################### Logwatch 7.3.6 (05/19/07) #################### Processing Initiated: Thu Feb 21 03:23:18 2013 Date Range Processed: yesterday ( 2013-Feb-20 ) Period is day. Detail Level of Output: 0 Type of Output: unformatted Logfiles for Host: linode01.ovirt.org ################################################################## --------------------- httpd Begin ------------------------ A total of 1 sites probed the server 173.255.252.138 A total of 1 possible successful probes were detected (the following URLs contain strings that match one or more of a listing of strings that indicate a possible exploit): null HTTP Response 200 Requests with error response codes 404 Not Found //wp-content/plugins/radykal-fancy-gallery ... mage-upload.php: 3 Time(s) //wp-content/themes/Envisioned/timthumb.ph ... /cybercrime.php: 4 Time(s) //wp-content/themes/multidesign/scripts/ti ... .com%2Fcrax.php: 1 Time(s) /admin/banner_manager.php/login.php: 3 Time(s) /admin/categories.php/login.php: 3 Time(s) /admin/configuration.php/login.php: 3 Time(s) /admin/file_manager.php/login.php: 3 Time(s) /apple-touch-icon-precomposed.png: 13 Time(s) /apple-touch-icon.png: 12 Time(s) /category/news/feed: 31 Time(s) /category/news/feed/: 122 Time(s) /favicon.ico: 710 Time(s) /get-ovirt/: 1 Time(s) /login.php: 2 Time(s) /news-and-events/workshop-1-to-3-november-2011/: 1 Time(s) /pipermail/infra//wp-content/themes/Envisi ... /cybercrime.php: 4 Time(s) /pipermail/infra/2012-March/index.php?action=register: 2 Time(s) /pipermail/infra/2012-March/index.php?do=/user/register/: 2 Time(s) /pipermail/infra/2012-March/index.php?titl ... gin&type=signup: 2 Time(s) /pipermail/infra/2012-March/join.php: 2 Time(s) /pipermail/infra/2012-March/register: 2 Time(s) /pipermail/infra/2012-March/register.php: 4 Time(s) /pipermail/infra/2012-March/tiki-register.php: 2 Time(s) /pipermail/infra/2012-March/wikka.php?wakka=UserSettings: 2 Time(s) /pipermail/infra/2012-November//wp-content ... .com%2Fcrax.php: 1 Time(s) /pipermail/infra/2012-November//wp-content ... /cybercrime.php: 4 Time(s) /pipermail/infra/2012-November//wp-content ... mage-upload.php: 2 Time(s) /pipermail/infra/2012-November/001330.html ... et%2F%2Fbad.php: 1 Time(s) /pipermail/infra/2012-November/001330.html ... ort.net/bad.php: 1 Time(s) /pipermail/infra/2012-November/001345.html ... t.net%2Fbad.php: 1 Time(s) /pipermail/infra/2012-November/001404.html ... com%2Fjahat.php: 1 Time(s) /pipermail/infra/2012-November/001410.html ... com%2Fjahat.php: 1 Time(s) /pipermail/infra/2012-November/001410.html ... ort.net/bad.php: 1 Time(s) /pipermail/infra/2012-November/001420.html ... t.net%2Fbad.php: 1 Time(s) /pipermail/infra/2012-November/001432.html ... .com%2Fcrax.php: 1 Time(s) /pipermail/infra/2012-November/001432.html ... /result/bat.php: 1 Time(s) /pipermail/infra/2012-November/001445.html ... com%2Fjahat.php: 2 Time(s) /pipermail/infra/2012-November/001445.html ... om.br%2Fbad.php: 1 Time(s) /pipermail/infra/2012-November/001445.html ... t.net%2Fbad.php: 1 Time(s) /pipermail/infra/2012-November/001462.html ... .fm/bangsat.php: 1 Time(s) /pipermail/infra/2012-November/001462.html ... mage-upload.php: 1 Time(s) /pipermail/infra/2012-November/001462.html ... rts.net/IDC.php: 1 Time(s) /pipermail/infra/2012-November/001478.html ... ort.net/bad.php: 1 Time(s) /pipermail/infra/2012-November/001552.html ... %2F%2Fcilik.php: 5 Time(s) /pipermail/infra/2012-November/001552.html ... .com.br/bad.php: 1 Time(s) /pipermail/infra/2012-November/001552.html ... ort.net/bad.php: 2 Time(s) /pipermail/infra/2012-November/001572.html ... mage-upload.php: 2 Time(s) /pipermail/infra/2012-November/wp-content/ ... %2F%2Fcilik.php: 3 Time(s) /pipermail/infra/2012-November/wp-content/ ... .com.br/bad.php: 1 Time(s) /pipermail/infra/2012-November/wp-content/ ... .com//kikok.php: 1 Time(s) /pipermail/infra/2012-November/wp-content/ ... .fm/bangsat.php: 1 Time(s) /pipermail/infra/2012-November/wp-content/ ... /result/bat.php: 1 Time(s) /pipermail/infra/2012-November/wp-content/ ... com%2Fjahat.php: 2 Time(s) /pipermail/infra/2012-November/wp-content/ ... et%2F%2Fbad.php: 1 Time(s) /pipermail/infra/2012-November/wp-content/ ... om.ar%2Fbad.php: 1 Time(s) /pipermail/infra/2012-November/wp-content/ ... om.br%2Fbad.php: 1 Time(s) /pipermail/infra/2012-November/wp-content/ ... ort.net/bad.php: 3 Time(s) /pipermail/infra/2012-November/wp-content/ ... rts.net/IDC.php: 1 Time(s) /pipermail/infra/2012-November/wp-content/ ... s.com%2Fbad.php: 2 Time(s) /pipermail/infra/2012-November/wp-content/ ... t.net%2Fbad.php: 3 Time(s) /pipermail/infra/2012-October/001243.html& ... com%2Fjahat.php: 1 Time(s) /pipermail/infra/2012-October/001244.html& ... com%2Fjahat.php: 3 Time(s) /pipermail/infra/2012-October/admin/banner ... r.php/login.php: 3 Time(s) /pipermail/infra/2012-October/admin/categories.php/login.php: 3 Time(s) /pipermail/infra/2012-October/admin/config ... n.php/login.php: 3 Time(s) /pipermail/infra/2012-October/admin/file_m ... r.php/login.php: 3 Time(s) /pipermail/infra/2012-October/wp-content/t ... com%2Fjahat.php: 3 Time(s) /pipermail/infra/2012-September/001100.htm ... com%2Fjahat.php: 4 Time(s) /pipermail/infra/2012-September/001139.htm ... rts.net/IDC.php: 1 Time(s) /pipermail/infra/2012-September/001143.htm ... ort.net/bad.php: 1 Time(s) /pipermail/infra/2012-September/admin/bann ... r.php/login.php: 3 Time(s) /pipermail/infra/2012-September/admin/cate ... s.php/login.php: 3 Time(s) /pipermail/infra/2012-September/admin/conf ... n.php/login.php: 3 Time(s) /pipermail/infra/2012-September/admin/file ... r.php/login.php: 3 Time(s) /pipermail/infra/2012-September/wp-content ... com%2Fjahat.php: 4 Time(s) /pipermail/infra/2012-September/wp-content ... ort.net/bad.php: 1 Time(s) /pipermail/infra/2012-September/wp-content ... rts.net/IDC.php: 1 Time(s) /pipermail/infra/admin/banner_manager.php/login.php: 3 Time(s) /pipermail/infra/admin/categories.php/login.php: 3 Time(s) /pipermail/infra/admin/configuration.php/login.php: 3 Time(s) /pipermail/infra/admin/file_manager.php/login.php: 3 Time(s) /pipermail/infra/index.php?page=register: 2 Time(s) /pipermail/infra/signup.php: 4 Time(s) /pipermail/infra/wp-content/themes/auction ... s.com%2Fbad.php: 1 Time(s) /pipermail/infra/wp-content/themes/crisp/t ... s.com%2Fbad.php: 1 Time(s) /pipermail/infra/wp-content/themes/overeas ... .com//kikok.php: 1 Time(s) /pipermail/infra/wp-login.php?action=register: 2 Time(s) /pipermail/users/2012-February/000594.html ... %27%29+ACCEPTED: 1 Time(s) /pipermail/users/2012-February/cache/fe339 ... f894419f160ab6e: 1 Time(s) /pipermail/users/2012-June/002294.html++++ ... orms+are+found;: 1 Time(s) /pipermail/users/2012-June/002466.html,: 1 Time(s) /releases/3.0/rpm/EL/6/repodata/repodata/repomd.xml: 2 Time(s) /releases/3.0/rpm/EL6/6Server/repodata/repomd.xml: 1 Time(s) /releases/3.0/rpm/fedora/: 1 Time(s) /releases/3.2/rpm/Fedora/18//.treeinfo: 150 Time(s) /releases/3.2/rpm/Fedora/18//treeinfo: 150 Time(s) /releases/3.2/rpm/Fedora/18/ovirt-engine.repo: 1 Time(s) /releases/3.2/rpm/Fedora/19/noarch/repodata/: 1 Time(s) /releases/beta.old.20120808/fedora/17/?C=M;O=A: 1 Time(s) /releases/beta/fedora/17/repodata/filelists.xml.gz: 16 Time(s) /releases/beta/fedora/17/repodata/other.xml.gz: 1 Time(s) /releases/beta/fedora/17/repodata/repomd.xml: 16 Time(s) /releases/beta/rpm/Fedora/18//.treeinfo: 150 Time(s) /releases/beta/rpm/Fedora/18//treeinfo: 150 Time(s) /releases/nightly/fedora: 1 Time(s) /releases/nightly/fedora/16/ovirt-engine.repo: 1 Time(s) /releases/nightly/fedora/16/repodata/repomd.xml: 204 Time(s) /releases/nightly/fedora/17/x86_64/repodata/repomd.xml: 1 Time(s) /releases/nightly/fedora/18/x86_64/repodata/repomd.xml: 1 Time(s) /releases/nightly/rpm/Fedora/18//.treeinfo: 150 Time(s) /releases/nightly/rpm/Fedora/18//treeinfo: 150 Time(s) /releases/nightly/rpm/Fedora/18/noarch/oto ... fc18.noarch.rpm: 98 Time(s) /releases/nightly/rpm/Fedora/18/noarch/ovi ... fc18.noarch.rpm: 498 Time(s) /releases/nightly/rpm/Fedora/18/noarch/vds ... fc18.noarch.rpm: 563 Time(s) /releases/nightly/rpm/el/6/hooks/vdsm-hook ... .el7.noarch.rpm: 1 Time(s) /releases/o: 1 Time(s) /releases/ovir-release-fedora.noarch.rpm: 1 Time(s) /releases/ovirt-releases-fedora.noarch.rpm: 1 Time(s) /releases/stable/binary/: 6 Time(s) /releases/stable/deb/: 1 Time(s) /releases/stable/fedora/16: 1 Time(s) /releases/stable/fedora/16/: 1 Time(s) /releases/stable/fedora/16/ovirt-engine.repo: 2 Time(s) /releases/stable/fedora/16/repodata/primary.xml.gz: 17 Time(s) /releases/stable/fedora/16/repodata/repomd.xml: 228 Time(s) /releases/stable/fedora/19/ovirt-engine.repo: 1 Time(s) /releases/stable/fedora/6.3/x86_64/repodata/repomd.xml: 2 Time(s) /releases/stable/ovirt-engine.reop: 1 Time(s) /releases/stable/ovirt-engine.repo%20-O%20 ... virtengine.repo: 1 Time(s) /releases/stable/rpm/EL/6/repodata/repomd.xml: 6 Time(s) /releases/stable/rpm/EL6: 1 Time(s) /releases/stable/rpm/EL6/: 1 Time(s) /releases/stable/rpm/EL6/6.3/: 1 Time(s) /releases/stable/rpm/EL6/6.3/repodata/: 1 Time(s) /releases/stable/rpm/EL6/6.3/repodata/repomd.xml: 7 Time(s) /releases/stable/rpm/EL6/6/repodata/repomd.xml: 29 Time(s) /releases/stable/rpm/EL6/6Server/repodata/repomd.xml: 10 Time(s) /releases/stable/rpm/EL6/6Workstation/repodata/repomd.xml: 5 Time(s) /releases/stable/rpm/Fedora/13/repodata/repomd.xml: 5 Time(s) /releases/stable/rpm/Fedora/16/repodata/re ... other%20mirror.: 1 Time(s) /releases/stable/rpm/Fedora/16/repodata/repomd.xml: 14 Time(s) /releases/stable/rpm/Fedora/16/repodata/repomd.xml:: 1 Time(s) /releases/stable/rpm/Fedora/18//.treeinfo: 150 Time(s) /releases/stable/rpm/Fedora/18//treeinfo: 150 Time(s) /releases/stable/rpm/Fedora/18/noarch/old/?C=S;O=D: 1 Time(s) /releases/stable/rpm/Fedora/18/repodata/re ... ata/repomd.xml:: 1 Time(s) /releases/stable/rpm/Fedora/18/repodata/re ... data/repomd.xml: 3 Time(s) /releases/stable/rpm/Fedora/18/x86_64/repodata/repomd.xml: 3 Time(s) /releases/stable/rpm/Fedora/19/noarch/old/: 1 Time(s) /releases/stable/rpm/Fedora/19/ovirt-engine.repo: 1 Time(s) /releases/stable/rpm/Fedora/6/repodata/repomd.xml: 1 Time(s) /releases/testing/rpm/Fedora/18/noarch/: 1 Time(s) /robots.txt: 34 Time(s) /wp-content/plugins/wp-phpmyadmin/phpmyadm ... %2F%2Fcilik.php: 3 Time(s) /wp-content/themes/Envisioned/timthumb.php ... .com.br/bad.php: 1 Time(s) /wp-content/themes/Envisioned/timthumb.php ... ort.net/bad.php: 2 Time(s) /wp-content/themes/arras/library/timthumb. ... rts.net/IDC.php: 1 Time(s) /wp-content/themes/auctionpress/thumbs/_tb ... .fm/bangsat.php: 1 Time(s) /wp-content/themes/auctionpress/thumbs/_tb ... rts.net/IDC.php: 1 Time(s) /wp-content/themes/auctionpress/thumbs/_tb ... s.com%2Fbad.php: 1 Time(s) /wp-content/themes/crisp/thumb.php?src=htt ... s.com%2Fbad.php: 1 Time(s) /wp-content/themes/deliciousmagazine/thumb ... t.net%2Fbad.php: 1 Time(s) /wp-content/themes/ecobiz/timthumb.php?src ... et%2F%2Fbad.php: 1 Time(s) /wp-content/themes/ecobiz/timthumb.php?src ... ort.net/bad.php: 1 Time(s) /wp-content/themes/flashnews/thumb.php?src ... t.net%2Fbad.php: 1 Time(s) /wp-content/themes/multidesign/scripts/tim ... /result/bat.php: 1 Time(s) /wp-content/themes/overeasy/thumb.php?src= ... .com//kikok.php: 1 Time(s) /wp-content/themes/typebased/thumb.php?src ... t.net%2Fbad.php: 1 Time(s) /wp-content/themes/versatile/timthumb.php? ... com%2Fjahat.php: 4 Time(s) /wp-content/themes/welcome_inn/thumb.php?s ... om.br%2Fbad.php: 1 Time(s) /wp-content/themes/welcome_inn/timthumb.ph ... om.ar%2Fbad.php: 1 Time(s) /wp-login.php: 74 Time(s) 416 Request Range Not Satisfiable /releases/beta/rpm/Fedora/18/noarch/otopi- ... fc18.noarch.rpm: 1 Time(s) /releases/nightly/rpm/Fedora/17/noarch/oto ... fc17.noarch.rpm: 1 Time(s) /releases/nightly/rpm/Fedora/17/repodata/other.xml.gz: 18 Time(s) /releases/nightly/rpm/Fedora/18/noarch/ovi ... fc18.noarch.rpm: 1 Time(s) /releases/nightly/rpm/Fedora/18/repodata/filelists.xml.gz: 3 Time(s) /releases/stable/rpm/Fedora/18/noarch/ovir ... fc18.noarch.rpm: 5 Time(s) /releases/stable/rpm/Fedora/18/noarch/vdsm ... fc18.noarch.rpm: 2 Time(s) /releases/stable/rpm/Fedora/18/repodata/filelists.xml.gz: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ su-l: Sessions Opened: root -> root: 2 Time(s) sudo-i: Unknown Entries: auth could not identify password for [dcaro]: 1 Time(s) conversation failed: 1 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 1 *Fatal: General fatal 1 *Warning: Startup error 1 *Warning: Pre-queue content-filter connection overload 1 Process exited 13.918M Bytes accepted 14,593,910 286.666M Bytes delivered 300,591,025 ======== ================================================ 1732 Accepted 89.51% 203 Rejected 10.49% -------- ------------------------------------------------ 1935 Total 100.00% ======== ================================================ 198 Reject relay denied 97.54% 5 Reject unknown user 2.46% -------- ------------------------------------------------ 203 Total Rejects 100.00% ======== ================================================ 4357 Connections made 3464 Connections lost 4357 Disconnections 1586 Removed from queue 453 Delivered 43735 Sent via SMTP 4 Forwarded 155 Deferred 2772 Deferrals 23 Bounce (remote) 2 Expired and returned to sender 25 DSNs undeliverable 406 Connection failure (outbound) 31 Timeout (inbound) 8 Excessive errors in SMTP commands dialog 9 Hostname verification errors 479 Enabled PIX workaround 4 Postfix refresh **Unmatched Entries** 1 Feb 20 12:56:19 linode01 postfix/master[1923]: reload -- version 2.6.6, configuration /etc/postfix 1 Feb 20 13:32:00 linode01 postfix/master[1923]: reload -- version 2.6.6, configuration /etc/postfix 1 Feb 20 13:34:20 linode01 postfix/master[1923]: reload -- version 2.6.6, configuration /etc/postfix 1 Feb 20 13:28:25 linode01 postfix/master[1923]: reload -- version 2.6.6, configuration /etc/postfix ---------------------- Postfix End ------------------------- --------------------- Connections (secure-log) Begin ------------------------ New Users: dcaro (516) New Groups: dcaro (516) ---------------------- Connections (secure-log) End ------------------------- --------------------- SSHD Begin ------------------------ Users logging in through sshd: dcaro: 209.132.186.35 (nat-pool-brq-u.redhat.com): 2 times eedri: 66.187.237.10 (nat-pool-tlv-t1.redhat.com): 1 time ekohl: 217.119.231.199 (bogey.xentower.nl): 2 times gerrit-backup: 107.22.212.69 (gerrit.ovirt.org): 3 times jenkins: 107.22.215.130 (ec2-107-22-215-130.compute-1.amazonaws.com): 1 time jslave: 23.20.17.161 (ec2-23-20-17-161.compute-1.amazonaws.com): 63 times mburns: 24.63.186.29 (c-24-63-186-29.hsd1.vt.comcast.net): 5 times rydekull: 79.136.69.32 (h-69-32.a165.priv.bahnhof.se): 1 time 194.237.142.3 (internet-gw-ext.ericsson.se): 1 time Received disconnect: 11: Bye Bye : 371 Time(s) 11: disconnected by user : 20 Time(s) 3: com.jcraft.jsch.JSchException: reject HostKey: 173.255.252.138 : 1 Time(s) SFTP subsystem requests: 62 Time(s) **Unmatched Entries** error: open /dev/tty failed - could not set controlling tty: No such file or directory : 1 time(s) error: /dev/pts/6: No such file or directory : 1 time(s) reverse mapping checking getaddrinfo for 111.122.8.96.host.nwnx.net [96.8.122.111] failed - POSSIBLE BREAK-IN ATTEMPT! : 136 time(s) ---------------------- SSHD End ------------------------- --------------------- Sudo (secure-log) Begin ------------------------ ============================================================================== dcaro => root ------------- /bin/bash - 3 Times. /bin/rm - 1 Times. /usr/bin/vim - 1 Times. ============================================================================== ekohl => root ------------- /bin/bash - 1 Times. /usr/bin/passwd - 1 Times. /usr/sbin/adduser - 1 Times. ============================================================================== mburns => root -------------- /bin/cp - 18 Times. /usr/bin/createrepo - 4 Times. ============================================================================== rydekull => root ---------------- /bin/su - 2 Times. **Unmatched Entries** mburns : (command continued) /home/mburns/vdsm/noarch/vdsm-hook-numa-4.10.3-8.fc18.noarch.rpm /home/mburns/vdsm/noarch/vdsm-hook-pincpu-4.10.3-8.fc18.noarch.rpm /home/mburns/vdsm/noarch/vdsm-hook-promisc-4.10.3-8.fc18.noarch.rpm /home/mburns/vdsm/noarch/vdsm-hook-qemucmdline-4.10.3-8.fc18.noarch.rpm /home/mburns/vdsm/noarch/vdsm-hook-qos-4.10.3-8.fc18.noarch.rpm /home/mburns/vdsm/noarch/vdsm-hook-scratchpad-4.10.3-8.fc18.noarch.rpm /home/mburns/vdsm/noarch/vdsm-hook-smbios-4.10.3-8.fc18.noarch.rpm /home/mburns/vdsm/noarch/vdsm-hook-sriov-4.10.3-8.fc18.noarch.rpm /home/mburns/vdsm/noarch/vdsm-hook-vhostmd-4.10.3-8.fc18.noarch.rpm /home/mburns/vdsm/noarch/vdsm-hook-vmdisk-4.10.3-8.fc18.noarch.rpm /home/mburns/vdsm/noarch/vdsm-hook-vmfex-4.10.3-8.fc18.noarch.rpm /home/mburns/vdsm/noarch/vdsm-jsonrpc-4.10.3-8.fc18.noarch.rpm /home/mburns/vdsm/noarch/vdsm-reg-4.10.3-8.fc18.noarch.rpm /home/mburns/vdsm/noarch/vdsm-tests-4.10.3-8.fc18.noarch.rpm: 1 Time(s) pam_unix(sudo-i:auth): auth could not identify password for [dcaro]: 1 Time(s) pam_unix(sudo-i:auth): conversation failed: 1 Time(s) mburns : (command continued) /home/mburns/vdsm/noarch/vdsm-xmlrpc-4.10.3-8.fc18.noarch.rpm noarch: 1 Time(s) ---------------------- Sudo (secure-log) End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/xvda 48G 45G 2.6G 95% / /dev/xvda => 95% Used. Warning. Disk Filling up. ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################