################### Logwatch 7.3.6 (05/19/07) #################### Processing Initiated: Thu Jan 30 03:23:42 2014 Date Range Processed: yesterday ( 2014-Jan-29 ) Period is day. Detail Level of Output: 0 Type of Output: unformatted Logfiles for Host: linode01.ovirt.org ################################################################## --------------------- httpd Begin ------------------------ A total of 1 sites probed the server 213.192.60.19 Requests with error response codes 400 Bad Request /mailman/listinfo/users/../../admin/users/ ... ../../listinfo/: 1 Time(s) /mailman/listinfo/users/../../admin/users/ ... ../admin/users/: 1 Time(s) /mailman/listinfo/users/../../admin/users/ ... listinfo/users/: 1 Time(s) /mailman/listinfo/users/../../listinfo/../ ... /listinfo/arch/: 1 Time(s) /mailman/listinfo/users/../../listinfo/../ ... /listinfo/bugs/: 1 Time(s) /mailman/listinfo/users/../../listinfo/../ ... engine-commits/: 1 Time(s) /mailman/listinfo/users/../../listinfo/../ ... engine-patches/: 1 Time(s) /mailman/listinfo/users/../../listinfo/../ ... listinfo/board/: 1 Time(s) /mailman/listinfo/users/../../listinfo/../ ... listinfo/infra/: 1 Time(s) /mailman/listinfo/users/../../listinfo/../ ... nfo/automation/: 1 Time(s) /mailman/listinfo/users/../../listinfo/../ ... o/engine-devel/: 1 Time(s) /mailman/listinfo/users/../../listinfo/../ ... tinfo/announce/: 1 Time(s) /mailman/listinfo/users/../../listinfo/../../../../../admin/: 1 Time(s) /mailman/listinfo/users/../../listinfo/use ... ../../listinfo/: 1 Time(s) /mailman/listinfo/users/../../listinfo/use ... ../admin/users/: 1 Time(s) /mailman/listinfo/users/../../listinfo/use ... listinfo/users/: 1 Time(s) 403 Forbidden /wordpress/wp-admin/: 1 Time(s) 404 Not Found /**mailman/listinfo/users%3Chttp://lists.o ... /listinfo/users: 1 Time(s) //admin/categories.php/login.php?cPath=&ac ... product_preview: 14 Time(s) //administrator/components/com_maianmedia/ ... p?name=itil.php: 1 Time(s) //images/stories/localhosts.php?cmd=wget%2 ... %20-fr%20canz.*: 2 Time(s) //images/stories/localhosts.php?cmd=wget%2 ... -fr%20robot.txt: 2 Time(s) /6.4/: 4 Time(s) /6/: 28 Time(s) /__**mailman/listinfo/users%3Chttp://lists ... /listinfo/users: 1 Time(s) /admin.php: 2 Time(s) /admin/: 2 Time(s) /admin/banner_manager.php/login.php: 1 Time(s) /admin/board: 1 Time(s) /admin/categories.php/login.php: 1 Time(s) /admin/categories.php/login.php?cPath=&act ... product_preview: 1 Time(s) /admin/file_manager.php/login.php: 1 Time(s) /admin/login.php: 2 Time(s) /administrator/index.php: 2 Time(s) /bitrix/admin/index.php?lang=en: 2 Time(s) /blog/wp-admin/: 1 Time(s) /board: 2 Time(s) /category/news/feed: 26 Time(s) /category/news/feed/: 60 Time(s) /favicon.ico: 636 Time(s) /images/stories/canz.php: 6 Time(s) /images/stories/localhosts.php?selem: 2 Time(s) /index.php?option=com_jce&task=plugin&plug ... 86d0dd595c8e20b: 2 Time(s) /index.php?option=com_jce&task=plugin&plug ... ion=1576&cid=20: 2 Time(s) /listinfo/board: 1 Time(s) /ovirt-release-el6-10.0.1-2.noarch.rpm: 1 Time(s) /pipermail: 1 Time(s) /pipermail/board/2012-April/000437.html+++ ... F0%E0%E2%EA%E8;: 1 Time(s) /pipermail/engine-devel/2011-october/000027.html: 1 Time(s) /pipermail/engine-patches/2013-April//imag ... %20-fr%20canz.*: 2 Time(s) /pipermail/engine-patches/2013-April//imag ... -fr%20robot.txt: 2 Time(s) /pipermail/engine-patches/2013-April/image ... hosts.php?selem: 2 Time(s) /pipermail/engine-patches/2013-April/images/stories/canz.php: 6 Time(s) /pipermail/engine-patches/2013-April/index ... 86d0dd595c8e20b: 2 Time(s) /pipermail/engine-patches/2013-April/index ... ion=1576&cid=20: 2 Time(s) /pipermail/infra//admin/categories.php/log ... product_preview: 14 Time(s) /pipermail/infra/2012-August//admin/catego ... product_preview: 4 Time(s) /pipermail/infra/2012-December/tiki-register.php: 1 Time(s) /pipermail/infra/2012-November/tiki-register.php: 2 Time(s) /pipermail/infra/2012-October//admin/categ ... product_preview: 2 Time(s) /pipermail/infra/2012-September/001024.htm ... product_preview: 7 Time(s) /pipermail/infra/2012-September/admin/bann ... r.php/login.php: 1 Time(s) /pipermail/infra/2012-September/admin/cate ... product_preview: 1 Time(s) /pipermail/infra/2012-September/admin/cate ... s.php/login.php: 1 Time(s) /pipermail/infra/2012-September/admin/file ... r.php/login.php: 1 Time(s) /pipermail/infra/2012-September/index.php? ... gin&type=signup: 1 Time(s) /pipermail/infra/2012-September/wikka.php?wakka=UserSettings: 1 Time(s) /pipermail/infra/2013-April//admin/categor ... product_preview: 8 Time(s) /pipermail/infra/2013-April/002518.html&am ... LE9w/xmlrpc.php: 1 Time(s) /pipermail/infra/2013-April/002518.html&am ... NVtw/xmlrpc.php: 1 Time(s) /pipermail/infra/2013-April/002518.html&am ... oFOA/xmlrpc.php: 1 Time(s) /pipermail/infra/2013-April/xmlrpc.php: 1 Time(s) /pipermail/infra/2013-February//admin/cate ... product_preview: 4 Time(s) /pipermail/infra/2013-February/002092.html ... 6ckg/xmlrpc.php: 1 Time(s) /pipermail/infra/2013-February/002092.html ... LFag/xmlrpc.php: 1 Time(s) /pipermail/infra/2013-February/002092.html ... XAGQ/xmlrpc.php: 1 Time(s) /pipermail/infra/2013-February/002166.html ... CD1Q/xmlrpc.php: 1 Time(s) /pipermail/infra/2013-February/002166.html ... LgJA/xmlrpc.php: 1 Time(s) /pipermail/infra/2013-February/xmlrpc.php: 1 Time(s) /pipermail/infra/2013-January//admin/categ ... product_preview: 6 Time(s) /pipermail/infra/2013-January/001744.html& ... LsmQ/xmlrpc.php: 1 Time(s) /pipermail/infra/2013-January/xmlrpc.php: 1 Time(s) /pipermail/infra/2013-July/tiki-register.php: 1 Time(s) /pipermail/infra/2013-June//admin/categori ... product_preview: 2 Time(s) /pipermail/infra/2013-March//admin/categor ... product_preview: 4 Time(s) /pipermail/infra/2013-March/002294.html&am ... m.com%2Fbad.php: 6 Time(s) /pipermail/infra/2013-March/tiki-register.php: 1 Time(s) /pipermail/infra/2013-May//admin/categorie ... product_preview: 4 Time(s) /pipermail/infra/2013-May/003154.html/: 1 Time(s) /pipermail/infra/2013-October//administrat ... p?name=itil.php: 1 Time(s) /pipermail/infra/2013-October/004039.html& ... p?name=itil.php: 1 Time(s) /pipermail/node-devel/2011-september/000004.html: 1 Time(s) /pipermail/users/2013-October/ssh://kvm-server/system/: 1 Time(s) /pipermail/users/attachments/20131001/3a42 ... g</a><br/: 1 Time(s) /pipermail/users/attachments/20131001/ecc8 ... g</a><br/: 1 Time(s) /pipermail/users/attachments/20131001/ecc8 ... k</a><br/: 3 Time(s) /pipermail/users/attachments/20131001/ecc8 ... s</a><br/: 1 Time(s) /release: 1 Time(s) /releases//3.3.2-rc.backup/rpm/EL/6/: 1 Time(s) /releases//nightly.bkp/rpm/EL/6/repodata/3 ... 5f-other.xml.gz: 1 Time(s) /releases//nightly.bkp/rpm/EL/6/repodata/filelists.xml.gz: 1 Time(s) /releases//nightly.bkp/rpm/EL/6/repodata/other.xml.gz: 1 Time(s) /releases//nightly.bkp/rpm/EL/6/repodata/repomd.xml: 1 Time(s) /releases/3.2/rpm/EL/$releasever/: 1 Time(s) /releases/3.2/src/%25: 1 Time(s) /releases/3.3.2-beta/rpm/EL/: 1 Time(s) /releases/3.3.2-beta/rpm/EL/6/: 1 Time(s) /releases/3.3.2-beta/rpm/EL/6/x86_64/: 1 Time(s) /releases/3.3.2-beta/rpm/Fedora/: 1 Time(s) /releases/3.3.2-beta/rpm/Fedora/19/: 1 Time(s) /releases/3.3.2-rc.backup/?C=D;O=D: 1 Time(s) /releases/3.3.2-rc.backup/?C=N;O=A: 1 Time(s) /releases/3.3.2/rpm/EL/6.5/noarch/ovirt-no ... .el6.noarch.rpm: 2 Time(s) /releases/3.3.2/rpm/EL/6.5/noarch/vdsm-hoo ... .el6.noarch.rpm: 2 Time(s) /releases/3.3.2/rpm/EL/6/noarch/ovirt-node ... .el6.noarch.rpm: 48 Time(s) /releases/3.3.2/rpm/EL/6/noarch/vdsm-hook- ... .el6.noarch.rpm: 49 Time(s) /releases/3.3.2/rpm/EL/6Server/repodata/8a ... ists.sqlite.bz2: 1 Time(s) /releases/3.3.2/rpm/EL/6Workstation/repodata/repomd.xml: 1 Time(s) /releases/3.3.2/rpm/EL/7Everything/repodata/repomd.xml: 1 Time(s) /releases/3.3.2/rpm/Fedora/14/repodata/repomd.xml: 7 Time(s) /releases/3.3.2/rpm/Fedora/17/repodata/repomd.xml: 9 Time(s) /releases/3.3.2/rpm/Fedora/18/repodata/repomd.xml: 16 Time(s) /releases/3.3.2/rpm/Fedora/20/repodata/repomd.xml: 195 Time(s) /releases/3.3.3/rpm/EL/6/x86_64/vdsm-4.13. ... .el6.x86_64.rpm: 1 Time(s) /releases/3.3/rpm/Fedora/18//repodata/repomd.xml: 9 Time(s) /releases/3.3/rpm/Fedora/18/repodata/repomd.xml: 9 Time(s) /releases/3.4.0-alpha/rpm/Fedora/$releasever/: 1 Time(s) /releases/3.4.0-beta/rpm/EL/6Server/repoda ... ists.sqlite.bz2: 4 Time(s) /releases/3.4.0_pre/rpm/EL/$releasever/: 2 Time(s) /releases/3.4.0_pre/rpm/Fedora/$releasever/: 1 Time(s) /releases/alpha/rpm/Fedora/20/repodata/repomd.xml: 50 Time(s) /releases/beta.old/rpm/EL/6/noarch/: 1 Time(s) /releases/beta.old/rpm/EL/6Server/noarch/: 1 Time(s) /releases/beta/fedora/17/repodata/repomd.xml: 4 Time(s) /releases/beta/iso: 1 Time(s) /releases/beta/rpm/Fedora/17/repodata/repomd.xml: 3 Time(s) /releases/beta/rpm/Fedora/18/n: 1 Time(s) /releases/beta/rpm/Fedora/18/repodata/repomd.xml: 5 Time(s) /releases/beta/rpm/Fedora/18/x86_64/: 1 Time(s) /releases/beta/rpm/Fedora/20/repodata/repomd.xml: 95 Time(s) /releases/beta/tools: 1 Time(s) /releases/check-base/: 1 Time(s) /releases/check-custom/: 1 Time(s) /releases/check-custom/?C=M;O=A: 1 Time(s) /releases/check-epel-testing/: 1 Time(s) /releases/check-epel/: 1 Time(s) /releases/check-extras/: 1 Time(s) /releases/check-fedora/: 1 Time(s) /releases/check-glusterfs-epel/: 1 Time(s) /releases/check-ovirt-3.3.4/: 1 Time(s) /releases/check-updates-testing/: 1 Time(s) /releases/check-updates/: 1 Time(s) /releases/nightly.bkp/: 1 Time(s) /releases/nightly/RHEL/6/repodata/repomd.xml: 2 Time(s) /releases/nightly/fedora/16/ovirt-engine.repo: 1 Time(s) /releases/nightly/fedora/16/repodata/repomd.xml: 230 Time(s) /releases/nightly/rpm/EL/6/hooks/vdsm-hook ... .el6.noarch.rpm: 3 Time(s) /releases/nightly/rpm/EL/6/repodata/655529 ... ists.sqlite.bz2: 3 Time(s) /releases/nightly/rpm/EL/6Server/repodata/ ... ists.sqlite.bz2: 5 Time(s) /releases/nightly/rpm/Fedora/17/?C=D;O=A: 1 Time(s) /releases/nightly/rpm/Fedora/17/?C=M;O=A: 1 Time(s) /releases/nightly/rpm/Fedora/17/?C=S;O=A: 1 Time(s) /releases/nightly/rpm/Fedora/17/repodata/repomd.xml: 2 Time(s) /releases/nightly/rpm/Fedora/18/n: 1 Time(s) /releases/nightly/rpm/Fedora/19/repodata/2 ... ists.sqlite.bz2: 2 Time(s) /releases/nightly/rpm/Fedora/19/repodata/c ... ther.sqlite.bz2: 13 Time(s) /releases/nightly/rpm/Fedora/19/repodata/d ... ists.sqlite.bz2: 5 Time(s) /releases/nightly/rpm/Fedora/19/repodata/d ... ther.sqlite.bz2: 2 Time(s) /releases/nightly/rpm/Fedora/20/repodata/3 ... ther.sqlite.bz2: 6 Time(s) /releases/nightly/rpm/Fedora/20/repodata/e ... ther.sqlite.bz2: 5 Time(s) /releases/ovirt-release-@distro@.noarch.rpm: 1 Time(s) /releases/ovirt-release-el.noarch.rp: 1 Time(s) /releases/ovirt-release-el.noarch.rpm6: 2 Time(s) /releases/ovirt-release-el6-10-2.noarch.rpm: 1 Time(s) /releases/ovirt-release-el6-8-1.noarch.rpm: 9 Time(s) /releases/ovirt-release-el6.noarch.rp: 1 Time(s) /releases/ovirt-release-el6.noarch.rpm: 3 Time(s) /releases/ovirt-release-rhel.rpm: 1 Time(s) /releases/ovirt-releases-el.noarch.rpm: 1 Time(s) /releases/stable/binary: 1 Time(s) /releases/stable/binary/ovirt-node-iso-latest.iso: 1 Time(s) /releases/stable/fedora/16/repodata/filelists.xml.gz: 24 Time(s) /releases/stable/fedora/16/repodata/repomd.xml: 239 Time(s) /releases/stable/ovirt-engine.repo: 2 Time(s) /releases/stable/rpm/EL/19/repodata/repomd.xml: 4 Time(s) /releases/stable/rpm/EL/6.2/repodata/repomd.xml: 2 Time(s) /releases/stable/rpm/EL/6.3/repodata/repomd.xml: 2 Time(s) /releases/stable/rpm/EL/6.5/noarch/repodata/repomd.xml: 1 Time(s) /releases/stable/rpm/EL/6Workstation/repodata/repomd.xml: 3 Time(s) /releases/stable/rpm/EL/7Everything/repodata/repomd.xml: 2 Time(s) /releases/stable/rpm/EL6/6/repodata/repomd.xml: 8 Time(s) /releases/stable/rpm/EL6/6Server/repodata/repomd.xml: 14 Time(s) /releases/stable/rpm/Fedora//repodata/repomd.xml: 2 Time(s) /releases/stable/rpm/Fedora/14/repodata/repomd.xml: 7 Time(s) /releases/stable/rpm/Fedora/15/repodata/repomd.xml: 4 Time(s) /releases/stable/rpm/Fedora/16/repodata/repomd.xml: 14 Time(s) /releases/stable/rpm/Fedora/20/repodata/repomd.xml: 475 Time(s) /releases/stable/rpm/Fedora/repodata/repomd.xml: 8 Time(s) /releases/updates-testing/rpm/EL/6.4/: 1 Time(s) /releases/updates-testing/rpm/EL/6.5/: 1 Time(s) /robots.txt: 134 Time(s) /user/: 2 Time(s) /user/register: 1 Time(s) /wp-admin/: 2 Time(s) /wp-content/themes/TheTravelTheme/includes ... m.com%2Fbad.php: 1 Time(s) /wp-login.php: 2 Time(s) /wp-login.php?action=register: 8 Time(s) /wp/wp-admin/: 1 Time(s) /xmlrpc.php: 2 Time(s) http://resources.ovirt.org/releases/3.3.2/ ... data/repomd.xml: 1 Time(s) http://resources.ovirt.org/releases/stable ... data/repomd.xml: 1 Time(s) 416 Request Range Not Satisfiable /releases/stable/rpm/EL/6.5/: 1 Time(s) /releases/stable/rpm/EL/6.5/x86_64/gluster ... .el6.x86_64.rpm: 1 Time(s) /releases/stable/rpm/EL/6Server/noarch/ovi ... .el6.noarch.rpm: 1 Time(s) /releases/stable/rpm/Fedora/17/noarch/old/ ... fc17.noarch.rpm: 90 Time(s) /releases/stable/rpm/Fedora/17/noarch/ovir ... fc17.noarch.rpm: 171 Time(s) /releases/stable/rpm/Fedora/17/x86_64/ovir ... fc17.x86_64.rpm: 36 Time(s) /releases/stable/rpm/Fedora/18/noarch/ovir ... fc18.noarch.rpm: 5 Time(s) /releases/stable/rpm/Fedora/18/noarch/vdsm ... fc18.noarch.rpm: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ su-l: Authentication Failures: mburns(502) -> root: 2 Time(s) Sessions Opened: root -> root: 9 Time(s) sudo: Authentication Failures: knesenko(517) -> knesenko: 2 Time(s) Unknown Entries: auth could not identify password for [knesenko]: 1 Time(s) conversation failed: 1 Time(s) sudo-i: Unknown Entries: auth could not identify password for [dcaro]: 1 Time(s) conversation failed: 1 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 5 *Warning: Pre-queue content-filter connection overload 8 Miscellaneous warnings 39.402M Bytes accepted 41,315,946 1.118G Bytes delivered 1,200,746,325 ======== ================================================ 3994 Accepted 97.94% 84 Rejected 2.06% -------- ------------------------------------------------ 4078 Total 100.00% ======== ================================================ 3 Reject relay denied 3.57% 81 Reject unknown user 96.43% -------- ------------------------------------------------ 84 Total Rejects 100.00% ======== ================================================ 2770 Connections made 47 Connections lost 2768 Disconnections 3984 Removed from queue 1312 Delivered 77007 Sent via SMTP 12 Forwarded 93 Deferred 1745 Deferrals 22 Bounce (local) 14 Bounce (remote) 35 DSNs undeliverable 850 Connection failure (outbound) 4 Timeout (inbound) 68 Hostname verification errors 849 Enabled PIX workaround ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: jenkins (46176766) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Users logging in through sshd: dcaro: 83.56.138.9 (9.Red-83-56-138.dynamicIP.rima-tde.net): 2 times gerrit-backup: 107.22.212.69 (gerrit.ovirt.org): 2 times jenkins: 89.31.150.215 (alterway01.ovirt.org): 7 times 66.187.237.11 (nat-pool-tlv-u1.redhat.com): 1 time knesenko: 5.22.129.153 (dynamic.5.22.129.153.ccc.net.il): 8 times 5.22.129.195 (dynamic.5.22.129.195.ccc.net.il): 3 times mburns: 107.3.82.202 (c-107-3-82-202.hsd1.ct.comcast.net): 2 times Received disconnect: 11: Bye Bye : 7215 Time(s) 11: Goodbye : 1 Time(s) 11: PECL/ssh2 (http://pecl.php.net/packages/ssh2) : 1 Time(s) 11: disconnected by user : 7 Time(s) SFTP subsystem requests: 8 Time(s) **Unmatched Entries** Address 203.81.22.35 maps to mail.ckgsb.edu.cn, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! : 285 time(s) reverse mapping checking getaddrinfo for dynamic.5.22.129.153.ccc.net.il [5.22.129.153] failed - POSSIBLE BREAK-IN ATTEMPT! : 8 time(s) Address 108.168.207.195 maps to bicoin.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! : 196 time(s) reverse mapping checking getaddrinfo for dynamic.5.22.129.195.ccc.net.il [5.22.129.195] failed - POSSIBLE BREAK-IN ATTEMPT! : 3 time(s) reverse mapping checking getaddrinfo for 203.51.174.61.dial.wz.zj.dynamic.163data.com.cn [61.174.51.203] failed - POSSIBLE BREAK-IN ATTEMPT! : 3 time(s) reverse mapping checking getaddrinfo for ip-converge.9.127.121.in-addr.arpa [121.127.9.86] failed - POSSIBLE BREAK-IN ATTEMPT! : 117 time(s) reverse mapping checking getaddrinfo for 208.51.174.61.dial.wz.zj.dynamic.163data.com.cn [61.174.51.208] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s) reverse mapping checking getaddrinfo for 78-7-72-150-static.albacom.net [78.7.72.150] failed - POSSIBLE BREAK-IN ATTEMPT! : 735 time(s) ---------------------- SSHD End ------------------------- --------------------- Sudo (secure-log) Begin ------------------------ ============================================================================== dcaro => root ------------- /bin/bash - 1 Times. /bin/find - 54 Times. /usr/bin/createrepo - 7 Times. ============================================================================== knesenko => root ---------------- /bin/find - 10 Times. /bin/mv - 6 Times. /bin/su - 7 Times. /usr/bin/createrepo - 12 Times. ============================================================================== mburns => root -------------- /bin/su - 2 Times. ============================================================================== root => supybot --------------- /usr/bin/supybot - 2 Times. **Unmatched Entries** pam_unix(sudo:auth): auth could not identify password for [knesenko]: 1 Time(s) pam_unix(sudo:auth): conversation failed: 1 Time(s) pam_unix(sudo-i:auth): auth could not identify password for [dcaro]: 1 Time(s) pam_unix(sudo-i:auth): conversation failed: 1 Time(s) ---------------------- Sudo (secure-log) End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/xvda 97G 58G 39G 61% / ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################