VServer startete einfach neu - warum?

#1
Hallo,

ich habe mir einen VServer XL von Alfahosting.de gemietet. Auf diesem habe ich ein Debian Lenny installiert mit Apache2, MySQL, pureFTP und diversen Sachen mehr. Jetzt musste ich vorgestern feststellen, dass - aus welchen Gründen auch immer - der Server in der Nacht einfach neu gebootet hat. Ich dachte erst, der physische Server wäre evtl. wg. eines Updates neu gestartet worden. Aber vom Support erhielt ich die Info, dass dort nix neugestartet wurde.

So habe ich mich auf den Weg in die LogFiles gemacht und folgendes gefunden:

in der /var/log/auth.log

Code:
Jan 28 03:42:01 galaxy5 CRON[18197]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 28 03:42:01 galaxy5 CRON[18197]: pam_unix(cron:session): session closed for user root
Jan 28 03:43:01 galaxy5 CRON[7715]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 28 03:43:01 galaxy5 CRON[7717]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 28 03:43:01 galaxy5 CRON[7717]: pam_unix(cron:session): session closed for user root
Jan 28 03:43:02 galaxy5 su[9456]: Successful su for amavis by root
Jan 28 03:43:02 galaxy5 su[9456]: + ??? root:amavis
Jan 28 03:43:02 galaxy5 su[9456]: pam_unix(su:session): session opened for user amavis by (uid=0)
Jan 28 03:43:04 galaxy5 su[9456]: pam_unix(su:session): session closed for user amavis
Jan 28 03:44:01 galaxy5 CRON[14200]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 28 03:44:01 galaxy5 CRON[14200]: pam_unix(cron:session): session closed for user root

Könnte mir irgendjemand sagen, wie der Reboot zustande gekommen sein könnte? Wurde ich gehackt? :eek:
Gesehen habe ich dazu noch nichts in der Logs.

Schon einmal vielen Dank.

Mfg
 
#2
und in der /var/log/messages war folgendes zu lesen:

Code:
Jan 27 19:04:48 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] Logout.
Jan 27 19:04:48 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] New connection from 64.244.62.197
Jan 27 19:04:49 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] PAM_RHOST enabled. Getting the peer address
Jan 27 19:04:51 galaxy5 pure-ftpd: (?@64.244.62.197) [WARNING] Authentication failed for user [anyone]
Jan 27 19:04:57 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] Logout.
Jan 27 19:04:59 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] New connection from 64.244.62.197
Jan 27 19:04:59 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] PAM_RHOST enabled. Getting the peer address
Jan 27 19:05:01 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Jan 27 19:05:01 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
Jan 27 19:05:01 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] New connection from 64.244.62.197
Jan 27 19:05:01 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] PAM_RHOST enabled. Getting the peer address
Jan 27 19:05:01 galaxy5 pure-ftpd: (?@64.244.62.197) [WARNING] Authentication failed for user [admin]
Jan 27 19:05:02 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] New connection from 64.244.62.197
Jan 27 19:05:02 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] PAM_RHOST enabled. Getting the peer address
Jan 27 19:05:03 galaxy5 pure-ftpd: (?@64.244.62.197) [WARNING] Authentication failed for user [administrator]
Jan 27 19:05:04 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] New connection from 64.244.62.197
Jan 27 19:05:04 galaxy5 pure-ftpd: (?@64.244.62.197) [WARNING] Authentication failed for user [admin]
Jan 27 19:05:04 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] PAM_RHOST enabled. Getting the peer address
Jan 27 19:05:04 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] New connection from 64.244.62.197
Jan 27 19:05:04 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] PAM_RHOST enabled. Getting the peer address
Jan 27 19:05:06 galaxy5 pure-ftpd: (?@64.244.62.197) [WARNING] Authentication failed for user [administrator]
Jan 27 19:05:06 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] New connection from 64.244.62.197
Jan 27 19:05:06 galaxy5 pure-ftpd: (?@64.244.62.197) [WARNING] Authentication failed for user [admin]
Jan 27 19:05:06 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] PAM_RHOST enabled. Getting the peer address
Jan 27 19:05:06 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] Logout.
Jan 27 19:05:07 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] New connection from 64.244.62.197
Jan 27 19:05:07 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] PAM_RHOST enabled. Getting the peer address
Jan 27 19:05:07 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] Logout.
Jan 27 19:05:09 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] Logout.
Jan 27 19:05:09 galaxy5 pure-ftpd: (?@64.244.62.197) [WARNING] Authentication failed for user [administrator]
Jan 27 19:05:09 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] New connection from 64.244.62.197
Jan 27 19:05:10 galaxy5 pure-ftpd: (?@64.244.62.197) [WARNING] Authentication failed for user [admin]
Jan 27 19:05:10 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] PAM_RHOST enabled. Getting the peer address
Jan 27 19:05:10 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] New connection from 64.244.62.197
Jan 27 19:05:10 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] PAM_RHOST enabled. Getting the peer address
Jan 27 19:05:11 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] Logout.
Jan 27 19:05:11 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] Logout.
Jan 27 19:05:11 galaxy5 pure-ftpd: (?@64.244.62.197) [WARNING] Authentication failed for user [administrator]
Jan 27 19:05:12 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] New connection from 64.244.62.197
Jan 27 19:05:12 galaxy5 pure-ftpd: (?@64.244.62.197) [WARNING] Authentication failed for user [admin]
Jan 27 19:05:12 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] PAM_RHOST enabled. Getting the peer address
Jan 27 19:05:12 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] New connection from 64.244.62.197
Jan 27 19:05:13 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] PAM_RHOST enabled. Getting the peer address
Jan 27 19:05:13 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] Logout.
Jan 27 19:05:14 galaxy5 pure-ftpd: (?@64.244.62.197) [WARNING] Authentication failed for user [administrator]
Jan 27 19:05:14 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] New connection from 64.244.62.197
Jan 27 19:05:14 galaxy5 pure-ftpd: (?@64.244.62.197) [WARNING] Authentication failed for user [admin]
Jan 27 19:05:14 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] PAM_RHOST enabled. Getting the peer address
Jan 27 19:05:15 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] Logout.
Jan 27 19:05:15 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] New connection from 64.244.62.197
Jan 27 19:05:15 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] PAM_RHOST enabled. Getting the peer address
Jan 27 19:05:15 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] Logout.
Jan 27 19:05:16 galaxy5 pure-ftpd: (?@64.244.62.197) [WARNING] Authentication failed for user [administrator]
Jan 27 19:05:17 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] New connection from 64.244.62.197
Jan 27 19:05:17 galaxy5 pure-ftpd: (?@64.244.62.197) [WARNING] Authentication failed for user [admin]
Jan 27 19:05:17 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] PAM_RHOST enabled. Getting the peer address
Jan 27 19:05:17 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] New connection from 64.244.62.197
Jan 27 19:05:17 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] Logout.
Jan 27 19:05:17 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] PAM_RHOST enabled. Getting the peer address
Jan 27 19:05:17 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] New connection from 64.244.62.197
Jan 27 19:05:17 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] Logout.
Jan 27 19:05:17 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] PAM_RHOST enabled. Getting the peer address
Jan 27 19:05:18 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] Logout.
Jan 27 19:05:19 galaxy5 pure-ftpd: (?@64.244.62.197) [WARNING] Authentication failed for user [administrator]
Jan 27 19:05:19 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] New connection from 64.244.62.197
Jan 27 19:05:19 galaxy5 pure-ftpd: (?@64.244.62.197) [WARNING] Authentication failed for user [admin]
Jan 27 19:05:20 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] PAM_RHOST enabled. Getting the peer address
Jan 27 19:05:20 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] New connection from 64.244.62.197
Jan 27 19:05:20 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] Logout.
Jan 27 19:05:20 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] Logout.
Jan 27 19:05:20 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] PAM_RHOST enabled. Getting the peer address
Jan 27 19:05:21 galaxy5 pure-ftpd: (?@64.244.62.197) [WARNING] Authentication failed for user [administrator]
Jan 27 19:05:22 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] New connection from 64.244.62.197
Jan 27 19:05:22 galaxy5 pure-ftpd: (?@64.244.62.197) [WARNING] Authentication failed for user [admin]
Jan 27 19:05:22 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] PAM_RHOST enabled. Getting the peer address
Jan 27 19:05:22 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] New connection from 64.244.62.197
Jan 27 19:05:22 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] Logout.
Jan 27 19:05:22 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] PAM_RHOST enabled. Getting the peer address
Jan 27 19:05:23 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] Logout.
Jan 27 19:05:24 galaxy5 pure-ftpd: (?@64.244.62.197) [WARNING] Authentication failed for user [administrator]
Jan 27 19:05:24 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] New connection from 64.244.62.197
Jan 27 19:05:24 galaxy5 pure-ftpd: (?@64.244.62.197) [WARNING] Authentication failed for user [admin]
Jan 27 19:05:24 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] Logout.
Jan 27 19:05:25 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] PAM_RHOST enabled. Getting the peer address
Jan 27 19:05:25 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] New connection from 64.244.62.197
Jan 27 19:05:25 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] PAM_RHOST enabled. Getting the peer address
Jan 27 19:05:25 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] Logout.
Jan 27 19:05:26 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] Logout.
Jan 27 19:05:27 galaxy5 pure-ftpd: (?@64.244.62.197) [WARNING] Authentication failed for user [administrator]
Jan 27 19:05:27 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] New connection from 64.244.62.197
Jan 27 19:05:27 galaxy5 pure-ftpd: (?@64.244.62.197) [WARNING] Authentication failed for user [admin]
Jan 27 19:05:28 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] PAM_RHOST enabled. Getting the peer address
Jan 27 19:05:28 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] New connection from 64.244.62.197
Jan 27 19:05:28 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] PAM_RHOST enabled. Getting the peer address
Jan 27 19:05:28 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] Logout.
Jan 27 19:05:29 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] Logout.
Jan 27 19:05:29 galaxy5 pure-ftpd: (?@64.244.62.197) [WARNING] Authentication failed for user [administrator]
 
#3
Code:
Jan 27 19:05:24 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] New connection from 64.244.62.197
Jan 27 19:05:24 galaxy5 pure-ftpd: (?@64.244.62.197) [WARNING] Authentication failed for user [admin]
Jan 27 19:05:24 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] Logout.
Jan 27 19:05:25 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] PAM_RHOST enabled. Getting the peer address
Jan 27 19:05:25 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] New connection from 64.244.62.197
Jan 27 19:05:25 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] PAM_RHOST enabled. Getting the peer address
Jan 27 19:05:25 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] Logout.
Jan 27 19:05:26 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] Logout.
Jan 27 19:05:27 galaxy5 pure-ftpd: (?@64.244.62.197) [WARNING] Authentication failed for user [administrator]
Jan 27 19:05:27 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] New connection from 64.244.62.197
Jan 27 19:05:27 galaxy5 pure-ftpd: (?@64.244.62.197) [WARNING] Authentication failed for user [admin]
Jan 27 19:05:28 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] PAM_RHOST enabled. Getting the peer address
Jan 27 19:05:28 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] New connection from 64.244.62.197
Jan 27 19:05:28 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] PAM_RHOST enabled. Getting the peer address
Jan 27 19:05:28 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] Logout.
Jan 27 19:05:29 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] Logout.
Jan 27 19:05:29 galaxy5 pure-ftpd: (?@64.244.62.197) [WARNING] Authentication failed for user [administrator]
Jan 27 19:05:30 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] New connection from 64.244.62.197
Jan 27 19:05:30 galaxy5 pure-ftpd: (?@64.244.62.197) [WARNING] Authentication failed for user [admin]
Jan 27 19:05:30 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] PAM_RHOST enabled. Getting the peer address
Jan 27 19:05:30 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] New connection from 64.244.62.197
Jan 27 19:05:31 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] PAM_RHOST enabled. Getting the peer address
Jan 27 19:05:31 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] Logout.
Jan 27 19:05:32 galaxy5 pure-ftpd: (?@64.244.62.197) [WARNING] Authentication failed for user [administrator]
Jan 27 19:05:33 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] Logout.
Jan 27 19:05:33 galaxy5 pure-ftpd: (?@64.244.62.197) [WARNING] Authentication failed for user [admin]
Jan 27 19:05:33 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] New connection from 64.244.62.197
Jan 27 19:05:33 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] PAM_RHOST enabled. Getting the peer address
Jan 27 19:05:33 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] Logout.
Jan 27 19:05:35 galaxy5 last message repeated 2 times
Jan 27 19:05:35 galaxy5 pure-ftpd: (?@64.244.62.197) [WARNING] Authentication failed for user [administrator]
Jan 27 19:05:36 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] Logout.
Jan 27 19:05:39 galaxy5 last message repeated 2 times
Jan 27 19:10:01 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Jan 27 19:10:01 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
Jan 27 19:15:02 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Jan 27 19:15:02 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
[...]
Jan 28 02:25:01 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
Jan 28 02:30:01 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Jan 28 02:30:01 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
Jan 28 02:35:01 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Jan 28 02:35:01 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
Jan 28 02:40:01 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Jan 28 02:40:01 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
Jan 28 02:45:01 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Jan 28 02:45:01 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
Jan 28 02:50:01 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Jan 28 02:50:01 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
Jan 28 02:55:03 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Jan 28 02:55:03 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
Jan 28 03:00:02 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Jan 28 03:00:02 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
Jan 28 03:05:00 galaxy5 pure-ftpd: (?@84.246.226.180) [INFO] New connection from 84.246.226.180
Jan 28 03:05:00 galaxy5 pure-ftpd: (?@84.246.226.180) [INFO] Logout.
Jan 28 03:05:01 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Jan 28 03:05:01 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
Jan 28 03:10:01 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Jan 28 03:10:01 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
Jan 28 03:15:01 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Jan 28 03:15:01 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
Jan 28 03:20:01 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Jan 28 03:20:01 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
Jan 28 03:25:01 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Jan 28 03:25:01 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
Jan 28 03:30:01 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Jan 28 03:30:01 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
Jan 28 03:35:01 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Jan 28 03:35:01 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
Jan 28 03:40:02 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Jan 28 03:40:02 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
Jan 28 03:44:18 galaxy5 syslogd 1.5.0#5: restart.
Jan 28 03:45:02 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Jan 28 03:45:02 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
Jan 28 03:50:01 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Jan 28 03:50:01 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
Jan 28 03:55:01 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
[...]
 

Till

Administrator
#4
Zur ersten Frage:

Checke mal Deinen Server mit rkhunter.

Zum FTP Log: Das sind ganz normale Login Versuche von scripts. Das ist also normal. Du solltest Nur sicher stellen, dass Du ein ausreichend langes Passwort verwendest.
 
#5
Hallo,

danke, dass sich jemand gemeldet hat. Also ich habe mal rkhunter gestartet (hatte es bereits installiert), und dort werden einige Warnungen ausgegeben. Ein Rootkit wurde hier aber nicht gefunden.

Bspw. mosert rkhunter an folgendem rum:

Checking application versions...
Checking version of GnuPG [ Warning ]
Checking version of OpenSSL [ Warning ]
Checking version of PHP [ Warning ]
Checking version of Procmail MTA [ OK ]
Checking version of OpenSSH [ Warning ]

Aus welchem Grunde kann ich nicht nachvollziehen.

Habt ihr eine Idee?

Da hier im Text eine Zeichenbegrenzung enthalten ist, habe ich kurzerhand das gesamte Logfile als Anlage beigefügt.

Schon einmal vielen Dank.

Mfg
 

Anhänge

Till

Administrator
#6
Die Warnings sind ok, solange keine rootkits gefunden wurden. Der Versionscheck ist nicht wirklich zuverlässig, da er nicht erkennt ob eine software gepatcht wurde ohne die Versionsnummer zu erhöhen wie es die meisten Linux Distributionen machen.
 
#7
Also kann ich davon ausgehen, dass ich zunächst nicht gehacked wurde?!

Aber aus welchen Gründen ist denn nun mein Server neu hochgefahren?

Aufgefallen ist es mir dadurch, dass mein Email-Client zunächst wegen des ServerKey eine Meldung brachte. Und das ist ja eher merkwürdig, denn den Key habe ich doch nicht neu generiert!

Nur zur Info: Ich habe meinen Server nach dieser Anleitung aufgesetzt.

Mfg
 
#8
Hast Du ein Monitoringtool installiert mit dem sich evtl nachvollziehen lässt, wie es zu der Zeit um den Speicher, Swap, Netzwerk etc stand?
 
#9
Was für ein Monitor-Tool sollte ich denn installiert haben? Ich bin nach oben benannter Install-Anleitung vorgegangen, und dort sind m.E. nur Vlogger, Webalizer, AWstats, Jailkit, fail2ban, und rkhunter installiert. Bei diesen PRogrammen ist m.E. ein Monitorprogramm, wie Du es meinst, nicht enthalten.

Mir fällt gerade ein, dass eine merkwürdige Sache auch noch ist, dass maßgeblich MyDNS sich ab und an aus welchen unerfindlichen Gründen verabschiedet. Das muss ich dann immer mal wieder neu starten.

Wann das passiert und mögliche Ursachen konnte ich bislang nicht ausmachen.

Mfg
 

Werbung

Top