10:11 a.m.
################### Logwatch 7.3.6 (05/19/07) ####################
Processing Initiated: Sat Dec 12 03:11:06 2015
Date Range Processed: yesterday
( 2015-Dec-11 )
Period is day.
Detail Level of Output: 0
Type of Output: unformatted
Logfiles for Host: linode01.ovirt.org
##################################################################
--------------------- Dovecot Begin ------------------------
Dovecot disconnects:
Logged out: 1440 Time(s)
---------------------- Dovecot End -------------------------
--------------------- httpd Begin ------------------------
A total of 1 sites probed the server
69.12.70.34
A total of 1 possible successful probes were detected (the following URLs
contain strings that match one or more of a listing of strings that
indicate a possible exploit):
/etc/lib/pChart2/examples/index.php?Action=View&Script=../../../../cnf/db.php HTTP
Response 302
Requests with error response codes
400 Bad Request
/x: 1 Time(s)
404 Not Found
/: 1 Time(s)
/.libs.php: 3 Time(s)
//.libs.php: 1 Time(s)
//includes/routing.php: 1 Time(s)
//readme.php: 1 Time(s)
//wp-admin/admin-ajax.php: 5 Time(s)
//wp-apps.php: 1 Time(s)
//wp-content/plugins/dzs-zoomsounds/admin/upload.php: 5 Time(s)
//wp-includes/include.php: 1 Time(s)
//wp-includes/routing.php: 1 Time(s)
//wp-readme.php: 1 Time(s)
//xmlrpc.php: 2 Time(s)
/admin.php: 5 Time(s)
/admin/: 5 Time(s)
/admin/board: 3 Time(s)
/admin/login.php: 5 Time(s)
/administrator/index.php: 5 Time(s)
/apple-touch-icon-precomposed.png: 3 Time(s)
/apple-touch-icon.png: 3 Time(s)
/bitrix/admin/index.php?lang=en: 5 Time(s)
/blog/: 1 Time(s)
/blog/robots.txt: 1 Time(s)
/blog/wp-admin/: 12 Time(s)
/board: 6 Time(s)
/bogel.php: 3 Time(s)
/category/news/feed: 1 Time(s)
/category/news/feed/: 8 Time(s)
/editor/editor: 1 Time(s)
/favicon.ico: 2009 Time(s)
/fckeditor/editor: 1 Time(s)
/i/js/blur.js: 1 Time(s)
/i/js/clear-form-fields.js: 1 Time(s)
/i/js/input-type-file.js: 1 Time(s)
/i/js/jquery.easing-1.3.min.js: 1 Time(s)
/i/js/jquery.form.min.js: 1 Time(s)
/i/js/sly.min.js: 1 Time(s)
/index.php/component/users/?task=registration.register: 1 Time(s)
/index.php/joomla-pages-ii/user-registrati ... ration.register: 1 Time(s)
/index.php?dll=register: 3 Time(s)
/index.php?option=com_users&view=registration: 1 Time(s)
/listinfo/board: 3 Time(s)
/magmi/web/plugin_upload.php: 1 Time(s)
/mailma: 1 Time(s)
/mailman/suggest-listing.php: 3 Time(s)
/old/wp-admin/: 9 Time(s)
/phpMyAdmin/scripts/setup.php: 1 Time(s)
/pipermail/%09IpBoard%E7%BB%AB%E8%AF%B2%E7 ... B7%0983000%09-1: 1 Time(s)
/pipermail/engine-patches/2011-November/000263.html: 1 Time(s)
/pipermail/engine-patches/2012-April/013151.html: 1 Time(s)
/pipermail/engine-patches/2012-April/014902.html: 1 Time(s)
/pipermail/engine-patches/2012-August/033433.html: 1 Time(s)
/pipermail/engine-patches/2012-December/046955.html: 1 Time(s)
/pipermail/engine-patches/2012-December/047590.html: 1 Time(s)
/pipermail/engine-patches/2012-February/008348.html: 1 Time(s)
/pipermail/engine-patches/2012-January/002600.html: 1 Time(s)
/pipermail/engine-patches/2012-July/025601.html: 1 Time(s)
/pipermail/engine-patches/2012-July/026340.html: 1 Time(s)
/pipermail/engine-patches/2012-June/021307.html: 1 Time(s)
/pipermail/engine-patches/2012-June/021405.html: 1 Time(s)
/pipermail/engine-patches/2012-June/023202.html: 1 Time(s)
/pipermail/engine-patches/2012-March/010631.html: 1 Time(s)
/pipermail/engine-patches/2012-October/037457.html: 1 Time(s)
/pipermail/engine-patches/2012-October/039501.html: 1 Time(s)
/pipermail/engine-patches/2012-September/033643.html: 1 Time(s)
/pipermail/engine-patches/2012-September/036322.html: 1 Time(s)
/pipermail/engine-patches/2013-April/065716.html: 1 Time(s)
/pipermail/engine-patches/2013-April/068158.html: 1 Time(s)
/pipermail/engine-patches/2013-April/068663.html: 1 Time(s)
/pipermail/engine-patches/2013-August/095409.html: 1 Time(s)
/pipermail/engine-patches/2013-August/098853.html: 1 Time(s)
/pipermail/engine-patches/2013-August/101337.html: 1 Time(s)
/pipermail/engine-patches/2013-August/102123.html: 1 Time(s)
/pipermail/engine-patches/2013-February/057572.html: 1 Time(s)
/pipermail/engine-patches/2013-January/048224.html: 1 Time(s)
/pipermail/engine-patches/2013-January/048362.html: 1 Time(s)
/pipermail/engine-patches/2013-January/049309.html: 1 Time(s)
/pipermail/engine-patches/2013-January/051091.html: 1 Time(s)
/pipermail/engine-patches/2013-January/052356.html: 1 Time(s)
/pipermail/engine-patches/2013-January/053377.html: 1 Time(s)
/pipermail/engine-patches/2013-July/083948.html: 1 Time(s)
/pipermail/engine-patches/2013-June/074552.html: 1 Time(s)
/pipermail/engine-patches/2013-June/075946.html: 1 Time(s)
/pipermail/engine-patches/2013-June/076015.html: 1 Time(s)
/pipermail/engine-patches/2013-June/076331.html: 1 Time(s)
/pipermail/engine-patches/2013-June/076632.html: 1 Time(s)
/pipermail/engine-patches/2013-June/078245.html: 1 Time(s)
/pipermail/engine-patches/2013-June/079651.html: 1 Time(s)
/pipermail/engine-patches/2013-June/080110.html: 1 Time(s)
/pipermail/engine-patches/2013-March/062358.html: 1 Time(s)
/pipermail/engine-patches/2013-March/063230.html: 1 Time(s)
/pipermail/engine-patches/2013-March/063560.html: 1 Time(s)
/pipermail/engine-patches/2013-October/109304.html: 1 Time(s)
/pipermail/engine-patches/2013-October/116533.html: 1 Time(s)
/pipermail/engine-patches/2013-October/116802.html: 1 Time(s)
/pipermail/engine-patches/2013-October/117121.html: 1 Time(s)
/pipermail/engine-patches/2013-September/103373.html: 1 Time(s)
/pipermail/engine-patches/2013-September/103411.html: 1 Time(s)
/pipermail/engine-patches/2013-September/104719.html: 1 Time(s)
/pipermail/engine-patches/2014-January/142245.html: 1 Time(s)
/pipermail/infra/2012-December/tiki-register.php: 1 Time(s)
/pipermail/infra/2012-November/tiki-register.php: 3 Time(s)
/pipermail/infra/2013-December/tiki-register.php: 2 Time(s)
/pipermail/infra/2013-July/tiki-register.php: 12 Time(s)
/pipermail/infra/2013-March/tiki-register.php: 1 Time(s)
/pipermail/infra/2013-May/tiki-register.php: 1 Time(s)
/pipermail/infra/2014-March//xmlrpc.php: 1 Time(s)
/pipermail/infra/2014-March/005574.html&am ... MpA//xmlrpc.php: 2 Time(s)
/pipermail/infra/2014-September/007915.htm ... loads/style.php: 1 Time(s)
/pipermail/infra/2015-April//.libs.php: 1 Time(s)
/pipermail/infra/2015-April//includes/routing.php: 1 Time(s)
/pipermail/infra/2015-April//readme.php: 1 Time(s)
/pipermail/infra/2015-April//wp-admin/admin-ajax.php: 4 Time(s)
/pipermail/infra/2015-April//wp-apps.php: 1 Time(s)
/pipermail/infra/2015-April//wp-includes/include.php: 1 Time(s)
/pipermail/infra/2015-April//wp-includes/routing.php: 1 Time(s)
/pipermail/infra/2015-April//wp-readme.php: 1 Time(s)
/pipermail/infra/2015-April/wp-admin/admin ... ./wp-config.php: 1 Time(s)
/pipermail/infra/2015-April/wp-admin/admin-ajax.php: 2 Time(s)
/pipermail/infra/2015-July//wp-content/plu ... dmin/upload.php: 5 Time(s)
/pipermail/infra/2015-July//xmlrpc.php: 1 Time(s)
/pipermail/infra/2015-July/010144.html& ... YhA//xmlrpc.php: 7 Time(s)
/pipermail/infra/2015-July/010145.html& ... vPg//xmlrpc.php: 3 Time(s)
/pipermail/infra/2015-July/010224.html& ... ./wp-config.php: 1 Time(s)
/pipermail/infra/2015-July/magmi/web/plugin_upload.php: 1 Time(s)
/pipermail/infra/2015-July/wp-admin/admin- ... ./wp-config.php: 1 Time(s)
/pipermail/infra/2015-June//xmlrpc.php: 1 Time(s)
/pipermail/infra/2015-June/010089.html& ... R0g//xmlrpc.php: 3 Time(s)
/pipermail/users/2012-may/001928.html: 1 Time(s)
/pipermail/users/2013-july/015099.html: 1 Time(s)
/pipermail/users/2013-november/017930.html: 1 Time(s)
/pipermail/users/2014-january/019873.html: 1 Time(s)
/pipermail/users/2014-september/027225.html: 1 Time(s)
/repos/ci-tools/EL/6/repodata/repomd.xml: 48 Time(s)
/robots.txt: 476 Time(s)
/test/wp-admin/: 12 Time(s)
/user/: 5 Time(s)
/web/ui/page/error.html: 3 Time(s)
/windows.asp;.jpg:: 1 Time(s)
/wordpress/: 1 Time(s)
/wordpress/wp-admin/: 12 Time(s)
/wp-admin/: 12 Time(s)
/wp-admin/admin-ajax.php: 5 Time(s)
/wp-admin/admin-ajax.php?action=revslider_ ... ./wp-config.php: 2 Time(s)
/wp-content.php: 3 Time(s)
/wp-content/: 1 Time(s)
/wp-content/plugins/revslider/temp/update_ ... evslider/up.php: 3 Time(s)
/wp-content/plugins/wysija-newsletters/readme.txt: 1 Time(s)
/wp-includes/wp-xmlrpc.php: 3 Time(s)
/wp-login.php: 10 Time(s)
/wp-xmlrpc.php: 3 Time(s)
/wp/: 1 Time(s)
/wp/wp-admin/: 12 Time(s)
/xmlrpc.php: 8 Time(s)
/xmlrpc.php?rsd: 1 Time(s)
408 Request Timeout
/mailman/subscribe/board: 1 Time(s)
/mailman/subscribe/engine-devel: 1 Time(s)
/mailman/subscribe/kimchi-users: 1 Time(s)
/mailman/subscribe/movirt: 1 Time(s)
/mailman/subscribe/project-planning: 1 Time(s)
/mailman/subscribe/users: 1 Time(s)
/mailman/subscribe/workshop-nov2011: 2 Time(s)
---------------------- httpd End -------------------------
--------------------- pam_unix Begin ------------------------
su-l:
Sessions Opened:
sbonazzo -> root: 1 Time(s)
---------------------- pam_unix End -------------------------
--------------------- Postfix Begin ------------------------
1401 *Warning: Pre-queue content-filter connection overload
55 Miscellaneous warnings
12.425M Bytes accepted 13,028,479
119.244M Bytes delivered 125,036,759
======== ================================================
1563 Accepted 91.73%
141 Rejected 8.27%
-------- ------------------------------------------------
1704 Total 100.00%
======== ================================================
1 Reject relay denied 0.71%
37 Reject HELO/EHLO 26.24%
103 Reject unknown user 73.05%
-------- ------------------------------------------------
141 Total Rejects 100.00%
======== ================================================
854 4xx Reject recipient address 90.75%
87 4xx Reject sender address 9.25%
-------- ------------------------------------------------
941 Total 4xx Rejects 100.00%
======== ================================================
3438 Connections made
558 Connections lost
3438 Disconnections
1420 Removed from queue
844 Delivered
17132 Sent via SMTP
5 Forwarded
306 Deferred
3257 Deferrals
257 Bounce (remote)
8 Expired and returned to sender
261 DSNs undeliverable
402 Connection failure (outbound)
14 Timeout (inbound)
4 Illegal address syntax in SMTP command
3 Numeric hostname
295 Hostname verification errors
117 Enabled PIX workaround
**Unmatched Entries**
1 Dec 11 05:46:25 linode01 postfix/smtp[28004]: SSL_connect error to
mail.albasoft.com[80.36.199.64]:25: -1
1 Dec 11 11:50:49 linode01 postfix/smtp[9316]: 92F27C835: Cannot start TLS:
handshake failure
1 Dec 11 09:19:29 linode01 postfix/smtp[4171]: SSL_connect error to
tacos.lugy.net[70.85.31.174]:25: -1
1 Dec 11 06:45:08 linode01 postfix/smtp[30753]: E1838C84F: Cannot start TLS:
handshake failure
1 Dec 11 06:44:37 linode01 postfix/smtp[30755]: 060B73D403A: Cannot start TLS:
handshake failure
1 Dec 11 06:45:12 linode01 postfix/smtp[30751]: SSL_connect error to
mail.albasoft.com[80.36.199.64]:25: -1
1 Dec 11 06:44:27 linode01 postfix/smtp[30677]: 4D8ABC82F: Cannot start TLS:
handshake failure
1 Dec 11 06:31:29 linode01 postfix/smtp[30206]: SSL_connect error to
tacos.lugy.net[70.85.31.174]:25: -1
1 Dec 11 04:28:53 linode01 postfix/smtp[25204]: SSL_connect error to
tacos.lugy.net[70.85.31.174]:25: -1
1 Dec 11 16:38:28 linode01 postfix/smtp[18763]: SSL_connect error to
tacos.lugy.net[70.85.31.174]:25: -1
1 Dec 11 06:44:31 linode01 postfix/smtp[30707]: 94C753D4026: Cannot start TLS:
handshake failure
1 Dec 11 06:41:09 linode01 postfix/smtp[30508]: C98CFC7C0: Cannot start TLS:
handshake failure
1 Dec 11 05:10:58 linode01 postfix/smtp[26702]: SSL_connect error to
mail.albasoft.com[80.36.199.64]:25: -1
1 Dec 11 06:27:46 linode01 postfix/smtp[30049]: C7788C850: Cannot start TLS:
handshake failure
1 Dec 11 06:03:22 linode01 postfix/smtp[29138]: SSL_connect error to
mail.albasoft.com[80.36.199.64]:25: -1
1 Dec 11 06:27:46 linode01 postfix/smtp[30049]: SSL_connect error to
mail.albasoft.com[80.36.199.64]:25: -1
1 Dec 11 06:45:12 linode01 postfix/smtp[30751]: 39ED53D403E: Cannot start TLS:
handshake failure
1 Dec 11 11:50:49 linode01 postfix/smtp[9316]: SSL_connect error to
mail.albasoft.com[80.36.199.64]:25: -1
1 Dec 11 05:46:09 linode01 postfix/smtp[27972]: 61D9EC816: Cannot start TLS:
handshake failure
1 Dec 11 08:20:48 linode01 postfix/smtp[2087]: SSL_connect error to
tacos.lugy.net[70.85.31.174]:25: -1
1 Dec 11 05:34:41 linode01 postfix/smtp[27643]: SSL_connect error to
mail.albasoft.com[80.36.199.64]:25: -1
1 Dec 11 05:46:09 linode01 postfix/smtp[27972]: SSL_connect error to
tacos.lugy.net[70.85.31.174]:25: -1
1 Dec 11 17:07:58 linode01 postfix/smtp[19892]: SSL_connect error to
tacos.lugy.net[70.85.31.174]:25: -1
1 Dec 11 05:34:41 linode01 postfix/smtp[27649]: SSL_connect error to
tacos.lugy.net[70.85.31.174]:25: -1
1 Dec 11 08:14:28 linode01 postfix/smtp[1551]: 42ACDC358: Cannot start TLS:
handshake failure
1 Dec 11 07:04:17 linode01 postfix/smtp[31594]: SSL_connect error to
mail.albasoft.com[80.36.199.64]:25: -1
1 Dec 11 05:46:25 linode01 postfix/smtp[28004]: 3EDDFC852: Cannot start TLS:
handshake failure
1 Dec 11 09:19:29 linode01 postfix/smtp[4171]: E53F2C855: Cannot start TLS:
handshake failure
1 Dec 11 06:41:25 linode01 postfix/smtp[30518]: 41D2D3D4020: Cannot start TLS:
handshake failure
1 Dec 11 07:56:53 linode01 postfix/smtp[990]: 8F33DC770: Cannot start TLS:
handshake failure
1 Dec 11 06:41:09 linode01 postfix/smtp[30508]: SSL_connect error to
tacos.lugy.net[70.85.31.174]:25: -1
1 Dec 11 06:31:29 linode01 postfix/smtp[30206]: 4B8A2C770: Cannot start TLS:
handshake failure
1 Dec 11 06:03:17 linode01 postfix/smtp[29079]: 56288C770: Cannot start TLS:
handshake failure
1 Dec 11 06:03:22 linode01 postfix/smtp[29138]: B0F5AC836: Cannot start TLS:
handshake failure
1 Dec 11 10:38:18 linode01 postfix/smtp[6750]: 34266C775: Cannot start TLS:
handshake failure
1 Dec 11 05:34:41 linode01 postfix/smtp[27649]: 56CCAC82E: Cannot start TLS:
handshake failure
1 Dec 11 05:34:41 linode01 postfix/smtp[27643]: DBA91C7F9: Cannot start TLS:
handshake failure
1 Dec 11 06:44:27 linode01 postfix/smtp[30677]: SSL_connect error to
tacos.lugy.net[70.85.31.174]:25: -1
1 Dec 11 06:41:25 linode01 postfix/smtp[30518]: SSL_connect error to
mail.albasoft.com[80.36.199.64]:25: -1
1 Dec 11 06:44:31 linode01 postfix/smtp[30707]: SSL_connect error to
mail.albasoft.com[80.36.199.64]:25: -1
1 Dec 11 07:04:17 linode01 postfix/smtp[31594]: 2BEBC3D4021: Cannot start TLS:
handshake failure
1 Dec 11 05:46:14 linode01 postfix/smtp[28073]: SSL_connect error to
mail.albasoft.com[80.36.199.64]:25: -1
1 Dec 11 07:52:02 linode01 postfix/smtp[848]: SSL_connect error to
mail.albasoft.com[80.36.199.64]:25: -1
1 Dec 11 16:38:28 linode01 postfix/smtp[18763]: 647DAC7E9: Cannot start TLS:
handshake failure
1 Dec 11 06:45:08 linode01 postfix/smtp[30753]: SSL_connect error to
tacos.lugy.net[70.85.31.174]:25: -1
1 Dec 11 05:34:53 linode01 postfix/smtp[27641]: SSL_connect error to
mail.albasoft.com[80.36.199.64]:25: -1
1 Dec 11 10:38:18 linode01 postfix/smtp[6750]: SSL_connect error to
mail.albasoft.com[80.36.199.64]:25: -1
1 Dec 11 06:03:17 linode01 postfix/smtp[29079]: SSL_connect error to
tacos.lugy.net[70.85.31.174]:25: -1
1 Dec 11 08:14:28 linode01 postfix/smtp[1551]: SSL_connect error to
tacos.lugy.net[70.85.31.174]:25: -1
1 Dec 11 17:07:58 linode01 postfix/smtp[19892]: EEEFBC822: Cannot start TLS:
handshake failure
1 Dec 11 07:52:02 linode01 postfix/smtp[848]: 59CC6C7CC: Cannot start TLS:
handshake failure
1 Dec 11 05:46:14 linode01 postfix/smtp[28073]: B65CFC837: Cannot start TLS:
handshake failure
1 Dec 11 05:10:58 linode01 postfix/smtp[26702]: 8F287C81D: Cannot start TLS:
handshake failure
1 Dec 11 08:20:48 linode01 postfix/smtp[2087]: 66AD1C705: Cannot start TLS:
handshake failure
1 Dec 11 02:07:07 linode01 postfix/smtp[19271]: 2D779C81C: Cannot start TLS:
handshake failure
1 Dec 11 06:44:37 linode01 postfix/smtp[30755]: SSL_connect error to
mail.albasoft.com[80.36.199.64]:25: -1
1 Dec 11 04:28:53 linode01 postfix/smtp[25204]: 4DD53C7CC: Cannot start TLS:
handshake failure
1 Dec 11 07:56:53 linode01 postfix/smtp[990]: SSL_connect error to
mail.albasoft.com[80.36.199.64]:25: -1
1 Dec 11 05:34:53 linode01 postfix/smtp[27641]: B1F06C84E: Cannot start TLS:
handshake failure
1 Dec 11 02:07:07 linode01 postfix/smtp[19271]: SSL_connect error to
tacos.lugy.net[70.85.31.174]:25: -1
---------------------- Postfix End -------------------------
--------------------- SSHD Begin ------------------------
Users logging in through sshd:
sbonazzo:
95.235.89.243 (host243-89-dynamic.235-95-r.retail.telecomitalia.it): 1 time
Received disconnect:
11: : 25 Time(s)
11: Bye Bye : 508 Time(s)
11: disconnected by user : 1 Time(s)
3: com.jcraft.jsch.JSchException: Auth fail : 25 Time(s)
**Unmatched Entries**
Address 66.162.88.202 maps to mail.plunkett-gibson.com, but this does not map back to the
address - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
reverse mapping checking getaddrinfo for 62-210-25-207.rev.poneytelecom.eu
[62.210.25.207] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
reverse mapping checking getaddrinfo for
host243-89-dynamic.235-95-r.retail.telecomitalia.it [95.235.89.243] failed - POSSIBLE
BREAK-IN ATTEMPT! : 1 time(s)
---------------------- SSHD End -------------------------
--------------------- Sudo (secure-log) Begin ------------------------
==============================================================================
sbonazzo => root
----------------
/bin/su - 1 Times.
---------------------- Sudo (secure-log) End -------------------------
--------------------- Disk Space Begin ------------------------
Filesystem Size Used Avail Use% Mounted on
/dev/xvda 97G 71G 27G 73% /
---------------------- Disk Space End -------------------------
###################### Logwatch End #########################
3268
days inactive
3268
days old
0 comments
1 participants
participants (1)
-
logwatch@lists.ovirt.org