Cron <root@linode01> /root/bin/send_stats.sh
by Cron Daemon
Sending logs to a host far far away
Processing logfile /var/log/httpd/access_log-20131231.gz
Pseudo-terminal will not be allocated because stdin is not a terminal.
Address 31.15.26.3 maps to lists.ovirt.org, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Last failed login: Wed Jan 1 19:54:22 UTC 2014 from 66.197.211.18 on ssh:notty
There were 289 failed login attempts since the last successful login.
Address 31.15.26.3 maps to lists.ovirt.org, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
/var/log/httpd/access_log-20131231.gz sent to stats.ovirt.org:/var/log/awstats/linode01.ovirt.org/
Processing logfile /var/log/httpd/lists.ovirt.org-access_log-20131231.gz
Pseudo-terminal will not be allocated because stdin is not a terminal.
Address 31.15.26.3 maps to lists.ovirt.org, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Last failed login: Wed Jan 1 19:54:22 UTC 2014 from 66.197.211.18 on ssh:notty
There were 289 failed login attempts since the last successful login.
Address 31.15.26.3 maps to lists.ovirt.org, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
/var/log/httpd/lists.ovirt.org-access_log-20131231.gz sent to stats.ovirt.org:/var/log/awstats/lists.ovirt.org/
Processing logfile /var/log/httpd/resources.ovirt.org-access_log-20131231.gz
Pseudo-terminal will not be allocated because stdin is not a terminal.
Address 31.15.26.3 maps to lists.ovirt.org, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Last failed login: Wed Jan 1 19:54:22 UTC 2014 from 66.197.211.18 on ssh:notty
There were 289 failed login attempts since the last successful login.
Address 31.15.26.3 maps to lists.ovirt.org, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
/var/log/httpd/resources.ovirt.org-access_log-20131231.gz sent to stats.ovirt.org:/var/log/awstats/resources.ovirt.org/
And they lived happily ever after
10 years, 10 months
Logwatch for linode01.ovirt.org (Linux)
by logwatch@lists.ovirt.org
################### Logwatch 7.3.6 (05/19/07) ####################
Processing Initiated: Wed Jan 1 03:20:36 2014
Date Range Processed: yesterday
( 2013-Dec-31 )
Period is day.
Detail Level of Output: 0
Type of Output: unformatted
Logfiles for Host: linode01.ovirt.org
##################################################################
--------------------- httpd Begin ------------------------
A total of 1 sites probed the server
209.188.21.22
A total of 3 possible successful probes were detected (the following URLs
contain strings that match one or more of a listing of strings that
indicate a possible exploit):
/user.php?caselist[bad_file.txt][path]=http://www.google.com/humans.txt?&command=cat%20/etc/passwd HTTP Response 302
/sid=XXXXXXXXXXXXXXXXXXXXXXXXXXXX&shopid=http://www.google.com/humans.txt? HTTP Response 302
/gepi/gestion/savebackup.php?filename=http://www.google.com/humans.txt?&cmd=cat/etc/passwd HTTP Response 302
Requests with error response codes
403 Forbidden
/wordpress/wp-admin/: 4 Time(s)
404 Not Found
/%09Drupal%0986000%090: 1 Time(s)
/admin.php: 3 Time(s)
/admin/: 3 Time(s)
/admin/banner_manager.php/login.php: 2 Time(s)
/admin/board: 5 Time(s)
/admin/categories.php/login.php: 2 Time(s)
/admin/file_manager.php/login.php: 2 Time(s)
/admin/login.php: 3 Time(s)
/administrator/index.php: 6 Time(s)
/bitrix/admin/index.php?lang=en: 3 Time(s)
/blog/wp-admin/: 3 Time(s)
/board: 10 Time(s)
/browserconfig.xml: 2 Time(s)
/category/news/feed: 2 Time(s)
/category/news/feed/: 21 Time(s)
/favicon.ico: 283 Time(s)
/index.php?action=register: 1 Time(s)
/listinfo/board: 5 Time(s)
/mailman/user/register: 1 Time(s)
/news-and-events/workshop/: 1 Time(s)
/pipermail/engine-commits/2013-August/008705.html': 1 Time(s)
/pipermail/index.php?act=Reg&CODE=00: 3 Time(s)
/pipermail/index.php?app=core&module=global§ion=register: 3 Time(s)
/pipermail/infra-private/2013-May/000000.html: 1 Time(s)
/pipermail/infra/2012-September/admin/bann ... r.php/login.php: 2 Time(s)
/pipermail/infra/2012-September/admin/cate ... s.php/login.php: 2 Time(s)
/pipermail/infra/2012-September/admin/file ... r.php/login.php: 2 Time(s)
/pipermail/infra/2012-november: 1 Time(s)
/pipermail/infra/2012-november/001404.html: 1 Time(s)
/pipermail/infra/2013-March/002483.html+%3 ... n+~tool&ct=clnk: 1 Time(s)
/pipermail/infra/2013-March/002483.html+ac ... 4+~tool&ct=clnk: 1 Time(s)
/pipermail/infra/2013-May/003154.html/: 1 Time(s)
/pipermail/infra/2013-May/wp-content/plugi ... xfileupload.php: 2 Time(s)
/pipermail/infra/admin/banner_manager.php/login.php: 2 Time(s)
/pipermail/infra/admin/categories.php/login.php: 2 Time(s)
/pipermail/infra/admin/file_manager.php/login.php: 2 Time(s)
/pipermail/node-devel/2013-may/000418.html: 1 Time(s)
/pipermail/patches: 1 Time(s)
/pipermail/users/2012-Febr: 1 Time(s)
/pipermail/users/2012-august/009044.html: 1 Time(s)
/pipermail/users/2013-february/: 3 Time(s)
/pipermail/users/2013-january/011887.html: 1 Time(s)
/pipermail/users/2013-june/014893.html: 1 Time(s)
/pipermail/users/2013-october/017451.html: 1 Time(s)
/releases/3.2/rpm/EL/$releasever/: 1 Time(s)
/releases/3.2/src/%25: 1 Time(s)
/releases/3.3.2/rpm/EL/$releasever/: 1 Time(s)
/releases/3.3.2/rpm/EL/19/repodata/repomd.xml: 39 Time(s)
/releases/3.3.2/rpm/Fedora/17/repodata/repomd.xml: 5 Time(s)
/releases/3.3.2/rpm/Fedora/18/repodata/repomd.xml: 14 Time(s)
/releases/3.3.2/rpm/Fedora/19/noarch/ovirt ... fc19.noarch.rpm: 1 Time(s)
/releases/3.3.2/rpm/Fedora/19/ovirt-log-co ... fc19.noarch.rpm: 1 Time(s)
/releases/3.3.2/rpm/Fedora/20: 1 Time(s)
/releases/3.3.2/rpm/Fedora/20/: 2 Time(s)
/releases/3.3.2/rpm/Fedora/20/repodata/repomd.xml: 176 Time(s)
/releases/3.3.3/: 1 Time(s)
/releases/administrator/index.php: 1 Time(s)
/releases/alpha/rpm/Fedora/20/repodata/repomd.xml: 51 Time(s)
/releases/beta/fedora/$releasever/: 1 Time(s)
/releases/beta/fedora/17: 1 Time(s)
/releases/beta/rpm/Fedora/18/n: 1 Time(s)
/releases/beta/rpm/Fedora/18/repodata/repomd.xml: 5 Time(s)
/releases/beta/rpm/Fedora/20/repodata/repomd.xml: 62 Time(s)
/releases/beta/rpm/Fedora/6Server/repodata/repomd.xml: 2 Time(s)
/releases/nightly/RHEL/6/repodata/repomd.xml: 2 Time(s)
/releases/nightly/fedora/16/: 1 Time(s)
/releases/nightly/fedora/16/ovirt-engine-c ... fc16.noarch.rpm: 1 Time(s)
/releases/nightly/fedora/16/repodata/repomd.xml: 215 Time(s)
/releases/nightly/fedora/17: 1 Time(s)
/releases/nightly/rpm/EL/19/repodata/repomd.xml: 9 Time(s)
/releases/nightly/rpm/EL/6/noarch/otopi-de ... .el6.noarch.rpm: 1 Time(s)
/releases/nightly/rpm/EL/6/noarch/ovirt-en ... .el6.noarch.rpm: 19 Time(s)
/releases/nightly/rpm/EL/6/noarch/ovirt-ho ... .el6.noarch.rpm: 1 Time(s)
/releases/nightly/rpm/EL/6/noarch/vdsm-boo ... .el6.noarch.rpm: 1 Time(s)
/releases/nightly/rpm/EL/6/noarch/vdsm-glu ... .el6.noarch.rpm: 2 Time(s)
/releases/nightly/rpm/EL/6/noarch/vdsm-hoo ... .el6.noarch.rpm: 22 Time(s)
/releases/nightly/rpm/EL/6/noarch/vdsm-jso ... .el6.noarch.rpm: 1 Time(s)
/releases/nightly/rpm/EL/6/noarch/vdsm-tes ... .el6.noarch.rpm: 1 Time(s)
/releases/nightly/rpm/EL/6/noarch/vdsm-xml ... .el6.noarch.rpm: 1 Time(s)
/releases/nightly/rpm/EL/6/noarch/vdsm-yaj ... .el6.noarch.rpm: 1 Time(s)
/releases/nightly/rpm/EL/6/x86_64/vdsm-deb ... .el6.x86_64.rpm: 1 Time(s)
/releases/nightly/rpm/EL/6Server/SRPMS/ovi ... 7dd.el6.src.rpm: 1 Time(s)
/releases/nightly/rpm/EL/6Server/SRPMS/ovi ... 9d8.el6.src.rpm: 1 Time(s)
/releases/nightly/rpm/EL/6Server/SRPMS/ovi ... c3a.el6.src.rpm: 1 Time(s)
/releases/nightly/rpm/EL/6Server/noarch/ot ... .el6.noarch.rpm: 3 Time(s)
/releases/nightly/rpm/EL/6Server/noarch/ov ... .el6.noarch.rpm: 4 Time(s)
/releases/nightly/rpm/EL/6Server/repodata/ ... ilelists.xml.gz: 1 Time(s)
/releases/nightly/rpm/EL/6Server/repodata/ ... ther.sqlite.bz2: 1 Time(s)
/releases/nightly/rpm/Fedora/17/repodata/repomd.xml: 2 Time(s)
/releases/nightly/rpm/Fedora/18/n: 1 Time(s)
/releases/nightly/rpm/Fedora/18/noarch/ovi ... fc18.noarch.rpm: 3 Time(s)
/releases/nightly/rpm/Fedora/18/noarch/vds ... fc18.noarch.rpm: 5 Time(s)
/releases/nightly/rpm/Fedora/19/SRPMS/ovir ... ce.fc19.src.rpm: 1 Time(s)
/releases/nightly/rpm/Fedora/19/noarch/mom ... fc19.noarch.rpm: 2 Time(s)
/releases/nightly/rpm/Fedora/19/noarch/ovi ... fc19.noarch.rpm: 2 Time(s)
/releases/nightly/rpm/Fedora/19/noarch/vds ... fc19.noarch.rpm: 1 Time(s)
/releases/nightly/rpm/Fedora/19/repodata/0 ... ther.sqlite.bz2: 6 Time(s)
/releases/nightly/rpm/Fedora/19/repodata/5 ... ists.sqlite.bz2: 1 Time(s)
/releases/nightly/rpm/Fedora/19/repodata/7 ... ther.sqlite.bz2: 6 Time(s)
/releases/nightly/rpm/Fedora/19/repodata/9 ... ther.sqlite.bz2: 15 Time(s)
/releases/nightly/rpm/Fedora/20/SRPMS/otop ... a5.fc20.src.rpm: 1 Time(s)
/releases/nightly/rpm/Fedora/20/SRPMS/ovir ... 45.fc20.src.rpm: 1 Time(s)
/releases/nightly/rpm/Fedora/20/SRPMS/ovir ... f4.fc20.src.rpm: 1 Time(s)
/releases/nightly/rpm/Fedora/20/SRPMS/ovir ... f7.fc20.src.rpm: 1 Time(s)
/releases/nightly/rpm/Fedora/20/noarch/oto ... fc20.noarch.rpm: 1 Time(s)
/releases/nightly/rpm/Fedora/20/noarch/ovi ... fc20.noarch.rpm: 14 Time(s)
/releases/nightly/rpm/Fedora/20/noarch/vds ... fc20.noarch.rpm: 23 Time(s)
/releases/nightly/rpm/Fedora/20/repodata/b ... ilelists.xml.gz: 1 Time(s)
/releases/nightly/rpm/Fedora/20/x86_64/vds ... fc20.x86_64.rpm: 3 Time(s)
/releases/nightly/rpm/el/19/repodata/repomd.xml: 1 Time(s)
/releases/nightly/rpm/el/6/repodata/507f60 ... ists.sqlite.bz2: 2 Time(s)
/releases/nightly/rpm/el/6/repodata/repomd.xml: 13 Time(s)
/releases/ovirt-3.2-snapshot/iso/: 1 Time(s)
/releases/ovirt-3.2-snapshot/rpm/: 1 Time(s)
/releases/ovirt-3.2-snapshot/src/: 1 Time(s)
/releases/ovirt-3.2-snapshot/tools/: 1 Time(s)
/releases/ovirt-release-@distro@.noarch.rpm: 3 Time(s)
/releases/ovirt-release-Fedora20.noarch.rpm: 1 Time(s)
/releases/ovirt-release-el6-8-1.noarch.rpm: 2 Time(s)
/releases/ovirt-release-f19.noarch.rpm: 1 Time(s)
/releases/ovirt-release-fc19.noarch.rpm: 1 Time(s)
/releases/stable/binary/: 8 Time(s)
/releases/stable/binary/md5sum: 1 Time(s)
/releases/stable/fedora/: 2 Time(s)
/releases/stable/fedora/16/: 1 Time(s)
/releases/stable/fedora/16/repodata/filelists.xml.gz: 24 Time(s)
/releases/stable/fedora/16/repodata/repomd.xml: 237 Time(s)
/releases/stable/rpm/EL/19/repodata/repomd.xml: 47 Time(s)
/releases/stable/rpm/EL/6.2/repodata/repomd.xml: 4 Time(s)
/releases/stable/rpm/EL/6.3/repodata/repomd.xml: 2 Time(s)
/releases/stable/rpm/EL/6/images/pxeboot/: 1 Time(s)
/releases/stable/rpm/EL/6Workstation/repodata/repomd.xml: 2 Time(s)
/releases/stable/rpm/EL6/6/repodata/repomd.xml: 8 Time(s)
/releases/stable/rpm/Fedora//repodata/repomd.xml: 1 Time(s)
/releases/stable/rpm/Fedora/15/repodata/repomd.xml: 4 Time(s)
/releases/stable/rpm/Fedora/16/repodata/repomd.xml: 15 Time(s)
/releases/stable/rpm/Fedora/18/n: 1 Time(s)
/releases/stable/rpm/Fedora/19/noarch/ovir ... fc19.noarch.rpm: 1 Time(s)
/releases/stable/rpm/Fedora/20/repodata/repomd.xml: 396 Time(s)
/releases/stable/rpm/Fedora/repodata/repomd.xml: 8 Time(s)
/releases/stable/src/ovirt-log-collector-%25: 1 Time(s)
/releases/stable/src/ovirt-node-2.2.2.tar.gz: 1 Time(s)
/releases/updates-testing/rpm/EL/6Server/r ... -primary.xml.gz: 1 Time(s)
/releases/updates-testing/rpm/EL/6Server/r ... ilelists.xml.gz: 1 Time(s)
/releases/updates-testing/rpm/EL/6Server/r ... ists.sqlite.bz2: 1 Time(s)
/releases/updates-testing/rpm/EL/6Server/r ... ther.sqlite.bz2: 1 Time(s)
/releases/updates-testing/rpm/Fedora/19/re ... -primary.xml.gz: 1 Time(s)
/releases/updates-testing/rpm/Fedora/19/re ... ilelists.xml.gz: 1 Time(s)
/releases/updates-testing/rpm/Fedora/20/repodata/repomd.xml: 51 Time(s)
/releases/wp-login.php: 1 Time(s)
/robots.txt: 69 Time(s)
/user/: 3 Time(s)
/wp-admin/: 2 Time(s)
/wp-content/plugins/mm-forms-community/inc ... xfileupload.php: 2 Time(s)
/wp-login.php: 6 Time(s)
/wp-login.php?action=register: 3 Time(s)
/wp/wp-admin/: 3 Time(s)
416 Request Range Not Satisfiable
/releases/nightly/rpm/Fedora/18/noarch/ovi ... fc18.noarch.rpm: 1 Time(s)
/releases/stable/rpm/EL/6.5/noarch/ovirt-r ... 10-1.noarch.rpm: 1 Time(s)
/releases/stable/rpm/Fedora/18/noarch/ovir ... fc18.noarch.rpm: 3 Time(s)
---------------------- httpd End -------------------------
--------------------- Kernel Begin ------------------------
WARNING: Kernel Errors Present
[<c011f140>] ? mm_fault_error+0xe0/0xe0 ...: 2 Time(s)
[<c06903c6>] ? error_code+0x5a/0x60 ...: 1 Time(s)
---------------------- Kernel End -------------------------
--------------------- pam_unix Begin ------------------------
su-l:
Sessions Opened:
root -> root: 4 Time(s)
---------------------- pam_unix End -------------------------
--------------------- Postfix Begin ------------------------
2 *Warning: Queue file size limit exceeded
3 *Warning: Pre-queue content-filter connection overload
37.869M Bytes accepted 39,708,397
2.259G Bytes delivered 2,425,829,813
======== ================================================
1834 Accepted 99.95%
1 Rejected 0.05%
-------- ------------------------------------------------
1835 Total 100.00%
======== ================================================
1 Reject unknown user 100.00%
-------- ------------------------------------------------
1 Total Rejects 100.00%
======== ================================================
1139 Connections made
1 Connections lost
1139 Disconnections
1830 Removed from queue
684 Delivered
33855 Sent via SMTP
9 Forwarded
22 Deferred
155 Deferrals
1 Bounce (local)
156 Bounce (remote)
3 Expired and returned to sender
13 DSNs undeliverable
268 Connection failure (outbound)
7 Timeout (inbound)
28 Hostname verification errors
341 Enabled PIX workaround
---------------------- Postfix End -------------------------
--------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------
Large Mailbox threshold: 40MB (41943040 bytes)
Warning: Large mailbox: jenkins (45726565)
---------------------- sendmail-largeboxes (large mail spool files) End -------------------------
--------------------- SSHD Begin ------------------------
Users logging in through sshd:
dcaro:
83.46.175.251 (251.Red-83-46-175.dynamicIP.rima-tde.net): 2 times
gerrit-backup:
107.22.212.69 (gerrit.ovirt.org): 2 times
jenkins:
66.187.237.11 (nat-pool-tlv-u1.redhat.com): 1 time
knesenko:
66.187.237.11 (nat-pool-tlv-u1.redhat.com): 7 times
Received disconnect:
11: Goodbye : 1 Time(s)
11: disconnected by user : 8 Time(s)
SFTP subsystem requests: 1 Time(s)
**Unmatched Entries**
reverse mapping checking getaddrinfo for dsl-189-146-52-112-dyn.prod-infinitum.com.mx [189.146.52.112] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
---------------------- SSHD End -------------------------
--------------------- Sudo (secure-log) Begin ------------------------
==============================================================================
knesenko => root
----------------
/bin/bash - 15 Times.
/bin/rm - 1 Times.
/bin/su - 4 Times.
==============================================================================
root => root
------------
/bin/rm - 1 Times.
---------------------- Sudo (secure-log) End -------------------------
--------------------- Disk Space Begin ------------------------
Filesystem Size Used Avail Use% Mounted on
/dev/xvda 59G 52G 7.5G 88% /
---------------------- Disk Space End -------------------------
###################### Logwatch End #########################
10 years, 10 months