View Single Post
  #3  
Old 14th January 2012, 11:46
007007 007007 is offline
Senior Member
 
Join Date: Jul 2010
Posts: 139
Thanks: 5
Thanked 0 Times in 0 Posts
Default

thanks for help Till

grep maroclivehd /var/log/syslog

Code:
Jan 14 06:31:14 ks3095867 named[2392]: client 213.186.33.199#55454: query (cache) 'MYSITE.COM/SOA/IN' denied
Jan 14 06:31:14 ks3095867 named[2392]: client 213.186.33.199#46632: bad zone transfer request: 'MYSITE.COM/IN': non-authoritative zone (NOTAUTH)
Jan 14 07:31:14 ks3095867 named[2392]: client 213.186.33.199#55454: query (cache) 'MYSITE.COM/SOA/IN' denied
Jan 14 07:31:14 ks3095867 named[2392]: client 213.186.33.199#37543: bad zone transfer request: 'MYSITE.COM/IN': non-authoritative zone (NOTAUTH)
Jan 14 08:31:16 ks3095867 named[2392]: client 213.186.33.199#55830: query (cache) 'MYSITE.COM/SOA/IN' denied
Jan 14 08:31:16 ks3095867 named[2392]: client 213.186.33.199#43013: bad zone transfer request: 'MYSITE.COM/IN': non-authoritative zone (NOTAUTH)
Jan 14 09:31:15 ks3095867 named[2392]: client 213.186.33.199#33109: query (cache) 'MYSITE.COM/SOA/IN' denied
Jan 14 09:31:15 ks3095867 named[2392]: client 213.186.33.199#45102: bad zone transfer request: 'MYSITE.COM/IN': non-authoritative zone (NOTAUTH)
Jan 14 09:50:16 ks3095867 named[2392]: client 62.251.230.71#27639: query (cache) 'MYSITE.COM/A/IN' denied
Jan 14 09:50:17 ks3095867 named[2392]: client 62.251.230.71#22910: query (cache) 'MYSITE.COM/A/IN' denied
Jan 14 09:50:18 ks3095867 named[2392]: client 62.251.230.71#64260: query (cache) 'MYSITE.COM/A/IN' denied
Jan 14 09:50:20 ks3095867 named[2392]: client 62.251.230.71#59877: query (cache) 'MYSITE.COM/A/IN' denied
Jan 14 09:50:23 ks3095867 named[2392]: client 62.251.230.71#9646: query (cache) 'MYSITE.COM/A/IN' denied
Jan 14 09:50:24 ks3095867 named[2392]: client 62.251.230.71#28408: query (cache) 'MYSITE.COM/A/IN' denied
Jan 14 09:50:25 ks3095867 named[2392]: client 62.251.230.71#45122: query (cache) 'MYSITE.COM/A/IN' denied
Jan 14 09:50:26 ks3095867 named[2392]: client 62.251.230.71#22205: query (cache) 'www.MYSITE.COM/A/IN' denied
Jan 14 09:50:27 ks3095867 named[2392]: client 62.251.230.71#49423: query (cache) 'MYSITE.COM/A/IN' denied
Jan 14 09:50:27 ks3095867 named[2392]: client 62.251.230.71#11251: query (cache) 'www.MYSITE.COM/A/IN' denied
Jan 14 09:50:28 ks3095867 named[2392]: client 62.251.230.71#9886: query (cache) 'www.MYSITE.COM/A/IN' denied
Jan 14 09:50:30 ks3095867 named[2392]: client 62.251.230.71#63706: query (cache) 'www.MYSITE.COM/A/IN' denied
Jan 14 09:50:31 ks3095867 named[2392]: client 62.251.230.71#37970: query (cache) 'www.MYSITE.COM/A/IN' denied
Jan 14 09:50:32 ks3095867 named[2392]: client 62.251.230.71#16355: query (cache) 'www.MYSITE.COM/A/IN' denied
Jan 14 09:50:33 ks3095867 named[2392]: client 62.251.230.71#25607: query (cache) 'www.MYSITE.COM/A/IN' denied
Jan 14 09:50:35 ks3095867 named[2392]: client 62.251.230.71#23554: query (cache) 'www.MYSITE.COM/A/IN' denied
Jan 14 09:55:20 ks3095867 named[2392]: client 62.251.230.71#52016: query (cache) 'www.MYSITE.COM/A/IN' denied
Jan 14 09:55:21 ks3095867 named[2392]: client 62.251.230.71#18395: query (cache) 'www.MYSITE.COM/A/IN' denied
Jan 14 09:55:22 ks3095867 named[2392]: client 62.251.230.71#47125: query (cache) 'www.MYSITE.COM/A/IN' denied
Jan 14 09:55:24 ks3095867 named[2392]: client 62.251.230.71#35976: query (cache) 'www.MYSITE.COM/A/IN' denied
Jan 14 09:55:43 ks3095867 named[2392]: client 62.251.230.71#54369: query (cache) 'www.MYSITE.COM/A/IN' denied
Jan 14 09:55:44 ks3095867 named[2392]: client 62.251.230.71#29841: query (cache) 'www.MYSITE.COM/A/IN' denied
Jan 14 09:55:45 ks3095867 named[2392]: client 62.251.230.71#36667: query (cache) 'www.MYSITE.COM/A/IN' denied
Jan 14 09:55:47 ks3095867 named[2392]: client 62.251.230.71#52628: query (cache) 'www.MYSITE.COM/A/IN' denied
Jan 14 09:58:18 ks3095867 named[2392]: client 93.113.174.225#53168: query (cache) 'MYSITE.COM/NS/IN' denied
Jan 14 09:58:18 ks3095867 named[2392]: client 93.113.174.225#19815: query (cache) 'MYSITE.COM/MX/IN' denied
Jan 14 09:58:18 ks3095867 named[2392]: client 93.113.174.225#59876: query (cache) 'MYSITE.COM/SOA/IN' denied
Jan 14 09:58:18 ks3095867 named[2392]: client 74.125.78.86#47746: query (cache) 'www.MYSITE.COM/A/IN' denied
Jan 14 09:58:18 ks3095867 named[2392]: client 74.125.78.90#63359: query (cache) 'www.MYSITE.COM/A/IN' denied
Jan 14 09:58:25 ks3095867 named[2392]: client 62.251.230.71#34915: query (cache) 'www.MYSITE.COM/A/IN' denied
Jan 14 09:58:26 ks3095867 named[2392]: client 62.251.230.71#1341: query (cache) 'www.MYSITE.COM/A/IN' denied
Jan 14 09:58:27 ks3095867 named[2392]: client 62.251.230.71#44196: query (cache) 'www.MYSITE.COM/A/IN' denied
Jan 14 09:58:29 ks3095867 named[2392]: client 62.251.230.71#2992: query (cache) 'www.MYSITE.COM/A/IN' denied
Jan 14 09:59:01 ks3095867 named[2392]: client 62.251.230.71#18676: query (cache) 'MYSITE.COM/A/IN' denied
Jan 14 09:59:02 ks3095867 named[2392]: client 62.251.230.71#49216: query (cache) 'MYSITE.COM/A/IN' denied
Jan 14 09:59:03 ks3095867 named[2392]: client 62.251.230.71#15525: query (cache) 'MYSITE.COM/A/IN' denied
Jan 14 09:59:04 ks3095867 named[2392]: client 62.251.230.71#36440: query (cache) 'www.MYSITE.COM/A/IN' denied
Jan 14 09:59:05 ks3095867 named[2392]: client 62.251.230.71#3779: query (cache) 'MYSITE.COM/A/IN' denied
Jan 14 09:59:05 ks3095867 named[2392]: client 62.251.230.71#15359: query (cache) 'www.MYSITE.COM/A/IN' denied
Jan 14 09:59:06 ks3095867 named[2392]: client 62.251.230.71#5384: query (cache) 'www.MYSITE.COM/A/IN' denied
Jan 14 09:59:08 ks3095867 named[2392]: client 62.251.230.71#8460: query (cache) 'www.MYSITE.COM/A/IN' denied
Jan 14 10:00:22 ks3095867 named[2392]: client 62.251.230.71#24906: query (cache) 'www.MYSITE.COM/A/IN' denied
Jan 14 10:00:23 ks3095867 named[2392]: client 62.251.230.71#20119: query (cache) 'www.MYSITE.COM/A/IN' denied
Jan 14 10:00:24 ks3095867 named[2392]: client 62.251.230.71#16968: query (cache) 'www.MYSITE.COM/A/IN' denied
Jan 14 10:00:26 ks3095867 named[2392]: client 62.251.230.71#35542: query (cache) 'www.MYSITE.COM/A/IN' denied
Jan 14 10:00:29 ks3095867 named[2392]: client 62.251.230.71#58617: query (cache) 'MYSITE.COM/A/IN' denied
Jan 14 10:00:30 ks3095867 named[2392]: client 62.251.230.71#11739: query (cache) 'MYSITE.COM/A/IN' denied
Jan 14 10:00:31 ks3095867 named[2392]: client 62.251.230.71#23440: query (cache) 'MYSITE.COM/A/IN' denied
Jan 14 10:00:33 ks3095867 named[2392]: client 62.251.230.71#43229: query (cache) 'MYSITE.COM/A/IN' denied
Jan 14 10:07:03 ks3095867 named[2392]: client 62.251.230.71#5099: query (cache) 'www.MYSITE.COM/A/IN' denied
Jan 14 10:07:04 ks3095867 named[2392]: client 62.251.230.71#64359: query (cache) 'www.MYSITE.COM/A/IN' denied
Jan 14 10:07:05 ks3095867 named[2392]: client 62.251.230.71#61311: query (cache) 'www.MYSITE.COM/A/IN' denied
Jan 14 10:07:07 ks3095867 named[2392]: client 62.251.230.71#11889: query (cache) 'www.MYSITE.COM/A/IN' denied
Jan 14 10:23:48 ks3095867 named[2392]: client 62.251.230.71#46522: query (cache) 'MYSITE.COM/A/IN' denied
Jan 14 10:23:49 ks3095867 named[2392]: client 62.251.230.71#39070: query (cache) 'MYSITE.COM/A/IN' denied
Jan 14 10:23:50 ks3095867 named[2392]: client 62.251.230.71#60011: query (cache) 'MYSITE.COM/A/IN' denied
Jan 14 10:23:52 ks3095867 named[2392]: client 62.251.230.71#8710: query (cache) 'MYSITE.COM/A/IN' denied
Jan 14 10:23:55 ks3095867 named[2392]: client 62.251.230.71#45746: query (cache) 'www.MYSITE.COM/A/IN' denied
Jan 14 10:23:56 ks3095867 named[2392]: client 62.251.230.71#9878: query (cache) 'www.MYSITE.COM/A/IN' denied
Jan 14 10:23:57 ks3095867 named[2392]: client 62.251.230.71#30307: query (cache) 'www.MYSITE.COM/A/IN' denied
Jan 14 10:23:59 ks3095867 named[2392]: client 62.251.230.71#59832: query (cache) 'www.MYSITE.COM/A/IN' denied
Jan 14 10:24:01 ks3095867 named[2392]: client 62.251.230.71#32751: query (cache) 'www.MYSITE.COM/A/IN' denied
Jan 14 10:24:02 ks3095867 named[2392]: client 62.251.230.71#58837: query (cache) 'www.MYSITE.COM/A/IN' denied
Jan 14 10:24:03 ks3095867 named[2392]: client 62.251.230.71#38742: query (cache) 'www.MYSITE.COM/A/IN' denied
Jan 14 10:24:05 ks3095867 named[2392]: client 62.251.230.71#25986: query (cache) 'www.MYSITE.COM/A/IN' denied
Jan 14 10:31:15 ks3095867 named[2392]: client 213.186.33.199#33109: query (cache) 'MYSITE.COM/SOA/IN' denied
Jan 14 10:31:15 ks3095867 named[2392]: client 213.186.33.199#50649: bad zone transfer request: 'MYSITE.COM/IN': non-authoritative zone (NOTAUTH)
Jan 14 10:32:12 ks3095867 named[2392]: client 74.125.78.83#60884: query (cache) 'MYSITE.COM/A/IN' denied




netstat -tap

Code:
Proto Recv-Q Send-Q Adresse locale          Adresse distante        Etat        PID/Program name
tcp        0      0 localhost.localdo:spamd *:*                     LISTEN      3222/spamd.pid
tcp        0      0 *:ftp                   *:*                     LISTEN      3190/pure-ftpd (SER
tcp        0      0 ks3095867.kimsuf:domain *:*                     LISTEN      2392/named
tcp        0      0 localhost.locald:domain *:*                     LISTEN      2392/named
tcp        0      0 *:ssh                   *:*                     LISTEN      12122/sshd
tcp        0      0 *:smtp                  *:*                     LISTEN      3313/master
tcp        0      0 localhost.localdo:10024 *:*                     LISTEN      3004/amavisd (maste
tcp        0      0 localhost.localdo:10025 *:*                     LISTEN      3313/master
tcp        0      0 *:mysql                 *:*                     LISTEN      2787/mysqld
tcp        0      0 localhost.localdo:48462 localhost.localdo:mysql ESTABLISHED 3005/amavisd (ch3-a
tcp        0      0 localhost.localdo:mysql localhost.localdo:48462 ESTABLISHED 2787/mysqld
tcp        0      0 ks3095867.kimsufi.c:ssh 41.251.113.158:51941    ESTABLISHED 25083/sshd: root@no
tcp        0     52 ks3095867.kimsufi.c:ssh 41.251.113.158:51973    ESTABLISHED 25136/0
tcp6       0      0 [::]:pop3               [::]:*                  LISTEN      2369/couriertcpd
tcp6       0      0 [::]:imap2              [::]:*                  LISTEN      2370/couriertcpd
tcp6       0      0 [::]:http-alt           [::]:*                  LISTEN      10552/apache2
tcp6       0      0 [::]:www                [::]:*                  LISTEN      10552/apache2
tcp6       0      0 [::]:tproxy             [::]:*                  LISTEN      10552/apache2
tcp6       0      0 [::]:ftp                [::]:*                  LISTEN      3190/pure-ftpd (SER
tcp6       0      0 [::]:domain             [::]:*                  LISTEN      2392/named
tcp6       0      0 [::]:ssh                [::]:*                  LISTEN      12122/sshd
tcp6       0      0 [::]:https              [::]:*                  LISTEN      10552/apache2
tcp6       0      0 [::]:imaps              [::]:*                  LISTEN      2371/couriertcpd
tcp6       0      0 [::]:pop3s              [::]:*                  LISTEN      2373/couriertcpd




iptables -L

Code:
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
fail2ban-courierimaps  tcp  --  anywhere             anywhere            multiport dports imaps
fail2ban-courierpop3s  tcp  --  anywhere             anywhere            multiport dports pop3s
fail2ban-ssh  tcp  --  anywhere             anywhere            multiport dports ssh

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain fail2ban-courierimap (0 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Chain fail2ban-courierimaps (1 references)
target     prot opt source               destination

Chain fail2ban-courierpop3 (0 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Chain fail2ban-courierpop3s (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Chain fail2ban-sasl (0 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Chain fail2ban-ssh (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere
Reply With Quote