usr/sbin/logcheck; fi)

Z tego co mi sie wydaję ktos chciał wbic postfix/smtpd, bądź nawet i wbił, jakieś dziwny restart logchecka czego wczesniej nie było.

Sep 3 06:48:26 nedbudge postfix/smtpd[5132]: cannot load RSA certificate and key data
Sep 3 06:48:26 nedbudge postfix/smtpd[4070]: warning: 219.91.116.99: hostname NK219-91-116-99.adsl.dynamic.apol.com.tw verification failed: Name or service not known

Sep 3 06:48:26 nedbudge postfix/smtpd[4070]: connect from unknown[219.91.116.99]

Sep 3 06:48:26 nedbudge postfix/smtpd[5132]: warning: 219.91.116.99: hostname NK219-91-116-99.adsl.dynamic.apol.com.tw verification failed: Name or service not known

Sep 3 06:48:26 nedbudge postfix/smtpd[5132]: connect from unknown[219.91.116.99]

Sep 3 06:48:26 nedbudge postfix/smtpd[5132]: lost connection after CONNECT from unknown[219.91.116.99]

Sep 3 06:48:26 nedbudge postfix/smtpd[5132]: disconnect from unknown[219.91.116.99]

Sep 3 06:48:26 nedbudge postfix/smtpd[4070]: lost connection after CONNECT from unknown[219.91.116.99]

Sep 3 06:48:26 nedbudge postfix/smtpd[4070]: disconnect from unknown[219.91.116.99]

Sep 3 06:51:46 nedbudge postfix/anvil[5134]: statistics: max connection rate 2/60s for (smtp:219.91.116.99) at Sep 3 06:48:26

Sep 3 06:51:46 nedbudge postfix/anvil[5134]: statistics: max connection count 1 for (smtp:219.91.116.99) at Sep 3 06:48:26

Sep 3 06:51:46 nedbudge postfix/anvil[5134]: statistics: max cache size 1 at Sep 3 06:48:26

Sep 3 07:06:01 nedbudge CRON[31943]: (pam_unix) session opened for user root by (uid=0)

Sep 3 07:06:01 nedbudge CRON[31943]: (pam_unix) session closed for user root

Sep 3 07:06:01 nedbudge /USR/SBIN/CRON[31944]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)

Sep 3 07:09:01 nedbudge CRON[11523]: (pam_unix) session opened for user root by (uid=0)

Sep 3 07:09:01 nedbudge CRON[11523]: (pam_unix) session closed for user root

Sep 3 07:09:01 nedbudge /USR/SBIN/CRON[11524]: (root) CMD ( [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm)

Sep 3 07:37:55 nedbudge -- MARK --

Sep 3 07:39:01 nedbudge CRON[28291]: (pam_unix) session opened for user root by (uid=0)

Sep 3 07:39:01 nedbudge CRON[28291]: (pam_unix) session closed for user root

Sep 3 07:39:01 nedbudge /USR/SBIN/CRON[28293]: (root) CMD ( [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm)

Sep 3 07:57:55 nedbudge -- MARK --

Sep 3 08:06:01 nedbudge CRON[29947]: (pam_unix) session opened for user root by (uid=0)

Sep 3 08:06:01 nedbudge CRON[29947]: (pam_unix) session closed for user root

Sep 3 08:06:01 nedbudge /USR/SBIN/CRON[29954]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)

Sep 3 08:09:01 nedbudge CRON[9631]: (pam_unix) session opened for user root by (uid=0)

Sep 3 08:09:01 nedbudge CRON[9631]: (pam_unix) session closed for user root

Sep 3 08:09:01 nedbudge /USR/SBIN/CRON[9633]: (root) CMD ( [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm)

Sep 3 08:37:55 nedbudge -- MARK --

Sep 3 08:39:01 nedbudge CRON[29997]: (pam_unix) session opened for user root by (uid=0)

Sep 3 08:39:02 nedbudge CRON[29997]: (pam_unix) session closed for user root

Sep 3 08:39:02 nedbudge /USR/SBIN/CRON[29998]: (root) CMD ( [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm)

Sep 3 08:57:55 nedbudge -- MARK --

Sep 3 09:06:01 nedbudge CRON[3975]: (pam_unix) session opened for user root by (uid=0)

Sep 3 09:06:01 nedbudge CRON[3975]: (pam_unix) session closed for user root

Sep 3 09:06:01 nedbudge /USR/SBIN/CRON[3977]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)

Sep 3 09:09:01 nedbudge CRON[16137]: (pam_unix) session opened for user root by (uid=0)

Sep 3 09:09:11 nedbudge CRON[16137]: (pam_unix) session closed for user root

Sep 3 09:09:11 nedbudge /USR/SBIN/CRON[16287]: (root) CMD ( [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm)

Sep 3 09:37:55 nedbudge -- MARK --

Sep 3 09:39:01 nedbudge CRON[11497]: (pam_unix) session opened for user root by (uid=0)

Sep 3 09:39:03 nedbudge CRON[11497]: (pam_unix) session closed for user root

Sep 3 09:39:03 nedbudge /USR/SBIN/CRON[11501]: (root) CMD ( [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm)

Sep 3 09:57:55 nedbudge -- MARK --

Sep 3 10:02:01 nedbudge CRON[7472]: (pam_unix) session opened for user logcheck by (uid=0)

Sep 3 10:02:02 nedbudge /USR/SBIN/CRON[7474]: (logcheck) CMD ( if [ -x /usr/sbin/logcheck ]; then nice -n10 /usr/sbin/logcheck; fi)

Kolejny log moim zdaniem podejrzany...

Czy mógłby ktoś mi to wyjaśnić, czy znów będzie że 'lamusą' się nie pomaga tylko tym co już mają jakąś wiedze.

Z góry przepraszam za wszelkie błędy ort.

Pozdrawiam Konrad

Zaloguj się

Dziwne logi

Polecane posty

.net 0

Udostępnij ten post

Link to postu

Udostępnij na innych stronach

Bądź aktywny! Zaloguj się lub utwórz konto

Utwórz konto

Zaloguj się

Przeglądaj

Aktywność