################### Logwatch 7.3.6 (05/19/07) #################### Processing Initiated: Wed Jan 1 03:20:36 2014 Date Range Processed: yesterday ( 2013-Dec-31 ) Period is day. Detail Level of Output: 0 Type of Output: unformatted Logfiles for Host: linode01.ovirt.org ################################################################## --------------------- httpd Begin ------------------------ A total of 1 sites probed the server 209.188.21.22 A total of 3 possible successful probes were detected (the following URLs contain strings that match one or more of a listing of strings that indicate a possible exploit): /user.php?caselist[bad_file.txt][path]=http://www.google.com/humans.txt?&command=cat%20/etc/passwd HTTP Response 302 /sid=XXXXXXXXXXXXXXXXXXXXXXXXXXXX&shopid=http://www.google.com/humans.txt? HTTP Response 302 /gepi/gestion/savebackup.php?filename=http://www.google.com/humans.txt?&cmd=cat/etc/passwd HTTP Response 302 Requests with error response codes 403 Forbidden /wordpress/wp-admin/: 4 Time(s) 404 Not Found /%09Drupal%0986000%090: 1 Time(s) /admin.php: 3 Time(s) /admin/: 3 Time(s) /admin/banner_manager.php/login.php: 2 Time(s) /admin/board: 5 Time(s) /admin/categories.php/login.php: 2 Time(s) /admin/file_manager.php/login.php: 2 Time(s) /admin/login.php: 3 Time(s) /administrator/index.php: 6 Time(s) /bitrix/admin/index.php?lang=en: 3 Time(s) /blog/wp-admin/: 3 Time(s) /board: 10 Time(s) /browserconfig.xml: 2 Time(s) /category/news/feed: 2 Time(s) /category/news/feed/: 21 Time(s) /favicon.ico: 283 Time(s) /index.php?action=register: 1 Time(s) /listinfo/board: 5 Time(s) /mailman/user/register: 1 Time(s) /news-and-events/workshop/: 1 Time(s) /pipermail/engine-commits/2013-August/008705.html': 1 Time(s) /pipermail/index.php?act=Reg&CODE=00: 3 Time(s) /pipermail/index.php?app=core&module=global§ion=register: 3 Time(s) /pipermail/infra-private/2013-May/000000.html: 1 Time(s) /pipermail/infra/2012-September/admin/bann ... r.php/login.php: 2 Time(s) /pipermail/infra/2012-September/admin/cate ... s.php/login.php: 2 Time(s) /pipermail/infra/2012-September/admin/file ... r.php/login.php: 2 Time(s) /pipermail/infra/2012-november: 1 Time(s) /pipermail/infra/2012-november/001404.html: 1 Time(s) /pipermail/infra/2013-March/002483.html+%3 ... n+~tool&ct=clnk: 1 Time(s) /pipermail/infra/2013-March/002483.html+ac ... 4+~tool&ct=clnk: 1 Time(s) /pipermail/infra/2013-May/003154.html/: 1 Time(s) /pipermail/infra/2013-May/wp-content/plugi ... xfileupload.php: 2 Time(s) /pipermail/infra/admin/banner_manager.php/login.php: 2 Time(s) /pipermail/infra/admin/categories.php/login.php: 2 Time(s) /pipermail/infra/admin/file_manager.php/login.php: 2 Time(s) /pipermail/node-devel/2013-may/000418.html: 1 Time(s) /pipermail/patches: 1 Time(s) /pipermail/users/2012-Febr: 1 Time(s) /pipermail/users/2012-august/009044.html: 1 Time(s) /pipermail/users/2013-february/: 3 Time(s) /pipermail/users/2013-january/011887.html: 1 Time(s) /pipermail/users/2013-june/014893.html: 1 Time(s) /pipermail/users/2013-october/017451.html: 1 Time(s) /releases/3.2/rpm/EL/$releasever/: 1 Time(s) /releases/3.2/src/%25: 1 Time(s) /releases/3.3.2/rpm/EL/$releasever/: 1 Time(s) /releases/3.3.2/rpm/EL/19/repodata/repomd.xml: 39 Time(s) /releases/3.3.2/rpm/Fedora/17/repodata/repomd.xml: 5 Time(s) /releases/3.3.2/rpm/Fedora/18/repodata/repomd.xml: 14 Time(s) /releases/3.3.2/rpm/Fedora/19/noarch/ovirt ... fc19.noarch.rpm: 1 Time(s) /releases/3.3.2/rpm/Fedora/19/ovirt-log-co ... fc19.noarch.rpm: 1 Time(s) /releases/3.3.2/rpm/Fedora/20: 1 Time(s) /releases/3.3.2/rpm/Fedora/20/: 2 Time(s) /releases/3.3.2/rpm/Fedora/20/repodata/repomd.xml: 176 Time(s) /releases/3.3.3/: 1 Time(s) /releases/administrator/index.php: 1 Time(s) /releases/alpha/rpm/Fedora/20/repodata/repomd.xml: 51 Time(s) /releases/beta/fedora/$releasever/: 1 Time(s) /releases/beta/fedora/17: 1 Time(s) /releases/beta/rpm/Fedora/18/n: 1 Time(s) /releases/beta/rpm/Fedora/18/repodata/repomd.xml: 5 Time(s) /releases/beta/rpm/Fedora/20/repodata/repomd.xml: 62 Time(s) /releases/beta/rpm/Fedora/6Server/repodata/repomd.xml: 2 Time(s) /releases/nightly/RHEL/6/repodata/repomd.xml: 2 Time(s) /releases/nightly/fedora/16/: 1 Time(s) /releases/nightly/fedora/16/ovirt-engine-c ... fc16.noarch.rpm: 1 Time(s) /releases/nightly/fedora/16/repodata/repomd.xml: 215 Time(s) /releases/nightly/fedora/17: 1 Time(s) /releases/nightly/rpm/EL/19/repodata/repomd.xml: 9 Time(s) /releases/nightly/rpm/EL/6/noarch/otopi-de ... .el6.noarch.rpm: 1 Time(s) /releases/nightly/rpm/EL/6/noarch/ovirt-en ... .el6.noarch.rpm: 19 Time(s) /releases/nightly/rpm/EL/6/noarch/ovirt-ho ... .el6.noarch.rpm: 1 Time(s) /releases/nightly/rpm/EL/6/noarch/vdsm-boo ... .el6.noarch.rpm: 1 Time(s) /releases/nightly/rpm/EL/6/noarch/vdsm-glu ... .el6.noarch.rpm: 2 Time(s) /releases/nightly/rpm/EL/6/noarch/vdsm-hoo ... .el6.noarch.rpm: 22 Time(s) /releases/nightly/rpm/EL/6/noarch/vdsm-jso ... .el6.noarch.rpm: 1 Time(s) /releases/nightly/rpm/EL/6/noarch/vdsm-tes ... .el6.noarch.rpm: 1 Time(s) /releases/nightly/rpm/EL/6/noarch/vdsm-xml ... .el6.noarch.rpm: 1 Time(s) /releases/nightly/rpm/EL/6/noarch/vdsm-yaj ... .el6.noarch.rpm: 1 Time(s) /releases/nightly/rpm/EL/6/x86_64/vdsm-deb ... .el6.x86_64.rpm: 1 Time(s) /releases/nightly/rpm/EL/6Server/SRPMS/ovi ... 7dd.el6.src.rpm: 1 Time(s) /releases/nightly/rpm/EL/6Server/SRPMS/ovi ... 9d8.el6.src.rpm: 1 Time(s) /releases/nightly/rpm/EL/6Server/SRPMS/ovi ... c3a.el6.src.rpm: 1 Time(s) /releases/nightly/rpm/EL/6Server/noarch/ot ... .el6.noarch.rpm: 3 Time(s) /releases/nightly/rpm/EL/6Server/noarch/ov ... .el6.noarch.rpm: 4 Time(s) /releases/nightly/rpm/EL/6Server/repodata/ ... ilelists.xml.gz: 1 Time(s) /releases/nightly/rpm/EL/6Server/repodata/ ... ther.sqlite.bz2: 1 Time(s) /releases/nightly/rpm/Fedora/17/repodata/repomd.xml: 2 Time(s) /releases/nightly/rpm/Fedora/18/n: 1 Time(s) /releases/nightly/rpm/Fedora/18/noarch/ovi ... fc18.noarch.rpm: 3 Time(s) /releases/nightly/rpm/Fedora/18/noarch/vds ... fc18.noarch.rpm: 5 Time(s) /releases/nightly/rpm/Fedora/19/SRPMS/ovir ... ce.fc19.src.rpm: 1 Time(s) /releases/nightly/rpm/Fedora/19/noarch/mom ... fc19.noarch.rpm: 2 Time(s) /releases/nightly/rpm/Fedora/19/noarch/ovi ... fc19.noarch.rpm: 2 Time(s) /releases/nightly/rpm/Fedora/19/noarch/vds ... fc19.noarch.rpm: 1 Time(s) /releases/nightly/rpm/Fedora/19/repodata/0 ... ther.sqlite.bz2: 6 Time(s) /releases/nightly/rpm/Fedora/19/repodata/5 ... ists.sqlite.bz2: 1 Time(s) /releases/nightly/rpm/Fedora/19/repodata/7 ... ther.sqlite.bz2: 6 Time(s) /releases/nightly/rpm/Fedora/19/repodata/9 ... ther.sqlite.bz2: 15 Time(s) /releases/nightly/rpm/Fedora/20/SRPMS/otop ... a5.fc20.src.rpm: 1 Time(s) /releases/nightly/rpm/Fedora/20/SRPMS/ovir ... 45.fc20.src.rpm: 1 Time(s) /releases/nightly/rpm/Fedora/20/SRPMS/ovir ... f4.fc20.src.rpm: 1 Time(s) /releases/nightly/rpm/Fedora/20/SRPMS/ovir ... f7.fc20.src.rpm: 1 Time(s) /releases/nightly/rpm/Fedora/20/noarch/oto ... fc20.noarch.rpm: 1 Time(s) /releases/nightly/rpm/Fedora/20/noarch/ovi ... fc20.noarch.rpm: 14 Time(s) /releases/nightly/rpm/Fedora/20/noarch/vds ... fc20.noarch.rpm: 23 Time(s) /releases/nightly/rpm/Fedora/20/repodata/b ... ilelists.xml.gz: 1 Time(s) /releases/nightly/rpm/Fedora/20/x86_64/vds ... fc20.x86_64.rpm: 3 Time(s) /releases/nightly/rpm/el/19/repodata/repomd.xml: 1 Time(s) /releases/nightly/rpm/el/6/repodata/507f60 ... ists.sqlite.bz2: 2 Time(s) /releases/nightly/rpm/el/6/repodata/repomd.xml: 13 Time(s) /releases/ovirt-3.2-snapshot/iso/: 1 Time(s) /releases/ovirt-3.2-snapshot/rpm/: 1 Time(s) /releases/ovirt-3.2-snapshot/src/: 1 Time(s) /releases/ovirt-3.2-snapshot/tools/: 1 Time(s) /releases/ovirt-release-@distro@.noarch.rpm: 3 Time(s) /releases/ovirt-release-Fedora20.noarch.rpm: 1 Time(s) /releases/ovirt-release-el6-8-1.noarch.rpm: 2 Time(s) /releases/ovirt-release-f19.noarch.rpm: 1 Time(s) /releases/ovirt-release-fc19.noarch.rpm: 1 Time(s) /releases/stable/binary/: 8 Time(s) /releases/stable/binary/md5sum: 1 Time(s) /releases/stable/fedora/: 2 Time(s) /releases/stable/fedora/16/: 1 Time(s) /releases/stable/fedora/16/repodata/filelists.xml.gz: 24 Time(s) /releases/stable/fedora/16/repodata/repomd.xml: 237 Time(s) /releases/stable/rpm/EL/19/repodata/repomd.xml: 47 Time(s) /releases/stable/rpm/EL/6.2/repodata/repomd.xml: 4 Time(s) /releases/stable/rpm/EL/6.3/repodata/repomd.xml: 2 Time(s) /releases/stable/rpm/EL/6/images/pxeboot/: 1 Time(s) /releases/stable/rpm/EL/6Workstation/repodata/repomd.xml: 2 Time(s) /releases/stable/rpm/EL6/6/repodata/repomd.xml: 8 Time(s) /releases/stable/rpm/Fedora//repodata/repomd.xml: 1 Time(s) /releases/stable/rpm/Fedora/15/repodata/repomd.xml: 4 Time(s) /releases/stable/rpm/Fedora/16/repodata/repomd.xml: 15 Time(s) /releases/stable/rpm/Fedora/18/n: 1 Time(s) /releases/stable/rpm/Fedora/19/noarch/ovir ... fc19.noarch.rpm: 1 Time(s) /releases/stable/rpm/Fedora/20/repodata/repomd.xml: 396 Time(s) /releases/stable/rpm/Fedora/repodata/repomd.xml: 8 Time(s) /releases/stable/src/ovirt-log-collector-%25: 1 Time(s) /releases/stable/src/ovirt-node-2.2.2.tar.gz: 1 Time(s) /releases/updates-testing/rpm/EL/6Server/r ... -primary.xml.gz: 1 Time(s) /releases/updates-testing/rpm/EL/6Server/r ... ilelists.xml.gz: 1 Time(s) /releases/updates-testing/rpm/EL/6Server/r ... ists.sqlite.bz2: 1 Time(s) /releases/updates-testing/rpm/EL/6Server/r ... ther.sqlite.bz2: 1 Time(s) /releases/updates-testing/rpm/Fedora/19/re ... -primary.xml.gz: 1 Time(s) /releases/updates-testing/rpm/Fedora/19/re ... ilelists.xml.gz: 1 Time(s) /releases/updates-testing/rpm/Fedora/20/repodata/repomd.xml: 51 Time(s) /releases/wp-login.php: 1 Time(s) /robots.txt: 69 Time(s) /user/: 3 Time(s) /wp-admin/: 2 Time(s) /wp-content/plugins/mm-forms-community/inc ... xfileupload.php: 2 Time(s) /wp-login.php: 6 Time(s) /wp-login.php?action=register: 3 Time(s) /wp/wp-admin/: 3 Time(s) 416 Request Range Not Satisfiable /releases/nightly/rpm/Fedora/18/noarch/ovi ... fc18.noarch.rpm: 1 Time(s) /releases/stable/rpm/EL/6.5/noarch/ovirt-r ... 10-1.noarch.rpm: 1 Time(s) /releases/stable/rpm/Fedora/18/noarch/ovir ... fc18.noarch.rpm: 3 Time(s) ---------------------- httpd End ------------------------- --------------------- Kernel Begin ------------------------ WARNING: Kernel Errors Present [<c011f140>] ? mm_fault_error+0xe0/0xe0 ...: 2 Time(s) [<c06903c6>] ? error_code+0x5a/0x60 ...: 1 Time(s) ---------------------- Kernel End ------------------------- --------------------- pam_unix Begin ------------------------ su-l: Sessions Opened: root -> root: 4 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 2 *Warning: Queue file size limit exceeded 3 *Warning: Pre-queue content-filter connection overload 37.869M Bytes accepted 39,708,397 2.259G Bytes delivered 2,425,829,813 ======== ================================================ 1834 Accepted 99.95% 1 Rejected 0.05% -------- ------------------------------------------------ 1835 Total 100.00% ======== ================================================ 1 Reject unknown user 100.00% -------- ------------------------------------------------ 1 Total Rejects 100.00% ======== ================================================ 1139 Connections made 1 Connections lost 1139 Disconnections 1830 Removed from queue 684 Delivered 33855 Sent via SMTP 9 Forwarded 22 Deferred 155 Deferrals 1 Bounce (local) 156 Bounce (remote) 3 Expired and returned to sender 13 DSNs undeliverable 268 Connection failure (outbound) 7 Timeout (inbound) 28 Hostname verification errors 341 Enabled PIX workaround ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: jenkins (45726565) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Users logging in through sshd: dcaro: 83.46.175.251 (251.Red-83-46-175.dynamicIP.rima-tde.net): 2 times gerrit-backup: 107.22.212.69 (gerrit.ovirt.org): 2 times jenkins: 66.187.237.11 (nat-pool-tlv-u1.redhat.com): 1 time knesenko: 66.187.237.11 (nat-pool-tlv-u1.redhat.com): 7 times Received disconnect: 11: Goodbye : 1 Time(s) 11: disconnected by user : 8 Time(s) SFTP subsystem requests: 1 Time(s) **Unmatched Entries** reverse mapping checking getaddrinfo for dsl-189-146-52-112-dyn.prod-infinitum.com.mx [189.146.52.112] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s) ---------------------- SSHD End ------------------------- --------------------- Sudo (secure-log) Begin ------------------------ ============================================================================== knesenko => root ---------------- /bin/bash - 15 Times. /bin/rm - 1 Times. /bin/su - 4 Times. ============================================================================== root => root ------------ /bin/rm - 1 Times. ---------------------- Sudo (secure-log) End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/xvda 59G 52G 7.5G 88% / ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################