################### Logwatch 7.3.6 (05/19/07) #################### Processing Initiated: Tue Oct 16 03:39:42 2012 Date Range Processed: yesterday ( 2012-Oct-15 ) Period is day. Detail Level of Output: 0 Type of Output: unformatted Logfiles for Host: linode01.ovirt.org ################################################################## --------------------- httpd Begin ------------------------ A total of 3 sites probed the server 89.216.30.165 91.121.115.109 94.89.221.100 A total of 4 possible successful probes were detected (the following URLs contain strings that match one or more of a listing of strings that indicate a possible exploit): /?option=com_mailto&controller=../../../../../../../../../../../../../../../proc/self/environ%00 HTTP Response 200 //index.php?option=com_mailto&controller=../../../../../../../../../../../../../../../../../../../../../../../../proc/self/environ%0000 HTTP Response 301 //index.php?option=com_mailto&controller=../../../../../../../../../../../../../../../proc/self/environ%00 HTTP Response 301 /?option=com_mailto&controller=../../../../../../../../../../../../../../../../../../../../../../../../proc/self/environ%0000 HTTP Response 200 Requests with error response codes 400 Bad Request /wp-login.php?action=register: 2 Time(s) 404 Not Found /%2A%2Amailman/listinfo/users: 1 Time(s) /Talk:Licensing: 1 Time(s) /User_talk:Quaid/SCALE_10x_presentation: 1 Time(s) /W/IMAGES/A/A9/OVIRT-3.0-INSTALLATION_GUIDE-EN-US.PDF: 1 Time(s) /_vti_bin/shtml.exe/_vti_rpc: 4 Time(s) /_vti_inf.html: 4 Time(s) /about.html: 1 Time(s) /admin/categories.php/login.php?cPath=&act ... product_preview: 16 Time(s) /apple-touch-icon-precomposed.png: 10 Time(s) /apple-touch-icon.png: 8 Time(s) /appserv/main.php?appserv_root=http://hady ... mages/id1.txt??: 1 Time(s) /category/news/favicon.ico: 1 Time(s) /community: 1 Time(s) /community-activity: 1 Time(s) /coraline/: 2 Time(s) /coraline/style.css: 1 Time(s) /crossdomain.xml: 1 Time(s) /docs/Using_the_oVirt_Server_Suite_User_In ... VMResources.png: 2 Time(s) /docs/Using_the_oVirt_Server_Suite_User_In ... ges/vmp-tab.png: 1 Time(s) /favicon.gif: 1 Time(s) /favicon.ico: 1211 Time(s) /features: 1 Time(s) /features/Gluster: 1 Time(s) /guides/introduction/introduction-to-the-pom.html: 1 Time(s) /index.html: 9 Time(s) /labels.rdf: 1 Time(s) /licensing: 1 Time(s) /notified-NotifyUser2?aHR0cDovL3d3dy5vdmly ... WJwcm9qZWN0cy8=: 1 Time(s) /notify-Notifiy-category-none?aHR0cDovL3dp ... GVhc2Vfbm90ZXM=: 1 Time(s) /page/Dashboard_UX: 2 Time(s) /page/FAQ: 1 Time(s) /page/Image:Details-sample.png: 1 Time(s) /page/MediaWiki:Ipb_expiry_invalid/: 4 Time(s) /page/Special:Recentchangeslinked/Image:Ov ... gical-webui.png: 1 Time(s) /pipermail//appserv/main.php?appserv_root= ... mages/id1.txt??: 1 Time(s) /pipermail/commits: 1 Time(s) /pipermail/gerrit: 1 Time(s) /pipermail/infra//appserv/main.php?appserv ... mages/id1.txt??: 1 Time(s) /pipermail/infra/2012-February//appserv/ma ... mages/id1.txt??: 1 Time(s) /pipermail/infra/2012-February/000224.html ... mages/id1.txt??: 1 Time(s) /pipermail/infra/2012-March//admin/categor ... product_preview: 16 Time(s) /pipermail/infra/2012-March/000226.html//a ... product_preview: 16 Time(s) /pipermail/mom-devel: 1 Time(s) /pipermail/nomad-devel: 1 Time(s) /pipermail/patches: 1 Time(s) /pipermail/security: 1 Time(s) /pipermail/security-private: 1 Time(s) /pipermail/users//index.php?option=com_mai ... lf/environ%0000: 1 Time(s) /pipermail/users/2012-April//index.php?opt ... lf/environ%0000: 1 Time(s) /pipermail/users/2012-April//index.php?opt ... self/environ%00: 1 Time(s) /pipermail/users/2012-April/001484.html//i ... self/environ%00: 1 Time(s) /pipermail/users/2012-April/001566.html//i ... self/environ%00: 1 Time(s) /pipermail/users/2012-April/001782.html//i ... self/environ%00: 1 Time(s) /pipermail/users/2012-August/url(data:imag ... SUVORK5CYII%3d): 1 Time(s) /pipermail/users/2012-March//index.php?opt ... self/environ%00: 1 Time(s) /pipermail/users/2012-March/001221.html//i ... self/environ%00: 1 Time(s) /pipermail/users/2012-february/000450.html: 1 Time(s) /pipermail/users/2012-february/000601.html: 1 Time(s) /pipermail/users/2012-march/001038.html: 1 Time(s) /quick-tour.html: 2 Time(s) /rawhide-install-instructions.html: 1 Time(s) /register: 1 Time(s) /release/ovit-release-fedora.noarch.rpm: 1 Time(s) /releases/beta/fedora/16/: 1 Time(s) /releases/beta/fedora/17/: 3 Time(s) /releases/beta/fedora/17/repodata/filelists.xml.gz: 24 Time(s) /releases/beta/fedora/17/repodata/other.xml.gz: 1 Time(s) /releases/beta/fedora/17/repodata/repomd.xml: 48 Time(s) /releases/nightly/binary/: 2 Time(s) /releases/nightly/fedora/: 1 Time(s) /releases/nightly/fedora/16/: 1 Time(s) /releases/nightly/fedora/16/ovirt-engine-c ... fc16.noarch.rpm: 1 Time(s) /releases/nightly/fedora/16/ovirt-engine.repo: 2 Time(s) /releases/nightly/fedora/16/repodata/repomd.xml: 366 Time(s) /releases/ovirt-release-centos.noarch.rpm: 3 Time(s) /releases/ovirt-release-el6.noarch.rpm: 1 Time(s) /releases/ovit-release-fedora.noarch.rpm: 1 Time(s) /releases/stable/binary/: 6 Time(s) /releases/stable/binary/ovirt-node-image-2.2.2-2.2.fc16.iso: 2 Time(s) /releases/stable/fedora/: 1 Time(s) /releases/stable/fedora/16//repodata/repomd.xml: 1 Time(s) /releases/stable/fedora/16/dists/natty/InRelease: 1 Time(s) /releases/stable/fedora/16/dists/natty/Release: 1 Time(s) /releases/stable/fedora/16/dists/natty/Release.gpg: 1 Time(s) /releases/stable/fedora/16/dists/natty/mai ... /Translation-en: 1 Time(s) /releases/stable/fedora/16/dists/natty/mai ... /Translation-ru: 1 Time(s) /releases/stable/fedora/16/dists/natty/mai ... 386/Packages.gz: 1 Time(s) /releases/stable/fedora/16/dists/natty/mai ... 386/Packages.xz: 1 Time(s) /releases/stable/fedora/16/dists/natty/mai ... 86/Packages.bz2: 1 Time(s) /releases/stable/fedora/16/dists/natty/mai ... anslation-en.gz: 1 Time(s) /releases/stable/fedora/16/dists/natty/mai ... anslation-en.xz: 1 Time(s) /releases/stable/fedora/16/dists/natty/mai ... anslation-ru.gz: 1 Time(s) /releases/stable/fedora/16/dists/natty/mai ... anslation-ru.xz: 1 Time(s) /releases/stable/fedora/16/dists/natty/mai ... anslation-ru_RU: 1 Time(s) /releases/stable/fedora/16/dists/natty/mai ... ation-ru_RU.bz2: 1 Time(s) /releases/stable/fedora/16/dists/natty/mai ... lation-ru_RU.gz: 1 Time(s) /releases/stable/fedora/16/dists/natty/mai ... lation-ru_RU.xz: 1 Time(s) /releases/stable/fedora/16/dists/natty/mai ... nslation-en.bz2: 1 Time(s) /releases/stable/fedora/16/dists/natty/mai ... nslation-ru.bz2: 1 Time(s) /releases/stable/fedora/16/dists/natty/mai ... y-i386/Packages: 1 Time(s) /releases/stable/fedora/16/dists/natty/main/i18n/Index: 1 Time(s) /releases/stable/fedora/16/ovirt-engine-jb ... fc16.x86_64.rpm: 1 Time(s) /releases/stable/fedora/16/repodata/primary.xml.gz: 24 Time(s) /releases/stable/fedora/16/repodata/repomd.xml: 645 Time(s) /releases/stable/fedora/17/repodata/repomd.xml: 3 Time(s) /releases/stable/ovirt-engine.repo: 4 Time(s) /releases/stable/ovirt-engine.repo%20-O%20 ... virtengine.repo: 1 Time(s) /releases/stable/rpm/EL/6/repodata/repomd.xml: 5 Time(s) /releases/stable/rpm/EL/6Server/repodata/repomd.xml: 1 Time(s) /releases/stable/rpm/EL6/17/repodata/repomd.xml: 1 Time(s) /releases/stable/rpm/EL6/6.3/repodata/repomd.xml: 2 Time(s) /releases/stable/rpm/EL6/6/repodata/repomd.xml: 598 Time(s) /releases/stable/rpm/EL6/6Server/repodata/repomd.xml: 41 Time(s) /releases/stable/rpm/Fedora/16/repodata/repomd.xml: 36 Time(s) /releases/stable/src/ovirt-engine-3.0.0_0001.tar.gz: 1 Time(s) /releases/stable/tools/ovirt-node-iso-2.5.1-1.0.fc17.iso: 1 Time(s) /repos/ovirt/10/x86_64/repodata/repomd.xml: 24 Time(s) /repos/ovirt/11/x86_64/livecd-tools-024-1o ... fc11.x86_64.rpm: 1 Time(s) /repos/ovirt/15/i386/repodata/repomd.xml: 2 Time(s) /repos/ovirt/15/x86_64/repodata/repomd.xml: 2 Time(s) /repos/ovirt/ARCHIVE: 1 Time(s) /robots.txt: 83 Time(s) /screenshots.html: 4 Time(s) /screenshots/AddStorageView.png: 1 Time(s) /screenshots/UserChangeRole.png: 1 Time(s) /screenshots/ViewHosts.png: 1 Time(s) /screenshots/ViewVMPool.png: 1 Time(s) /screenshots/ViewVMResources.png: 1 Time(s) /screenshots/oVirtInterface.png: 1 Time(s) /screenshots/ss-library.png: 1 Time(s) /signup.php: 2 Time(s) /snapshot/repo1.maven.org/maven2/org.mortbay.jetty/servlet: 1 Time(s) /styles/diagram4.png: 3 Time(s) /styles/favicon.ico: 1 Time(s) /verify-NotifyUser2?aHR0cDovL3d3dy5vdmlydC ... WJwcm9qZWN0cy8=: 1 Time(s) /w/images/a/a9/ovirt-3.0-installation_guide-en-us.pdf: 1 Time(s) /w/index.php?title=-&action=raw&ge ... onobook&270: 39 Time(s) /w/index.php?title=-&action=raw&ma ... 000&gen=css: 34 Time(s) /wiki/Build_and_install_engine_rpm: 1 Time(s) /wiki/Building_Ovit_Engine: 2 Time(s) /wiki/Category:Sla: 2 Time(s) /wiki/Category_talk:Infrastructure_documentation: 1 Time(s) /wiki/Category_talk:Orphaned_Images: 1 Time(s) /wiki/Developer: 2 Time(s) /wiki/Features/.php: 1 Time(s) /wiki/Features/NFSv4): 7 Time(s) /wiki/Features/Quota-3.2: 2 Time(s) /wiki/Features/remotedb: 1 Time(s) /wiki/Help_talk:Contents: 1 Time(s) /wiki/Image_Repository: 4 Time(s) /wiki/Index.php: 2 Time(s) /wiki/OVirt_Administration_Guide: 5 Time(s) /wiki/OVirt_Evaluation_Guide: 2 Time(s) /wiki/OVirt_Installation_Guide: 5 Time(s) /wiki/Ovirt_3.0_feature_guide: 1 Time(s) /wiki/Register.php: 2 Time(s) /wiki/SLA-mom: 2 Time(s) /wiki/Sla-mom: 2 Time(s) /wiki/Talk:Architecture: 1 Time(s) /wiki/Talk:DevelopersAllInOne: 1 Time(s) /wiki/Talk:Features/Intial_Run_Vm_tab: 1 Time(s) /wiki/Talk:Features/User_Portal_Permissions: 1 Time(s) /wiki/Talk:Infrastructure_team_meetings: 1 Time(s) /wiki/Talk:Intial_Run_Vm_tab: 1 Time(s) /wiki/Talk:Licensing: 1 Time(s) /wiki/Talk:Node: 1 Time(s) /wiki/Talk:OVirt_3.0_Release_Notes: 1 Time(s) /wiki/Talk:OVirt_3.1_release_notes: 3 Time(s) /wiki/Talk:OVirt_home_in_Chinese: 1 Time(s) /wiki/Talk:Options_for_RSS_feed_bundling: 1 Time(s) /wiki/Talk:Quick_Start_Guide: 1 Time(s) /wiki/Talk:Quickstart_guide_to_setting_up_ ... ng_oVirt_system: 1 Time(s) /wiki/Talk:Release_process: 1 Time(s) /wiki/Talk:User-level-query-column-filtering: 1 Time(s) /wiki/Talk:Yum_repo_file: 1 Time(s) /wiki/Testing/OvirtTestDay3.0: 2 Time(s) /wiki/Troubleshooting_NFS_Storage_Issues.: 2 Time(s) /wiki/Undefined: 2 Time(s) /wiki/User:157.56.95.143: 1 Time(s) /wiki/User:Hateya: 2 Time(s) /wiki/User:Rgolan: 1 Time(s) /wiki/User_talk:157.56.95.143: 1 Time(s) /wiki/User_talk:Hateya: 2 Time(s) /wiki/User_talk:Jumper45: 1 Time(s) /wiki/User_talk:Quaid/SCALE_10x_presentation: 1 Time(s) /wiki/User_talk:Vszocs: 1 Time(s) /wiki/Working_with_ovirt-gerrit: 1 Time(s) /wiki/index.php?title=Special:UserLogin&type=signup: 32 Time(s) /wiki/oVirtWiki:General_disclaimer: 1 Time(s) /wiki/oVirtWiki:Privacy_policy: 2 Time(s) /wiki/oVirtWiki:Users: 1 Time(s) /wiki/wikka.php?wakka=UserSettings: 1 Time(s) /wp-content/themes/coraline-ovirt/images/wordpress.png: 18 Time(s) http://37.28.156.211/sprawdza.php: 1 Time(s) http://wiki.ovirt.org/wiki/index.php?title ... gin&type=signup: 1 Time(s) 405 Method Not Allowed /wp-content/uploads/2011/: 2 Time(s) /wp-content/uploads/2011/09/: 9 Time(s) /wp-content/uploads/2011/09/ibm-logo1.png: 4 Time(s) /wp-content/uploads/2011/09/ovirt.png: 3 Time(s) 416 Request Range Not Satisfiable /releases/nightly/rpm/Fedora/17/repodata/other.xml.gz: 1 Time(s) /releases/stable/rpm/Fedora/17/repodata/filelists.xml.gz: 2 Time(s) 500 Internal Server Error /wp-content/themes/coraline-ovirt/: 2 Time(s) /wp-content/themes/coraline/: 2 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ su: Sessions Opened: root -> root: 1 Time(s) sudo: Unknown Entries: auth could not identify password for [mburns]: 1 Time(s) conversation failed: 1 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 1 *Warning: Pre-queue content-filter connection overload 3 Miscellaneous warnings 101.762M Bytes accepted 106,705,316 3.230G Bytes delivered 3,467,968,163 ======== ================================================ 1632 Accepted 99.82% 3 Rejected 0.18% -------- ------------------------------------------------ 1635 Total 100.00% ======== ================================================ 3 Reject unknown user 100.00% -------- ------------------------------------------------ 3 Total Rejects 100.00% ======== ================================================ 895 Connections made 895 Disconnections 1593 Removed from queue 476 Delivered 24344 Sent via SMTP 4 Forwarded 89 Deferred 1042 Deferrals 1 Bounce (local) 13 Bounce (remote) 2 Expired and returned to sender 1 DSNs delivered 15 DSNs undeliverable 1192 Connection failure (outbound) 5 Timeout (inbound) 2 Hostname verification errors 334 Enabled PIX workaround ---------------------- Postfix End ------------------------- --------------------- SSHD Begin ------------------------ Users logging in through sshd: gerrit-backup: 107.22.212.69 (gerrit.ovirt.org): 3 times jenkins: 107.22.215.130 (ec2-107-22-215-130.compute-1.amazonaws.com): 1 time mburns: 24.63.186.29 (c-24-63-186-29.hsd1.vt.comcast.net): 6 times quaid: 50.1.51.127 (50-1-51-127.dsl.dynamic.fusionbroadband.com): 1 time Received disconnect: 11: Bye Bye : 521 Time(s) 11: disconnected by user : 8 Time(s) SFTP subsystem requests: 1 Time(s) **Unmatched Entries** reverse mapping checking getaddrinfo for hosted.by.serveo.nl [91.218.124.51] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s) reverse mapping checking getaddrinfo for 138.125.116.112.broad.km.yn.dynamic.163data.com.cn [112.116.125.138] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s) ---------------------- SSHD End ------------------------- --------------------- Sudo (secure-log) Begin ------------------------ ============================================================================== mburns => root -------------- /bin/mv - 6 Times. /bin/rm - 1 Times. /bin/su - 1 Times. /usr/bin/createrepo - 1 Times. **Unmatched Entries** pam_unix(sudo:auth): auth could not identify password for [mburns]: 1 Time(s) pam_unix(sudo:auth): conversation failed: 1 Time(s) ---------------------- Sudo (secure-log) End ------------------------- --------------------- XNTPD Begin ------------------------ Total synchronizations 4 (hosts: 2) ---------------------- XNTPD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/xvda 25G 23G 1.9G 93% / /dev/xvda => 93% Used. Warning. Disk Filling up. ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################