VServer startete einfach neu - warum?

Dieses Thema im Forum "Server Administration" wurde erstellt von speedy8, 29. Jan. 2011.

  1. speedy8

    speedy8 Member

    Hallo,

    ich habe mir einen VServer XL von Alfahosting.de gemietet. Auf diesem habe ich ein Debian Lenny installiert mit Apache2, MySQL, pureFTP und diversen Sachen mehr. Jetzt musste ich vorgestern feststellen, dass - aus welchen Gründen auch immer - der Server in der Nacht einfach neu gebootet hat. Ich dachte erst, der physische Server wäre evtl. wg. eines Updates neu gestartet worden. Aber vom Support erhielt ich die Info, dass dort nix neugestartet wurde.

    So habe ich mich auf den Weg in die LogFiles gemacht und folgendes gefunden:

    in der /var/log/auth.log

    Code:
    Jan 28 03:42:01 galaxy5 CRON[18197]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 28 03:42:01 galaxy5 CRON[18197]: pam_unix(cron:session): session closed for user root
    Jan 28 03:43:01 galaxy5 CRON[7715]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 28 03:43:01 galaxy5 CRON[7717]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 28 03:43:01 galaxy5 CRON[7717]: pam_unix(cron:session): session closed for user root
    Jan 28 03:43:02 galaxy5 su[9456]: Successful su for amavis by root
    Jan 28 03:43:02 galaxy5 su[9456]: + ??? root:amavis
    Jan 28 03:43:02 galaxy5 su[9456]: pam_unix(su:session): session opened for user amavis by (uid=0)
    Jan 28 03:43:04 galaxy5 su[9456]: pam_unix(su:session): session closed for user amavis
    Jan 28 03:44:01 galaxy5 CRON[14200]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 28 03:44:01 galaxy5 CRON[14200]: pam_unix(cron:session): session closed for user root

    Könnte mir irgendjemand sagen, wie der Reboot zustande gekommen sein könnte? Wurde ich gehackt? :eek:
    Gesehen habe ich dazu noch nichts in der Logs.

    Schon einmal vielen Dank.

    Mfg
     
  2. speedy8

    speedy8 Member

    und in der /var/log/messages war folgendes zu lesen:

    Code:
    Jan 27 19:04:48 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] Logout.
    Jan 27 19:04:48 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] New connection from 64.244.62.197
    Jan 27 19:04:49 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] PAM_RHOST enabled. Getting the peer address
    Jan 27 19:04:51 galaxy5 pure-ftpd: (?@64.244.62.197) [WARNING] Authentication failed for user [anyone]
    Jan 27 19:04:57 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] Logout.
    Jan 27 19:04:59 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] New connection from 64.244.62.197
    Jan 27 19:04:59 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] PAM_RHOST enabled. Getting the peer address
    Jan 27 19:05:01 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Jan 27 19:05:01 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
    Jan 27 19:05:01 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] New connection from 64.244.62.197
    Jan 27 19:05:01 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] PAM_RHOST enabled. Getting the peer address
    Jan 27 19:05:01 galaxy5 pure-ftpd: (?@64.244.62.197) [WARNING] Authentication failed for user [admin]
    Jan 27 19:05:02 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] New connection from 64.244.62.197
    Jan 27 19:05:02 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] PAM_RHOST enabled. Getting the peer address
    Jan 27 19:05:03 galaxy5 pure-ftpd: (?@64.244.62.197) [WARNING] Authentication failed for user [administrator]
    Jan 27 19:05:04 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] New connection from 64.244.62.197
    Jan 27 19:05:04 galaxy5 pure-ftpd: (?@64.244.62.197) [WARNING] Authentication failed for user [admin]
    Jan 27 19:05:04 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] PAM_RHOST enabled. Getting the peer address
    Jan 27 19:05:04 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] New connection from 64.244.62.197
    Jan 27 19:05:04 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] PAM_RHOST enabled. Getting the peer address
    Jan 27 19:05:06 galaxy5 pure-ftpd: (?@64.244.62.197) [WARNING] Authentication failed for user [administrator]
    Jan 27 19:05:06 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] New connection from 64.244.62.197
    Jan 27 19:05:06 galaxy5 pure-ftpd: (?@64.244.62.197) [WARNING] Authentication failed for user [admin]
    Jan 27 19:05:06 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] PAM_RHOST enabled. Getting the peer address
    Jan 27 19:05:06 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] Logout.
    Jan 27 19:05:07 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] New connection from 64.244.62.197
    Jan 27 19:05:07 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] PAM_RHOST enabled. Getting the peer address
    Jan 27 19:05:07 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] Logout.
    Jan 27 19:05:09 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] Logout.
    Jan 27 19:05:09 galaxy5 pure-ftpd: (?@64.244.62.197) [WARNING] Authentication failed for user [administrator]
    Jan 27 19:05:09 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] New connection from 64.244.62.197
    Jan 27 19:05:10 galaxy5 pure-ftpd: (?@64.244.62.197) [WARNING] Authentication failed for user [admin]
    Jan 27 19:05:10 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] PAM_RHOST enabled. Getting the peer address
    Jan 27 19:05:10 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] New connection from 64.244.62.197
    Jan 27 19:05:10 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] PAM_RHOST enabled. Getting the peer address
    Jan 27 19:05:11 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] Logout.
    Jan 27 19:05:11 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] Logout.
    Jan 27 19:05:11 galaxy5 pure-ftpd: (?@64.244.62.197) [WARNING] Authentication failed for user [administrator]
    Jan 27 19:05:12 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] New connection from 64.244.62.197
    Jan 27 19:05:12 galaxy5 pure-ftpd: (?@64.244.62.197) [WARNING] Authentication failed for user [admin]
    Jan 27 19:05:12 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] PAM_RHOST enabled. Getting the peer address
    Jan 27 19:05:12 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] New connection from 64.244.62.197
    Jan 27 19:05:13 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] PAM_RHOST enabled. Getting the peer address
    Jan 27 19:05:13 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] Logout.
    Jan 27 19:05:14 galaxy5 pure-ftpd: (?@64.244.62.197) [WARNING] Authentication failed for user [administrator]
    Jan 27 19:05:14 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] New connection from 64.244.62.197
    Jan 27 19:05:14 galaxy5 pure-ftpd: (?@64.244.62.197) [WARNING] Authentication failed for user [admin]
    Jan 27 19:05:14 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] PAM_RHOST enabled. Getting the peer address
    Jan 27 19:05:15 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] Logout.
    Jan 27 19:05:15 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] New connection from 64.244.62.197
    Jan 27 19:05:15 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] PAM_RHOST enabled. Getting the peer address
    Jan 27 19:05:15 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] Logout.
    Jan 27 19:05:16 galaxy5 pure-ftpd: (?@64.244.62.197) [WARNING] Authentication failed for user [administrator]
    Jan 27 19:05:17 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] New connection from 64.244.62.197
    Jan 27 19:05:17 galaxy5 pure-ftpd: (?@64.244.62.197) [WARNING] Authentication failed for user [admin]
    Jan 27 19:05:17 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] PAM_RHOST enabled. Getting the peer address
    Jan 27 19:05:17 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] New connection from 64.244.62.197
    Jan 27 19:05:17 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] Logout.
    Jan 27 19:05:17 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] PAM_RHOST enabled. Getting the peer address
    Jan 27 19:05:17 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] New connection from 64.244.62.197
    Jan 27 19:05:17 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] Logout.
    Jan 27 19:05:17 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] PAM_RHOST enabled. Getting the peer address
    Jan 27 19:05:18 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] Logout.
    Jan 27 19:05:19 galaxy5 pure-ftpd: (?@64.244.62.197) [WARNING] Authentication failed for user [administrator]
    Jan 27 19:05:19 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] New connection from 64.244.62.197
    Jan 27 19:05:19 galaxy5 pure-ftpd: (?@64.244.62.197) [WARNING] Authentication failed for user [admin]
    Jan 27 19:05:20 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] PAM_RHOST enabled. Getting the peer address
    Jan 27 19:05:20 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] New connection from 64.244.62.197
    Jan 27 19:05:20 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] Logout.
    Jan 27 19:05:20 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] Logout.
    Jan 27 19:05:20 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] PAM_RHOST enabled. Getting the peer address
    Jan 27 19:05:21 galaxy5 pure-ftpd: (?@64.244.62.197) [WARNING] Authentication failed for user [administrator]
    Jan 27 19:05:22 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] New connection from 64.244.62.197
    Jan 27 19:05:22 galaxy5 pure-ftpd: (?@64.244.62.197) [WARNING] Authentication failed for user [admin]
    Jan 27 19:05:22 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] PAM_RHOST enabled. Getting the peer address
    Jan 27 19:05:22 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] New connection from 64.244.62.197
    Jan 27 19:05:22 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] Logout.
    Jan 27 19:05:22 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] PAM_RHOST enabled. Getting the peer address
    Jan 27 19:05:23 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] Logout.
    Jan 27 19:05:24 galaxy5 pure-ftpd: (?@64.244.62.197) [WARNING] Authentication failed for user [administrator]
    Jan 27 19:05:24 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] New connection from 64.244.62.197
    Jan 27 19:05:24 galaxy5 pure-ftpd: (?@64.244.62.197) [WARNING] Authentication failed for user [admin]
    Jan 27 19:05:24 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] Logout.
    Jan 27 19:05:25 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] PAM_RHOST enabled. Getting the peer address
    Jan 27 19:05:25 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] New connection from 64.244.62.197
    Jan 27 19:05:25 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] PAM_RHOST enabled. Getting the peer address
    Jan 27 19:05:25 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] Logout.
    Jan 27 19:05:26 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] Logout.
    Jan 27 19:05:27 galaxy5 pure-ftpd: (?@64.244.62.197) [WARNING] Authentication failed for user [administrator]
    Jan 27 19:05:27 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] New connection from 64.244.62.197
    Jan 27 19:05:27 galaxy5 pure-ftpd: (?@64.244.62.197) [WARNING] Authentication failed for user [admin]
    Jan 27 19:05:28 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] PAM_RHOST enabled. Getting the peer address
    Jan 27 19:05:28 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] New connection from 64.244.62.197
    Jan 27 19:05:28 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] PAM_RHOST enabled. Getting the peer address
    Jan 27 19:05:28 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] Logout.
    Jan 27 19:05:29 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] Logout.
    Jan 27 19:05:29 galaxy5 pure-ftpd: (?@64.244.62.197) [WARNING] Authentication failed for user [administrator]
    
    
     
  3. speedy8

    speedy8 Member

    Code:
    Jan 27 19:05:24 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] New connection from 64.244.62.197
    Jan 27 19:05:24 galaxy5 pure-ftpd: (?@64.244.62.197) [WARNING] Authentication failed for user [admin]
    Jan 27 19:05:24 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] Logout.
    Jan 27 19:05:25 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] PAM_RHOST enabled. Getting the peer address
    Jan 27 19:05:25 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] New connection from 64.244.62.197
    Jan 27 19:05:25 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] PAM_RHOST enabled. Getting the peer address
    Jan 27 19:05:25 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] Logout.
    Jan 27 19:05:26 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] Logout.
    Jan 27 19:05:27 galaxy5 pure-ftpd: (?@64.244.62.197) [WARNING] Authentication failed for user [administrator]
    Jan 27 19:05:27 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] New connection from 64.244.62.197
    Jan 27 19:05:27 galaxy5 pure-ftpd: (?@64.244.62.197) [WARNING] Authentication failed for user [admin]
    Jan 27 19:05:28 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] PAM_RHOST enabled. Getting the peer address
    Jan 27 19:05:28 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] New connection from 64.244.62.197
    Jan 27 19:05:28 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] PAM_RHOST enabled. Getting the peer address
    Jan 27 19:05:28 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] Logout.
    Jan 27 19:05:29 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] Logout.
    Jan 27 19:05:29 galaxy5 pure-ftpd: (?@64.244.62.197) [WARNING] Authentication failed for user [administrator]
    Jan 27 19:05:30 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] New connection from 64.244.62.197
    Jan 27 19:05:30 galaxy5 pure-ftpd: (?@64.244.62.197) [WARNING] Authentication failed for user [admin]
    Jan 27 19:05:30 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] PAM_RHOST enabled. Getting the peer address
    Jan 27 19:05:30 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] New connection from 64.244.62.197
    Jan 27 19:05:31 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] PAM_RHOST enabled. Getting the peer address
    Jan 27 19:05:31 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] Logout.
    Jan 27 19:05:32 galaxy5 pure-ftpd: (?@64.244.62.197) [WARNING] Authentication failed for user [administrator]
    Jan 27 19:05:33 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] Logout.
    Jan 27 19:05:33 galaxy5 pure-ftpd: (?@64.244.62.197) [WARNING] Authentication failed for user [admin]
    Jan 27 19:05:33 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] New connection from 64.244.62.197
    Jan 27 19:05:33 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] PAM_RHOST enabled. Getting the peer address
    Jan 27 19:05:33 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] Logout.
    Jan 27 19:05:35 galaxy5 last message repeated 2 times
    Jan 27 19:05:35 galaxy5 pure-ftpd: (?@64.244.62.197) [WARNING] Authentication failed for user [administrator]
    Jan 27 19:05:36 galaxy5 pure-ftpd: (?@64.244.62.197) [INFO] Logout.
    Jan 27 19:05:39 galaxy5 last message repeated 2 times
    Jan 27 19:10:01 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Jan 27 19:10:01 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
    Jan 27 19:15:02 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Jan 27 19:15:02 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
    [...]
    Jan 28 02:25:01 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
    Jan 28 02:30:01 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Jan 28 02:30:01 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
    Jan 28 02:35:01 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Jan 28 02:35:01 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
    Jan 28 02:40:01 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Jan 28 02:40:01 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
    Jan 28 02:45:01 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Jan 28 02:45:01 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
    Jan 28 02:50:01 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Jan 28 02:50:01 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
    Jan 28 02:55:03 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Jan 28 02:55:03 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
    Jan 28 03:00:02 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Jan 28 03:00:02 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
    Jan 28 03:05:00 galaxy5 pure-ftpd: (?@84.246.226.180) [INFO] New connection from 84.246.226.180
    Jan 28 03:05:00 galaxy5 pure-ftpd: (?@84.246.226.180) [INFO] Logout.
    Jan 28 03:05:01 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Jan 28 03:05:01 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
    Jan 28 03:10:01 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Jan 28 03:10:01 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
    Jan 28 03:15:01 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Jan 28 03:15:01 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
    Jan 28 03:20:01 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Jan 28 03:20:01 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
    Jan 28 03:25:01 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Jan 28 03:25:01 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
    Jan 28 03:30:01 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Jan 28 03:30:01 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
    Jan 28 03:35:01 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Jan 28 03:35:01 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
    Jan 28 03:40:02 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Jan 28 03:40:02 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
    Jan 28 03:44:18 galaxy5 syslogd 1.5.0#5: restart.
    Jan 28 03:45:02 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Jan 28 03:45:02 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
    Jan 28 03:50:01 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Jan 28 03:50:01 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
    Jan 28 03:55:01 galaxy5 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    [...]
     
  4. Till

    Till Administrator

    Zur ersten Frage:

    Checke mal Deinen Server mit rkhunter.

    Zum FTP Log: Das sind ganz normale Login Versuche von scripts. Das ist also normal. Du solltest Nur sicher stellen, dass Du ein ausreichend langes Passwort verwendest.
     
  5. speedy8

    speedy8 Member

    Hallo,

    danke, dass sich jemand gemeldet hat. Also ich habe mal rkhunter gestartet (hatte es bereits installiert), und dort werden einige Warnungen ausgegeben. Ein Rootkit wurde hier aber nicht gefunden.

    Bspw. mosert rkhunter an folgendem rum:

    Checking application versions...
    Checking version of GnuPG [ Warning ]
    Checking version of OpenSSL [ Warning ]
    Checking version of PHP [ Warning ]
    Checking version of Procmail MTA [ OK ]
    Checking version of OpenSSH [ Warning ]

    Aus welchem Grunde kann ich nicht nachvollziehen.

    Habt ihr eine Idee?

    Da hier im Text eine Zeichenbegrenzung enthalten ist, habe ich kurzerhand das gesamte Logfile als Anlage beigefügt.

    Schon einmal vielen Dank.

    Mfg
     

    Anhänge:

  6. Till

    Till Administrator

    Die Warnings sind ok, solange keine rootkits gefunden wurden. Der Versionscheck ist nicht wirklich zuverlässig, da er nicht erkennt ob eine software gepatcht wurde ohne die Versionsnummer zu erhöhen wie es die meisten Linux Distributionen machen.
     
  7. speedy8

    speedy8 Member

    Also kann ich davon ausgehen, dass ich zunächst nicht gehacked wurde?!

    Aber aus welchen Gründen ist denn nun mein Server neu hochgefahren?

    Aufgefallen ist es mir dadurch, dass mein Email-Client zunächst wegen des ServerKey eine Meldung brachte. Und das ist ja eher merkwürdig, denn den Key habe ich doch nicht neu generiert!

    Nur zur Info: Ich habe meinen Server nach dieser Anleitung aufgesetzt.

    Mfg
     
  8. F4RR3LL

    F4RR3LL Member

    Hast Du ein Monitoringtool installiert mit dem sich evtl nachvollziehen lässt, wie es zu der Zeit um den Speicher, Swap, Netzwerk etc stand?
     
  9. speedy8

    speedy8 Member

    Was für ein Monitor-Tool sollte ich denn installiert haben? Ich bin nach oben benannter Install-Anleitung vorgegangen, und dort sind m.E. nur Vlogger, Webalizer, AWstats, Jailkit, fail2ban, und rkhunter installiert. Bei diesen PRogrammen ist m.E. ein Monitorprogramm, wie Du es meinst, nicht enthalten.

    Mir fällt gerade ein, dass eine merkwürdige Sache auch noch ist, dass maßgeblich MyDNS sich ab und an aus welchen unerfindlichen Gründen verabschiedet. Das muss ich dann immer mal wieder neu starten.

    Wann das passiert und mögliche Ursachen konnte ich bislang nicht ausmachen.

    Mfg
     

Diese Seite empfehlen