View Single Post
  #1  
Old 15th June 2009, 23:26
gillesdevals gillesdevals is offline
Junior Member
 
Join Date: Oct 2007
Posts: 27
Thanks: 1
Thanked 3 Times in 3 Posts
Default domains not accessible

Hi, since one day, all the domains of my ISPConfig 3 server are not accessible. I can access to my server only through the IP address. I can login to the ISPConfig panel.

I need help

Any log from my server :

Mail-queue :

Data from: 2009-06-15 09:15
-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
BD0BD84C299 3821 Sat Jun 13 13:18:39 idlufdimuaif@jaydemail.com
(host mail-1.domain.ch[194.124.254.5] said: 450 : Sender address rejected: MX or A record not found (in reply to RCPT TO command))
gilles.devals@domain.ch
(host mail.nell.ch[213.196.180.49] said: 450 Domain in Reverse-Path resolves to an invalid IP address (in reply to RCPT TO command))
fwinzer@nell.ch

-- 5 Kbytes in 1 Request.

Mail-log
Jun 15 08:54:38 ks354764 amavis[4046]: Internal decoder for .zip
Jun 15 08:54:38 ks354764 amavis[4046]: No decoder for .7z tried: 7zr, 7za, 7z
Jun 15 08:54:38 ks354764 amavis[4046]: No decoder for .rar
Jun 15 08:54:38 ks354764 amavis[4046]: Found decoder for .arj at /usr/bin/arj
Jun 15 08:54:38 ks354764 amavis[4046]: Found decoder for .arc at /usr/bin/nomarch
Jun 15 08:54:38 ks354764 amavis[4046]: Found decoder for .zoo at /usr/bin/zoo
Jun 15 08:54:38 ks354764 amavis[4046]: No decoder for .lha
Jun 15 08:54:38 ks354764 amavis[4046]: No decoder for .doc tried: ripole
Jun 15 08:54:38 ks354764 amavis[4046]: Found decoder for .cab at /usr/bin/cabextract
Jun 15 08:54:38 ks354764 amavis[4046]: No decoder for .tnef
Jun 15 08:54:38 ks354764 amavis[4046]: Internal decoder for .tnef
Jun 15 08:54:38 ks354764 amavis[4046]: Found decoder for .exe at /usr/bin/arj
Jun 15 08:54:38 ks354764 amavis[4046]: Using primary internal av scanner code for ClamAV-clamd
Jun 15 08:54:38 ks354764 amavis[4046]: Using primary internal av scanner code for check-jpeg
Jun 15 08:54:38 ks354764 amavis[4046]: Found secondary av scanner ClamAV-clamscan at /usr/bin/clamscan
Jun 15 08:54:38 ks354764 amavis[4046]: Creating db in /var/lib/amavis/db/; BerkeleyDB 0.34, libdb 4.6
Jun 15 08:54:42 ks354764 spamd[4162]: logger: removing stderr method
Jun 15 08:54:46 ks354764 spamd[4201]: spamd: server started on port 783/tcp (running version 3.2.5)
Jun 15 08:54:46 ks354764 spamd[4201]: spamd: server pid: 4201
Jun 15 08:54:46 ks354764 spamd[4201]: spamd: server successfully spawned child process, pid 4467
Jun 15 08:54:46 ks354764 spamd[4201]: spamd: server successfully spawned child process, pid 4468
Jun 15 08:54:46 ks354764 spamd[4201]: prefork: child states: II
Jun 15 08:54:48 ks354764 authdaemond: modules="authmysql", daemons=5
Jun 15 08:54:48 ks354764 authdaemond: Installing libauthmysql
Jun 15 08:54:48 ks354764 authdaemond: Installation complete: authmysql
Jun 15 08:54:50 ks354764 postfix/master[4693]: daemon started -- version 2.5.5, configuration /etc/postfix
Jun 15 08:55:02 ks354764 imapd: Connection, ip=[::ffff:127.0.0.1]
Jun 15 08:55:02 ks354764 pop3d: Connection, ip=[::ffff:127.0.0.1]
Jun 15 08:55:02 ks354764 pop3d: Disconnected, ip=[::ffff:127.0.0.1]
Jun 15 08:55:02 ks354764 imapd: Disconnected, ip=[::ffff:127.0.0.1], time=0
Jun 15 08:55:03 ks354764 postfix/smtpd[4967]: connect from localhost.localdomain[127.0.0.1]
Jun 15 08:55:03 ks354764 postfix/smtpd[4967]: lost connection after CONNECT from localhost.localdomain[127.0.0.1]
Jun 15 08:55:03 ks354764 postfix/smtpd[4967]: disconnect from localhost.localdomain[127.0.0.1]
Jun 15 09:00:02 ks354764 pop3d: Connection, ip=[::ffff:127.0.0.1]
Jun 15 09:00:02 ks354764 pop3d: Disconnected, ip=[::ffff:127.0.0.1]
Jun 15 09:00:02 ks354764 imapd: Connection, ip=[::ffff:127.0.0.1]
Jun 15 09:00:02 ks354764 imapd: Disconnected, ip=[::ffff:127.0.0.1], time=0
Jun 15 09:00:02 ks354764 postfix/smtpd[5324]: connect from localhost.localdomain[127.0.0.1]
Jun 15 09:00:02 ks354764 postfix/smtpd[5324]: lost connection after CONNECT from localhost.localdomain[127.0.0.1]
Jun 15 09:00:02 ks354764 postfix/smtpd[5324]: disconnect from localhost.localdomain[127.0.0.1]
Jun 15 09:03:37 ks354764 postfix/smtpd[21616]: connect from unknown[190.254.240.79]
Jun 15 09:03:38 ks354764 postfix/smtpd[21616]: 6A7BE84C28D: client=unknown[190.254.240.79]
Jun 15 09:03:41 ks354764 postfix/cleanup[21626]: 6A7BE84C28D: message-id=<000d01c9ed87$646eca40$6400a8c0@shtickqaya167>
Jun 15 09:03:41 ks354764 postfix/qmgr[4706]: 6A7BE84C28D: from=, size=1098, nrcpt=1 (queue active)
Jun 15 09:03:42 ks354764 postfix/smtpd[21616]: disconnect from unknown[190.254.240.79]
Jun 15 09:03:43 ks354764 postfix/smtpd[21631]: connect from localhost.localdomain[127.0.0.1]
Jun 15 09:03:43 ks354764 postfix/smtpd[21631]: 8D5D584C298: client=localhost.localdomain[127.0.0.1]
Jun 15 09:03:43 ks354764 postfix/cleanup[21626]: 8D5D584C298: message-id=<000d01c9ed87$646eca40$6400a8c0@shtickqaya167>
Jun 15 09:03:43 ks354764 postfix/qmgr[4706]: 8D5D584C298: from=, size=1565, nrcpt=1 (queue active)
Jun 15 09:03:43 ks354764 amavis[4300]: (04300-01) Passed CLEAN, [190.254.240.79] [190.254.240.79] -> , Message-ID: <000d01c9ed87$646eca40$6400a8c0@shtickqaya167>, mail_id: tmducoDf5Qx2, Hits: 17.284, size: 1098, queued_as: 8D5D584C298, 1897 ms
Jun 15 09:03:43 ks354764 postfix/smtp[21627]: 6A7BE84C28D: to=, relay=127.0.0.1[127.0.0.1]:10024, delay=5.2, delays=3.3/0.04/0.02/1.9, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=04300-01, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 8D5D584C298)
Jun 15 09:03:43 ks354764 postfix/qmgr[4706]: 6A7BE84C28D: removed
Jun 15 09:03:43 ks354764 postfix/pipe[21633]: 8D5D584C298: to=, orig_to=, relay=maildrop, delay=0.24, delays=0.03/0.03/0/0.18, dsn=2.0.0, status=sent (delivered via maildrop service)
Jun 15 09:03:43 ks354764 postfix/qmgr[4706]: 8D5D584C298: removed
Jun 15 09:05:02 ks354764 postfix/smtpd[21616]: connect from localhost.localdomain[127.0.0.1]
Jun 15 09:05:02 ks354764 postfix/smtpd[21616]: lost connection after CONNECT from localhost.localdomain[127.0.0.1]
Jun 15 09:05:02 ks354764 postfix/smtpd[21616]: disconnect from localhost.localdomain[127.0.0.1]
Jun 15 09:05:02 ks354764 pop3d: Connection, ip=[::ffff:127.0.0.1]
Jun 15 09:05:02 ks354764 pop3d: Disconnected, ip=[::ffff:127.0.0.1]
Jun 15 09:05:02 ks354764 imapd: Connection, ip=[::ffff:127.0.0.1]
Jun 15 09:05:02 ks354764 imapd: Disconnected, ip=[::ffff:127.0.0.1], time=0
Jun 15 09:06:05 ks354764 postfix/smtpd[21616]: warning: 88.241.161.227: hostname dsl88.241-41443.ttnet.net.tr verification failed: Name or service not known
Jun 15 09:06:05 ks354764 postfix/smtpd[21616]: connect from unknown[88.241.161.227]
Jun 15 09:06:06 ks354764 postfix/smtpd[21616]: 9910984C28D: client=unknown[88.241.161.227]
Jun 15 09:06:06 ks354764 postfix/cleanup[21885]: 9910984C28D: message-id=
Jun 15 09:06:07 ks354764 postfix/qmgr[4706]: 9910984C28D: from=, size=5764, nrcpt=1 (queue active)
Jun 15 09:06:07 ks354764 postfix/smtpd[21616]: disconnect from unknown[88.241.161.227]
Jun 15 09:06:08 ks354764 postfix/smtpd[21890]: connect from localhost.localdomain[127.0.0.1]
Jun 15 09:06:08 ks354764 postfix/smtpd[21890]: 7399D84C298: client=localhost.localdomain[127.0.0.1]
Jun 15 09:06:08 ks354764 postfix/cleanup[21885]: 7399D84C298: message-id=
Jun 15 09:06:08 ks354764 postfix/qmgr[4706]: 7399D84C298: from=, size=6259, nrcpt=1 (queue active)
Jun 15 09:06:08 ks354764 postfix/pipe[21892]: 7399D84C298: to=, orig_to=, relay=maildrop, delay=0.08, delays=0.02/0.02/0/0.03, dsn=2.0.0, status=sent (delivered via maildrop service)
Jun 15 09:06:08 ks354764 postfix/qmgr[4706]: 7399D84C298: removed
Jun 15 09:06:08 ks354764 amavis[4302]: (04302-01) Passed CLEAN, [88.241.161.227] [88.241.161.227] -> , Message-ID: , mail_id: KGbJbt6we-2h, Hits: 9.574, size: 5755, queued_as: 7399D84C298, 1446 ms
Jun 15 09:06:08 ks354764 postfix/smtp[21886]: 9910984C28D: to=, relay=127.0.0.1[127.0.0.1]:10024, delay=2.3, delays=0.85/0.01/0.01/1.4, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=04302-01, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 7399D84C298)
Jun 15 09:06:08 ks354764 postfix/qmgr[4706]: 9910984C28D: removed
Jun 15 09:08:43 ks354764 postfix/smtpd[21631]: timeout after END-OF-MESSAGE from localhost.localdomain[127.0.0.1]
Jun 15 09:08:43 ks354764 postfix/smtpd[21631]: disconnect from localhost.localdomain[127.0.0.1]
Jun 15 09:09:27 ks354764 postfix/anvil[21618]: statistics: max connection rate 1/60s for (smtp:190.254.240.79) at Jun 15 09:03:37
Jun 15 09:09:27 ks354764 postfix/anvil[21618]: statistics: max connection count 1 for (smtp:190.254.240.79) at Jun 15 09:03:37
Jun 15 09:09:27 ks354764 postfix/anvil[21618]: statistics: max cache size 1 at Jun 15 09:03:37
Jun 15 09:10:01 ks354764 pop3d: Connection, ip=[::ffff:127.0.0.1]
Jun 15 09:10:01 ks354764 pop3d: Disconnected, ip=[::ffff:127.0.0.1]
Jun 15 09:10:01 ks354764 imapd: Connection, ip=[::ffff:127.0.0.1]
Jun 15 09:10:01 ks354764 imapd: Disconnected, ip=[::ffff:127.0.0.1], time=0
Jun 15 09:10:02 ks354764 postfix/smtpd[22111]: connect from localhost.localdomain[127.0.0.1]
Jun 15 09:10:02 ks354764 postfix/smtpd[22111]: lost connection after CONNECT from localhost.localdomain[127.0.0.1]
Jun 15 09:10:02 ks354764 postfix/smtpd[22111]: disconnect from localhost.localdomain[127.0.0.1]
Jun 15 09:11:08 ks354764 postfix/smtpd[21890]: timeout after END-OF-MESSAGE from localhost.localdomain[127.0.0.1]
Jun 15 09:11:08 ks354764 postfix/smtpd[21890]: disconnect from localhost.localdomain[127.0.0.1]
Jun 15 09:11:26 ks354764 postfix/smtpd[22111]: connect from unknown[77.235.37.205]
Jun 15 09:11:26 ks354764 postfix/smtpd[22111]: lost connection after CONNECT from unknown[77.235.37.205]
Jun 15 09:11:26 ks354764 postfix/smtpd[22111]: disconnect from unknown[77.235.37.205]
Jun 15 09:14:46 ks354764 postfix/anvil[22178]: statistics: max connection rate 1/60s for (smtp:77.235.37.205) at Jun 15 09:11:26
Jun 15 09:14:46 ks354764 postfix/anvil[22178]: statistics: max connection count 1 for (smtp:77.235.37.205) at Jun 15 09:11:26
Jun 15 09:14:46 ks354764 postfix/anvil[22178]: statistics: max cache size 1 at Jun 15 09:11:26
Jun 15 09:15:01 ks354764 pop3d: Connection, ip=[::ffff:127.0.0.1]
Jun 15 09:15:01 ks354764 pop3d: Disconnected, ip=[::ffff:127.0.0.1]
Jun 15 09:15:01 ks354764 imapd: Connection, ip=[::ffff:127.0.0.1]
Jun 15 09:15:01 ks354764 imapd: Disconnected, ip=[::ffff:127.0.0.1], time=0

System-log
Jun 15 08:54:31 ks354764 kernel: usb usb3: configuration #1 chosen from 1 choice
Jun 15 08:54:31 ks354764 kernel: hub 3-0:1.0: USB hub found
Jun 15 08:54:31 ks354764 kernel: hub 3-0:1.0: 3 ports detected
Jun 15 08:54:31 ks354764 kernel: ohci_hcd 0000:00:03.2: enabling device (0100 -> 0102)
Jun 15 08:54:31 ks354764 kernel: ohci_hcd 0000:00:03.2: PCI INT C -> GSI 22 (level, low) -> IRQ 22
Jun 15 08:54:31 ks354764 kernel: ohci_hcd 0000:00:03.2: OHCI Host Controller
Jun 15 08:54:31 ks354764 kernel: ohci_hcd 0000:00:03.2: new USB bus registered, assigned bus number 4
Jun 15 08:54:31 ks354764 kernel: ohci_hcd 0000:00:03.2: irq 22, io mem 0x4a102000
Jun 15 08:54:31 ks354764 kernel: usb usb4: configuration #1 chosen from 1 choice
Jun 15 08:54:31 ks354764 kernel: hub 4-0:1.0: USB hub found
Jun 15 08:54:31 ks354764 kernel: hub 4-0:1.0: 2 ports detected
Jun 15 08:54:31 ks354764 kernel: USB Universal Host Controller Interface driver v3.0
Jun 15 08:54:31 ks354764 kernel: Initializing USB Mass Storage driver...
Jun 15 08:54:31 ks354764 kernel: usbcore: registered new interface driver usb-storage
Jun 15 08:54:31 ks354764 kernel: USB Mass Storage support registered.
Jun 15 08:54:31 ks354764 kernel: usbcore: registered new interface driver libusual
Jun 15 08:54:31 ks354764 kernel: PNP: No PS/2 controller found. Probing ports directly.
Jun 15 08:54:31 ks354764 kernel: serio: i8042 KBD port at 0x60,0x64 irq 1
Jun 15 08:54:31 ks354764 kernel: serio: i8042 AUX port at 0x60,0x64 irq 12
Jun 15 08:54:31 ks354764 kernel: mice: PS/2 mouse device common for all mice
Jun 15 08:54:31 ks354764 kernel: rtc_cmos 00:02: rtc core: registered rtc_cmos as rtc0
Jun 15 08:54:31 ks354764 kernel: rtc0: alarms up to one month
Jun 15 08:54:31 ks354764 kernel: coretemp coretemp.0: Using relative temperature scale!
Jun 15 08:54:31 ks354764 kernel: w83627ehf: Found W83627DHG chip at 0x290
Jun 15 08:54:31 ks354764 kernel: Software Watchdog Timer: 0.07 initialized. soft_noboot=0 soft_margin=60 sec (nowayout= 0)
Jun 15 08:54:31 ks354764 kernel: md: linear personality registered for level -1
Jun 15 08:54:31 ks354764 kernel: md: raid0 personality registered for level 0
Jun 15 08:54:31 ks354764 kernel: md: raid1 personality registered for level 1
Jun 15 08:54:31 ks354764 kernel: md: raid10 personality registered for level 10
Jun 15 08:54:31 ks354764 kernel: raid6: int64x1 1104 MB/s
Jun 15 08:54:31 ks354764 kernel: raid6: int64x2 1515 MB/s
Jun 15 08:54:31 ks354764 kernel: raid6: int64x4 1410 MB/s
Jun 15 08:54:31 ks354764 kernel: raid6: int64x8 1075 MB/s
Jun 15 08:54:31 ks354764 kernel: raid6: sse2x1 2027 MB/s
Jun 15 08:54:31 ks354764 kernel: raid6: sse2x2 2282 MB/s
Jun 15 08:54:31 ks354764 kernel: raid6: sse2x4 3468 MB/s
Jun 15 08:54:31 ks354764 kernel: raid6: using algorithm sse2x4 (3468 MB/s)
Jun 15 08:54:31 ks354764 kernel: md: raid6 personality registered for level 6
Jun 15 08:54:31 ks354764 kernel: md: raid5 personality registered for level 5
Jun 15 08:54:31 ks354764 kernel: md: raid4 personality registered for level 4
Jun 15 08:54:31 ks354764 kernel: md: multipath personality registered for level -4
Jun 15 08:54:31 ks354764 kernel: md: faulty personality registered for level -5
Jun 15 08:54:31 ks354764 kernel: device-mapper: ioctl: 4.14.0-ioctl (2008-04-23) initialised: dm-devel@redhat.com
Jun 15 08:54:31 ks354764 kernel: device-mapper: multipath: version 1.0.5 loaded
Jun 15 08:54:31 ks354764 kernel: device-mapper: multipath round-robin: version 1.0.0 loaded
Jun 15 08:54:31 ks354764 kernel: No iBFT detected.
Jun 15 08:54:31 ks354764 kernel: usbcore: registered new interface driver usbkbd
Jun 15 08:54:31 ks354764 kernel: usbkbd: :USB HID Boot Protocol keyboard driver
Jun 15 08:54:31 ks354764 kernel: usbcore: registered new interface driver usbmouse
Jun 15 08:54:31 ks354764 kernel: usbmouse: v1.6:USB HID Boot Protocol mouse driver
Jun 15 08:54:31 ks354764 kernel: Netfilter messages via NETLINK v0.30.
Jun 15 08:54:31 ks354764 kernel: nf_conntrack version 0.5.0 (8192 buckets, 32768 max)
Jun 15 08:54:31 ks354764 kernel: CONFIG_NF_CT_ACCT is deprecated and will be removed soon. Plase use
Jun 15 08:54:31 ks354764 kernel: nf_conntrack.acct=1 kernel paramater, acct=1 nf_conntrack module option or
Jun 15 08:54:31 ks354764 kernel: sysctl net.netfilter.nf_conntrack_acct=1 to enable it.
Jun 15 08:54:31 ks354764 kernel: ctnetlink v0.93: registering with nfnetlink.
Jun 15 08:54:31 ks354764 kernel: IPv4 over IPv4 tunneling driver
Jun 15 08:54:31 ks354764 kernel: GRE over IPv4 tunneling driver
Jun 15 08:54:31 ks354764 kernel: ip_tables: (C) 2000-2006 Netfilter Core Team
Jun 15 08:54:31 ks354764 kernel: ClusterIP Version 0.8 loaded successfully
Jun 15 08:54:31 ks354764 kernel: TCP cubic registered
Jun 15 08:54:31 ks354764 kernel: Initializing XFRM netlink socket
Jun 15 08:54:31 ks354764 kernel: NET: Registered protocol family 17
Jun 15 08:54:31 ks354764 kernel: NET: Registered protocol family 15
Jun 15 08:54:31 ks354764 kernel: RPC: Registered udp transport module.
Jun 15 08:54:31 ks354764 kernel: RPC: Registered tcp transport module.
Jun 15 08:54:31 ks354764 kernel: 802.1Q VLAN Support v1.8 Ben Greear
Jun 15 08:54:31 ks354764 kernel: All bugs added by David S. Miller
Jun 15 08:54:31 ks354764 kernel: SCTP: Hash tables configured (established 65536 bind 65536)
Jun 15 08:54:31 ks354764 kernel: rtc_cmos 00:02: setting system clock to 2009-06-15 06:52:18 UTC (1245048738)
Jun 15 08:54:31 ks354764 kernel: md: Autodetecting RAID arrays.
Jun 15 08:54:31 ks354764 kernel: md: Scanned 0 and added 0 devices.
Jun 15 08:54:31 ks354764 kernel: md: autorun ...
Jun 15 08:54:31 ks354764 kernel: md: ... autorun DONE.
Jun 15 08:54:31 ks354764 kernel: EXT3-fs: INFO: recovery required on readonly filesystem.
Jun 15 08:54:31 ks354764 kernel: EXT3-fs: write access will be enabled during recovery.
Jun 15 08:54:31 ks354764 kernel: kjournald starting. Commit interval 5 seconds
Jun 15 08:54:31 ks354764 kernel: EXT3-fs: sda1: orphan cleanup on readonly fs
Jun 15 08:54:31 ks354764 kernel: EXT3-fs: sda1: 8 orphan inodes deleted
Jun 15 08:54:31 ks354764 kernel: EXT3-fs: recovery complete.
Jun 15 08:54:31 ks354764 kernel: EXT3-fs: mounted filesystem with ordered data mode.
Jun 15 08:54:31 ks354764 kernel: VFS: Mounted root (ext3 filesystem) readonly.
Jun 15 08:54:31 ks354764 kernel: Freeing unused kernel memory: 360k freed
Jun 15 08:54:31 ks354764 kernel: Adding 522104k swap on /dev/sda2. Priority:-1 extents:1 across:522104k
Jun 15 08:54:31 ks354764 kernel: EXT3 FS on sda1, internal journal
Jun 15 08:54:31 ks354764 kernel: eth0: Media Link On 100mbps full-duplex
Jun 15 08:54:31 ks354764 rsyslogd: [origin software="rsyslogd" swVersion="3.18.6" x-pid="3966" x-info="http://www.rsyslog.com"] restart
Jun 15 08:54:50 ks354764 kernel: warning: `pure-ftpd-mysql' uses 32-bit capabilities (legacy support in use)
Jun 15 08:55:02 ks354764 pure-ftpd: (?@localhost.localdomain) [INFO] New connection from localhost.localdomain
Jun 15 08:55:02 ks354764 pure-ftpd: (?@localhost.localdomain) [INFO] Logout.
Jun 15 09:00:02 ks354764 pure-ftpd: (?@localhost.localdomain) [INFO] New connection from localhost.localdomain
Jun 15 09:00:02 ks354764 pure-ftpd: (?@localhost.localdomain) [INFO] Logout.
Jun 15 09:05:02 ks354764 pure-ftpd: (?@localhost.localdomain) [INFO] New connection from localhost.localdomain
Jun 15 09:05:02 ks354764 pure-ftpd: (?@localhost.localdomain) [INFO] Logout.
Jun 15 09:10:01 ks354764 pure-ftpd: (?@localhost.localdomain) [INFO] New connection from localhost.localdomain
Jun 15 09:10:01 ks354764 pure-ftpd: (?@localhost.localdomain) [INFO] Logout.
Jun 15 09:15:01 ks354764 pure-ftpd: (?@localhost.localdomain) [INFO] New connection from localhost.localdomain
Jun 15 09:15:01 ks354764 pure-ftpd: (?@localhost.localdomain) [INFO] Logout.
Jun 15 09:20:01 ks354764 pure-ftpd: (?@localhost.localdomain) [INFO] New connection from localhost.localdomain
Jun 15 09:20:01 ks354764 pure-ftpd: (?@localhost.localdomain) [INFO] Logout.

fail2ban-log :
2009-06-14 06:25:42,344 fail2ban.server : INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.3
2009-06-14 06:25:42,346 fail2ban.jail : INFO Creating new jail 'ssh'
2009-06-14 06:25:42,346 fail2ban.jail : INFO Jail 'ssh' uses poller
2009-06-14 06:25:42,349 fail2ban.filter : INFO Added logfile = /var/log/auth.log
2009-06-14 06:25:42,351 fail2ban.filter : INFO Set maxRetry = 6
2009-06-14 06:25:42,355 fail2ban.filter : INFO Set findtime = 600
2009-06-14 06:25:42,356 fail2ban.actions: INFO Set banTime = 600
2009-06-14 06:25:42,524 fail2ban.jail : INFO Jail 'ssh' started
2009-06-14 06:25:52,945 fail2ban.filter : INFO Log rotation detected for /var/log/auth.log
2009-06-14 06:26:01,945 fail2ban.filter : INFO Log rotation detected for /var/log/auth.log
2009-06-14 08:21:13,709 fail2ban.actions: WARNING [ssh] Ban 69.64.38.17
2009-06-14 08:31:13,721 fail2ban.actions: WARNING [ssh] Unban 69.64.38.17
2009-06-14 11:00:34,909 fail2ban.actions: WARNING [ssh] Ban 200.181.118.120
2009-06-14 11:10:34,933 fail2ban.actions: WARNING [ssh] Unban 200.181.118.120
2009-06-14 12:03:10,005 fail2ban.actions: WARNING [ssh] Ban 190.196.68.162
2009-06-14 12:13:10,021 fail2ban.actions: WARNING [ssh] Unban 190.196.68.162
2009-06-15 00:08:46,501 fail2ban.actions: WARNING [ssh] Ban 190.196.68.162
2009-06-15 00:18:46,521 fail2ban.actions: WARNING [ssh] Unban 190.196.68.162
2009-06-15 04:22:55,653 fail2ban.actions: WARNING [ssh] Ban 91.199.22.117
2009-06-15 04:32:55,665 fail2ban.actions: WARNING [ssh] Unban 91.199.22.117
2009-06-15 04:41:01,677 fail2ban.actions: WARNING [ssh] Ban 216.146.46.93
2009-06-15 04:51:01,689 fail2ban.actions: WARNING [ssh] Unban 216.146.46.93
2009-06-15 05:00:39,725 fail2ban.actions: WARNING [ssh] Ban 216.146.46.93
2009-06-15 05:03:43,773 fail2ban.actions: WARNING [ssh] Ban 91.199.22.117
2009-06-15 05:10:39,785 fail2ban.actions: WARNING [ssh] Unban 216.146.46.93
2009-06-15 05:13:43,797 fail2ban.actions: WARNING [ssh] Unban 91.199.22.117
2009-06-15 08:54:54,505 fail2ban.server : INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.3
2009-06-15 08:54:54,514 fail2ban.jail : INFO Creating new jail 'ssh'
2009-06-15 08:54:54,514 fail2ban.jail : INFO Jail 'ssh' uses poller
2009-06-15 08:54:54,599 fail2ban.filter : INFO Added logfile = /var/log/auth.log
2009-06-15 08:54:54,601 fail2ban.filter : INFO Set maxRetry = 6
2009-06-15 08:54:54,604 fail2ban.filter : INFO Set findtime = 600
2009-06-15 08:54:54,606 fail2ban.actions: INFO Set banTime = 600
2009-06-15 08:54:54,980 fail2ban.jail : INFO Jail 'ssh' started

RKHunter-log :

[ Rootkit Hunter version 1.3.2 ]

Checking rkhunter data files...
Checking file mirrors.dat [ No update ]
Checking file programs_bad.dat [ No update ]
Checking file backdoorports.dat [ No update ]
Checking file suspscan.dat [ No update ]
Checking file i18n/cn [ No update ]
Checking file i18n/en [ No update ]
Checking file i18n/zh [ No update ]
Checking file i18n/zh.utf8 [ No update ]

Checking system commands...

Performing 'strings' command checks
Checking 'strings' command [ OK ]

Performing 'shared libraries' checks
Checking for preloading variables [ None found ]
Checking for preload file [ Not found ]
Checking LD_LIBRARY_PATH variable [ Not found ]

Performing file properties checks
Checking for prerequisites [ OK ]
/bin/bash [ OK ]
/bin/cat [ OK ]
/bin/chmod [ OK ]
/bin/chown [ OK ]
/bin/cp [ OK ]
/bin/date [ OK ]
/bin/df [ OK ]
/bin/dmesg [ OK ]
/bin/echo [ OK ]
/bin/ed [ OK ]
/bin/egrep [ OK ]
/bin/fgrep [ OK ]
/bin/fuser [ OK ]
/bin/grep [ OK ]
/bin/ip [ OK ]
/bin/kill [ OK ]
/bin/login [ OK ]
/bin/ls [ OK ]
/bin/lsmod [ OK ]
/bin/mktemp [ OK ]
/bin/more [ OK ]
/bin/mount [ OK ]
/bin/mv [ OK ]
/bin/netstat [ OK ]
/bin/ps [ OK ]
/bin/pwd [ OK ]
/bin/readlink [ OK ]
/bin/sed [ OK ]
/bin/sh [ OK ]
/bin/su [ OK ]
/bin/touch [ OK ]
/bin/uname [ OK ]
/bin/which [ OK ]
/usr/bin/awk [ Warning ]
/usr/bin/basename [ OK ]
/usr/bin/chattr [ OK ]
/usr/bin/cut [ OK ]
/usr/bin/diff [ OK ]
/usr/bin/dirname [ OK ]
/usr/bin/dpkg [ OK ]
/usr/bin/dpkg-query [ OK ]
/usr/bin/du [ OK ]
/usr/bin/env [ OK ]
/usr/bin/file [ OK ]
/usr/bin/find [ OK ]
/usr/bin/GET [ Warning ]
/usr/bin/groups [ OK ]
/usr/bin/head [ OK ]
/usr/bin/id [ OK ]
/usr/bin/killall [ OK ]
/usr/bin/last [ OK ]
/usr/bin/lastlog [ OK ]
/usr/bin/ldd [ OK ]
/usr/bin/less [ OK ]
/usr/bin/locate [ OK ]
/usr/bin/logger [ OK ]
/usr/bin/lsattr [ OK ]
/usr/bin/lsof [ OK ]
/usr/bin/lynx [ OK ]
/usr/bin/mail [ OK ]
/usr/bin/md5sum [ OK ]
/usr/bin/mlocate [ OK ]
/usr/bin/newgrp [ OK ]
/usr/bin/passwd [ OK ]
/usr/bin/perl [ OK ]
/usr/bin/pstree [ OK ]
/usr/bin/rkhunter [ OK ]
/usr/bin/runcon [ OK ]
/usr/bin/sha1sum [ OK ]
/usr/bin/size [ OK ]
/usr/bin/sort [ OK ]
/usr/bin/stat [ OK ]
/usr/bin/strings [ OK ]
/usr/bin/tail [ OK ]
/usr/bin/test [ OK ]
/usr/bin/top [ OK ]
/usr/bin/touch [ OK ]
/usr/bin/tr [ OK ]
/usr/bin/uniq [ OK ]
/usr/bin/users [ OK ]
/usr/bin/vmstat [ OK ]
/usr/bin/w [ OK ]
/usr/bin/watch [ OK ]
/usr/bin/wc [ OK ]
/usr/bin/wget [ OK ]
/usr/bin/whatis [ OK ]
/usr/bin/whereis [ OK ]
/usr/bin/which [ OK ]
/usr/bin/who [ OK ]
/usr/bin/whoami [ OK ]
/usr/bin/gawk [ Warning ]
/usr/bin/lwp-request [ Warning ]
/usr/bin/lynx.cur [ OK ]
/usr/bin/bsd-mailx [ OK ]
/usr/bin/w.procps [ OK ]
/sbin/depmod [ OK ]
/sbin/ifconfig [ OK ]
/sbin/ifdown [ OK ]
/sbin/ifup [ OK ]
/sbin/init [ OK ]
/sbin/insmod [ OK ]
/sbin/ip [ OK ]
/sbin/lsmod [ OK ]
/sbin/modinfo [ OK ]
/sbin/modprobe [ OK ]
/sbin/rmmod [ OK ]
/sbin/runlevel [ OK ]
/sbin/sulogin [ OK ]
/sbin/sysctl [ OK ]
/usr/sbin/adduser [ OK ]
/usr/sbin/chroot [ OK ]
/usr/sbin/cron [ OK ]
/usr/sbin/groupadd [ OK ]
/usr/sbin/groupdel [ OK ]
/usr/sbin/groupmod [ OK ]
/usr/sbin/grpck [ OK ]
/usr/sbin/inetd [ OK ]
/usr/sbin/nologin [ OK ]
/usr/sbin/pwck [ OK ]
/usr/sbin/rsyslogd [ OK ]
/usr/sbin/tcpd [ OK ]
/usr/sbin/unhide [ Warning ]
/usr/sbin/useradd [ OK ]
/usr/sbin/userdel [ OK ]
/usr/sbin/usermod [ OK ]
/usr/sbin/vipw [ OK ]
/usr/sbin/unhide-linux26 [ Warning ]

Checking for rootkits...

Performing check of known rootkit files and directories
55808 Trojan - Variant A [ Not found ]
ADM Worm [ Not found ]
AjaKit Rootkit [ Not found ]
aPa Kit [ Not found ]
Apache Worm [ Not found ]
Ambient (ark) Rootkit [ Not found ]
Balaur Rootkit [ Not found ]
BeastKit Rootkit [ Not found ]
beX2 Rootkit [ Not found ]
BOBKit Rootkit [ Not found ]
CiNIK Worm (Slapper.B variant) [ Not found ]
Danny-Boy's Abuse Kit [ Not found ]
Devil RootKit [ Not found ]
Dica-Kit Rootkit [ Not found ]
Dreams Rootkit [ Not found ]
Duarawkz Rootkit [ Not found ]
Enye LKM [ Not found ]
Flea Linux Rootkit [ Not found ]
FreeBSD Rootkit [ Not found ]
Fuck`it Rootkit [ Not found ]
GasKit Rootkit [ Not found ]
Heroin LKM [ Not found ]
HjC Kit [ Not found ]
ignoKit Rootkit [ Not found ]
ImperalsS-FBRK Rootkit [ Not found ]
Irix Rootkit [ Not found ]
Kitko Rootkit [ Not found ]
Knark Rootkit [ Not found ]
Li0n Worm [ Not found ]
Lockit / LJK2 Rootkit [ Not found ]
Mood-NT Rootkit [ Not found ]
MRK Rootkit [ Not found ]
Ni0 Rootkit [ Not found ]
Ohhara Rootkit [ Not found ]
Optic Kit (Tux) Worm [ Not found ]
Oz Rootkit [ Not found ]
Phalanx Rootkit [ Not found ]
Phalanx Rootkit (strings) [ Not found ]
Portacelo Rootkit [ Not found ]
R3dstorm Toolkit [ Not found ]
RH-Sharpe's Rootkit [ Not found ]
RSHA's Rootkit [ Not found ]
Scalper Worm [ Not found ]
Sebek LKM [ Not found ]
Shutdown Rootkit [ Not found ]
SHV4 Rootkit [ Not found ]
SHV5 Rootkit [ Not found ]
Sin Rootkit [ Not found ]
Slapper Worm [ Not found ]
Sneakin Rootkit [ Not found ]
Suckit Rootkit [ Not found ]
SunOS Rootkit [ Not found ]
SunOS / NSDAP Rootkit [ Not found ]
Superkit Rootkit [ Not found ]
TBD (Telnet BackDoor) [ Not found ]
TeLeKiT Rootkit [ Not found ]
T0rn Rootkit [ Not found ]
Trojanit Kit [ Not found ]
Tuxtendo Rootkit [ Not found ]
URK Rootkit [ Not found ]
VcKit Rootkit [ Not found ]
Volc Rootkit [ Not found ]
X-Org SunOS Rootkit [ Not found ]
zaRwT.KiT Rootkit [ Not found ]

Performing additional rootkit checks
Suckit Rookit additional checks [ OK ]
Checking for possible rootkit files and directories [ None found ]
Checking for possible rootkit strings [ None found ]

Performing malware checks
Checking running processes for suspicious files [ None found ]
Checking for login backdoors [ None found ]
Checking for suspicious directories [ None found ]
Checking for sniffer log files [ None found ]

Performing trojan specific checks
Checking for enabled inetd services [ OK ]
Checking for Apache backdoor [ Not found ]

Performing Linux specific checks
Checking kernel module commands [ Warning ]
Checking kernel module names [ OK ]

Checking the network...

Performing checks on the network interfaces
Checking for promiscuous interfaces [ None found ]

Checking the local host...

Performing system boot checks
Checking for local host name [ Found ]
Checking for local startup files [ Found ]
Checking local startup files for malware [ None found ]
Checking system startup files for malware [ None found ]

Performing group and account checks
Checking for passwd file [ Found ]
Checking for root equivalent (UID 0) accounts [ None found ]
Checking for passwordless accounts [ None found ]
Checking for passwd file changes [ None found ]
Checking for group file changes [ None found ]
Checking root account shell history files [ OK ]

Performing system configuration file checks
Checking for SSH configuration file [ Found ]
Checking if SSH root access is allowed [ Warning ]
Checking if SSH protocol v1 is allowed [ Not allowed ]
Checking for running syslog daemon [ Found ]
Checking for syslog configuration file [ Found ]
Checking if syslog remote logging is allowed [ Not allowed ]

Performing filesystem checks
Checking /dev for suspicious file types [ None found ]
Checking for hidden files and directories [ None found ]

Checking application versions...

Checking version of GnuPG [ OK ]
Checking version of Bind DNS [ OK ]
Checking version of OpenSSL [ OK ]
Checking version of PHP [ OK ]
Checking version of OpenSSH [ OK ]


System checks summary
=====================

File properties checks...
Files checked: 127
Suspect files: 6

Rootkit checks...
Rootkits checked : 108
Possible rootkits: 0

Applications checks...
Applications checked: 5
Suspect applications: 0

The system checks took: 1 minute and 27 seconds

All results have been written to the logfile (/var/log/rkhunter.log)

One or more warnings have been found while checking the system.
Please check the log file (/var/log/rkhunter.log)


Thanks in advance for your help.
Reply With Quote
Sponsored Links