Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > General

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 26th October 2010, 20:52
kresser kresser is offline
Junior Member
 
Join Date: Jan 2010
Posts: 23
Thanks: 0
Thanked 4 Times in 4 Posts
Exclamation Being Spammed/Hacked/Probed not sure PLEASE HELP!

I am really concerned as I have quite a few clients on an ISP config server and honestly I'm a little fresh when it comes to dealing with Internet vandals, maintenance and building I'm fine but I'm not real keen on how to protect. I've built several ISP config servers and this is the first time I've been getting attacked, so I think. Fail2ban has been repeatedly blocking IP addresses with the word SSH next to the IP address which I'm assuming means I've had repeated failed SSH login attempts.

I have been taking all of those IP addresses that show up and creating an individual firewall rule to reject communication. I have looked at some of my individual site records and found where what looks like someone has been probing for my PHPmyadmin management pages,as well as other Internet configuration and management pages.

I am also seeing tons of communication from spamming sites in foreign countries such as Germany, Russia, Belgium, and many many more.

Here recently many of my users across all of my virtual domains have been experiencing " 500 error, internal server error" mostly through my e-mail client roundcube, I run that as well as squirrel mail, PHPmyadmin and all the basic tools used in the Debian Lenny "the perfect server how to".

I really need some assistance in figuring out a proactive way to stop communication with the sites, may be blacklisting the domains and the proper way to restrict these addresses. I have found where to blacklist e-mail accounts, however I don't see such a tool to block domains.

It would be cool if someone could share with me how to implement a script where after a certain number of repeated communication attempts through different channels such as SSH or unauthorized SSL or username probing that that particular client would be blocked permanently from communication.

I am including some of the log files so maybe someone can help me make sense of this. The IP addresses included in the logs are not any of my personal addresses for this platform.

The Main reason I need help others than the clarification on the log files and what to do is what's going on with the internal server error 500. I need to get rid of that where my clients stop having problems. here are the log files and where they came from.

"mail warn-log"
Quote:
Sep 25 06:52:33 messiah postfix/smtpd[3925]: warning: 173.236.34.70: address not listed for hostname ns1.bitlocal.com
Sep 25 06:52:34 messiah postfix/smtpd[3925]: warning: unknown[173.236.34.70]: SASL LOGIN authentication failed: authentication failure
Sep 25 06:52:34 messiah postfix/smtpd[3925]: warning: 173.236.34.70: address not listed for hostname ns1.bitlocal.com
Sep 25 06:52:35 messiah postfix/smtpd[3925]: warning: unknown[173.236.34.70]: SASL LOGIN authentication failed: authentication failure
Sep 25 06:52:35 messiah postfix/smtpd[3925]: warning: 173.236.34.70: address not listed for hostname ns1.bitlocal.com
Sep 25 06:52:36 messiah postfix/smtpd[3925]: warning: unknown[173.236.34.70]: SASL LOGIN authentication failed: authentication failure
Sep 25 06:52:36 messiah postfix/smtpd[3925]: warning: 173.236.34.70: address not listed for hostname ns1.bitlocal.com
Sep 25 06:52:38 messiah postfix/smtpd[3925]: warning: unknown[173.236.34.70]: SASL LOGIN authentication failed: authentication failure
Sep 25 06:52:38 messiah postfix/smtpd[3925]: warning: 173.236.34.70: address not listed for hostname ns1.bitlocal.com
Sep 25 06:52:39 messiah postfix/smtpd[3925]: warning: unknown[173.236.34.70]: SASL LOGIN authentication failed: authentication failure
Sep 25 06:52:39 messiah postfix/smtpd[3925]: warning: 173.236.34.70: address not listed for hostname ns1.bitlocal.com
Sep 25 06:52:40 messiah postfix/smtpd[3925]: warning: unknown[173.236.34.70]: SASL LOGIN authentication failed: authentication failure
Sep 25 06:52:40 messiah postfix/smtpd[3925]: warning: 173.236.34.70: address not listed for hostname ns1.bitlocal.com
Sep 25 06:52:41 messiah postfix/smtpd[3925]: warning: unknown[173.236.34.70]: SASL LOGIN authentication failed: authentication failure
Sep 25 06:52:41 messiah postfix/smtpd[3925]: warning: 173.236.34.70: address not listed for hostname ns1.bitlocal.com
Sep 25 06:52:42 messiah postfix/smtpd[3925]: warning: unknown[173.236.34.70]: SASL LOGIN authentication failed: authentication failure
Sep 25 06:52:42 messiah postfix/smtpd[3925]: warning: 173.236.34.70: address not listed for hostname ns1.bitlocal.com
Sep 25 06:52:46 messiah postfix/smtpd[3925]: warning: unknown[173.236.34.70]: SASL LOGIN authentication failed: authentication failure
Sep 25 06:52:46 messiah postfix/smtpd[3925]: warning: 173.236.34.70: address not listed for hostname ns1.bitlocal.com
Sep 25 09:45:00 messiah postfix/smtpd[5567]: warning: 64.206.180.28: address not listed for hostname COLLEGEROADTRIP.NET
Sep 26 10:01:29 messiah postfix/smtpd[22470]: warning: 64.206.180.32: address not listed for hostname EDUCATIONDECATHLON.NET
Sep 26 13:56:00 messiah postfix/master[32730]: warning: master_spawn: fork: Cannot allocate memory -- throttling
Sep 26 19:05:01 messiah postfix/master[32730]: warning: master_spawn: fork: Cannot allocate memory -- throttling
Sep 29 13:36:29 messiah postfix/smtpd[32035]: warning: TLS library problem: 32035:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1053:SSL alert number 48:
Sep 30 20:45:37 messiah postfix/smtpd[22042]: warning: 74.82.216.23: hostname mx1.COMPSENSELIVE.COM verification failed: Name or service not known
Oct 1 09:49:22 messiah pop3d: Maximum connection limit reached for ::ffff:78.188.11.52
Oct 1 09:49:22 messiah pop3d: Maximum connection limit reached for ::ffff:78.188.11.52
Oct 4 05:38:44 messiah pop3d: Maximum connection limit reached for ::ffff:173.10.255.154
Oct 4 05:38:45 messiah last message repeated 11 times
Oct 4 22:22:00 messiah postfix/smtpd[3527]: warning: rrcs-67-78-121-115.sw.biz.rr.com[67.78.121.115]: SASL LOGIN authentication failed: authentication failure
Oct 5 03:42:53 messiah postfix/smtpd[26033]: warning: rrcs-67-78-121-115.sw.biz.rr.com[67.78.121.115]: SASL LOGIN authentication failed: authentication failure
Oct 8 10:02:34 messiah postfix/smtpd[3441]: warning: 208.67.183.45: hostname host.gravitydeal.com verification failed: Name or service not known
Oct 12 05:38:12 messiah postfix/smtpd[2015]: warning: 69.175.64.132: address not listed for hostname srv1.clickregionalsadv.com
Oct 12 05:38:12 messiah postfix/smtpd[2015]: warning: 69.175.64.132: address not listed for hostname srv1.clickregionalsadv.com
Oct 20 09:53:33 messiah postfix/smtpd[30042]: warning: 24.106.95.18: hostname strongmail.schaeffer.com verification failed: Name or service not known
Oct 21 19:46:36 messiah postfix/smtpd[25989]: warning: 207.126.80.124: address not listed for hostname jersey.educateuniversity.com
Oct 21 21:30:11 messiah postfix/smtpd[1635]: warning: 173.232.50.71: address not listed for hostname dominicanrepublic.dealsposts.com
Oct 22 06:46:37 messiah postfix/smtpd[10124]: warning: unknown[219.232.243.172]: SASL LOGIN authentication failed: authentication failure
Oct 22 06:46:43 messiah last message repeated 3 times
Oct 22 12:01:59 messiah postfix/master[32404]: warning: master_spawn: fork: Cannot allocate memory -- throttling
Oct 22 13:15:40 messiah postfix/smtpd[22296]: warning: 173.232.50.35: address not listed for hostname bouvetisland.dealsposts.com
Oct 22 14:00:18 messiah postfix/master[32404]: warning: master_spawn: fork: Cannot allocate memory -- throttling
Oct 22 14:05:45 messiah postfix/smtpd[19780]: warning: 207.126.80.23: address not listed for hostname bangladesh.educateuniversity.com
Oct 22 14:17:45 messiah postfix/smtpd[25634]: warning: unknown[219.232.243.172]: SASL LOGIN authentication failed: authentication failure
Oct 22 14:17:57 messiah last message repeated 7 times
Oct 22 18:31:50 messiah postfix/smtpd[15632]: warning: 207.126.80.35: address not listed for hostname bouvetisland.educateuniversity.com
Oct 22 20:02:25 messiah amavis[19565]: (19565-08) (!!)TROUBLE in check_mail: parts_decode_ext FAILED: file(1) utility (/usr/bin/file) error: run_command (open pipe): Can't fork at /usr/lib/perl/5.10/IO/File.pm line 66, line 25624. at /usr/sbin/amavisd-new line 2892, line 25624.
Oct 22 20:02:25 messiah amavis[19565]: (19565-08) (!)PRESERVING EVIDENCE in /var/lib/amavis/tmp/amavis-20101022T182026-19565
Oct 23 05:04:01 messiah postfix/smtpd[13948]: warning: unknown[219.232.243.172]: SASL LOGIN authentication failed: authentication failure
Oct 23 05:04:15 messiah last message repeated 8 times
Oct 23 05:08:02 messiah postfix/smtpd[24301]: warning: unknown[219.232.243.172]: SASL LOGIN authentication failed: authentication failure
Oct 23 05:08:14 messiah last message repeated 8 times
Oct 23 07:30:30 messiah postfix/smtpd[22020]: warning: 207.126.80.150: address not listed for hostname marshallislands.educateuniversity.com
Oct 23 08:05:00 messiah amavis[25958]: (25958-09) (!!)TROUBLE in check_mail: parts_decode_ext FAILED: file(1) utility (/usr/bin/file) error: run_command (open pipe): Can't fork at /usr/lib/perl/5.10/IO/File.pm line 66, line 1570. at /usr/sbin/amavisd-new line 2892, line 1570.
Oct 23 08:05:00 messiah amavis[25958]: (25958-09) (!)PRESERVING EVIDENCE in /var/lib/amavis/tmp/amavis-20101023T041452-25958
Oct 23 10:21:37 messiah postfix/smtpd[1505]: warning: 173.232.75.170: address not listed for hostname newzealand.degreeroots.com
Oct 23 10:49:39 messiah postfix/smtpd[15946]: warning: 207.126.76.182: address not listed for hostname papuanewguinea.degreenewsletter.com
Oct 23 11:06:08 messiah postfix/smtpd[23773]: warning: 184.82.91.221: address not listed for hostname svalbard.educateaccess.com
Oct 23 11:19:42 messiah postfix/smtpd[28567]: warning: 67.143.173.11: hostname host671430011173.direcway.com verification failed: Name or service not known
Oct 23 12:11:08 messiah postfix/smtpd[5140]: warning: 207.126.83.134: address not listed for hostname latvia.guidegetup.com
Oct 23 14:00:13 messiah postfix/smtpd[28219]: warning: 207.126.80.217: address not listed for hostname spratlyislands.educateuniversity.com
Oct 23 14:21:50 messiah postfix/smtpd[3401]: warning: 207.126.68.39: address not listed for hostname brunei.chimiesecondspeedup.com
Oct 23 14:34:57 messiah postfix/smtpd[3853]: warning: 207.126.81.144: address not listed for hostname madagascar.fondpauseutilities.com
Oct 23 14:55:37 messiah postfix/smtpd[28134]: warning: 209.135.0.17: address not listed for hostname ashmoreandcartierislands.investforfamily.com
Oct 23 15:45:50 messiah postfix/smtpd[26511]: warning: 173.232.50.132: address not listed for hostname kyrgyzstan.dealsposts.com
Oct 23 16:10:20 messiah postfix/smtpd[19865]: warning: 184.82.90.236: address not listed for hostname tunisia.deliveryschool.com
Oct 23 18:03:05 messiah postfix/smtpd[17899]: warning: 173.232.75.243: address not listed for hostname unitedarabemirates.degreeroots.com
Oct 23 18:49:25 messiah postfix/smtpd[5796]: warning: 173.232.49.186: address not listed for hostname philippines.componentnetworks.com
Oct 23 22:02:53 messiah postfix/smtpd[13450]: warning: 184.82.91.8: address not listed for hostname angola.educateaccess.com
Oct 24 09:00:35 messiah postfix/smtpd[30152]: warning: 173.232.49.249: address not listed for hostname vietnam.componentnetworks.com
Oct 24 09:20:36 messiah postfix/smtpd[11301]: warning: 207.126.80.28: address not listed for hostname belize.educateuniversity.com
Oct 24 10:24:04 messiah postfix/smtpd[17844]: warning: 173.232.50.69: address not listed for hostname djibouti.dealsposts.com
Oct 24 10:50:17 messiah postfix/smtpd[22406]: warning: 173.232.75.102: address not listed for hostname guernsey.degreeroots.com
Oct 24 11:12:36 messiah postfix/smtpd[9640]: warning: 64.191.42.21: address not listed for hostname bahamas.cashforschooling.com
Oct 24 11:35:24 messiah postfix/smtpd[19688]: warning: 209.135.0.208: address not listed for hostname sierraleone.investforfamily.com
Oct 24 11:37:30 messiah postfix/smtpd[30032]: warning: 184.82.91.182: address not listed for hostname papuanewguinea.educateaccess.com
Oct 24 12:16:52 messiah postfix/smtpd[5412]: warning: 207.126.78.116: address not listed for hostname iraq.easyprofessionals.com
Oct 24 14:05:56 messiah postfix/smtpd[24313]: warning: 207.126.83.71: address not listed for hostname dominicanrepublic.guidegetup.com
Oct 24 16:35:51 messiah postfix/smtpd[6070]: warning: 173.232.75.99: address not listed for hostname guadeloupe.degreeroots.com
Oct 24 20:32:37 messiah postfix/smtpd[1401]: warning: non-SMTP command from 118-167-11-217.dynamic.hinet.net[118.167.11.217]: GET http://www.scanproxy.com:80/p-25.html HTTP/1.0
Oct 24 20:32:37 messiah postfix/smtpd[1404]: warning: non-SMTP command from 118-167-11-217.dynamic.hinet.net[118.167.11.217]: GET http://www.scanproxy.com:80/p-25.html HTTP/1.0
Oct 25 09:31:23 messiah postfix/smtpd[16071]: warning: 207.126.80.64: address not listed for hostname cuba.educateuniversity.com
Oct 25 10:54:40 messiah postfix/smtpd[12187]: warning: 209.135.0.121: address not listed for hostname jamaica.investforfamily.com
Oct 25 10:59:45 messiah postfix/smtpd[26266]: warning: 207.126.76.110: address not listed for hostname hongkong.degreenewsletter.com
Oct 25 11:35:38 messiah postfix/smtpd[1675]: warning: 173.232.49.95: address not listed for hostname gloriosoislands.componentnetworks.com
Oct 25 11:53:24 messiah postfix/smtpd[22294]: warning: 173.232.50.227: address not listed for hostname tajikistan.dealsposts.com
Oct 25 12:05:24 messiah postfix/smtpd[10222]: warning: 207.126.83.152: address not listed for hostname mauritania.guidegetup.com
Oct 25 12:11:53 messiah postfix/smtpd[30690]: warning: 173.232.75.64: address not listed for hostname cuba.degreeroots.com
Oct 25 14:00:22 messiah postfix/smtpd[30404]: warning: 207.126.81.158: address not listed for hostname monaco.fondpauseutilities.com
Oct 25 16:39:43 messiah postfix/smtpd[28501]: warning: 173.232.75.95: address not listed for hostname gloriosoislands.degreeroots.com
Oct 25 19:00:08 messiah postfix/local[7758]: warning: fork: Cannot allocate memory
Oct 25 19:00:08 messiah postfix/master[32404]: warning: master_spawn: fork: Cannot allocate memory -- throttling
Oct 25 22:17:44 messiah postfix/smtpd[30399]: warning: 64.191.42.27: address not listed for hostname belgium.cashforschooling.com
Oct 26 08:03:02 messiah amavis[30266]: (30266-13) (!)rw_loop: leaving rw loop, no progress
Oct 26 08:03:02 messiah amavis[30266]: (30266-13) (!)FWD via SMTP: -> , 451 4.5.0 From MTA([127.0.0.1]:10025) during fwd-connect (Negative greeting: at (eval 84) line 555, line 6628.): id=30266-13
Oct 26 08:03:08 messiah amavis[30266]: (30266-13) (!)rw_loop: leaving rw loop, no progress
Oct 26 09:52:25 messiah postfix/smtpd[11301]: warning: 207.126.76.66: address not listed for hostname czechrepublic.degreenewsletter.com
Oct 26 10:03:57 messiah postfix/smtpd[29737]: warning: 173.232.49.59: address not listed for hostname cookislands.componentnetworks.com
Oct 26 10:10:17 messiah postfix/smtpd[15751]: warning: 173.232.75.36: address not listed for hostname brazil.degreeroots.com
Oct 26 11:05:56 messiah postfix/smtpd[27926]: warning: 209.135.0.188: address not listed for hostname poland.investforfamily.com
"fail2ban" - There is close to 100 of these over the last week
Quote:
2010-10-24 04:14:42,808 fail2ban.server : INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.3
2010-10-24 04:14:42,809 fail2ban.jail : INFO Creating new jail 'ssh'
2010-10-24 04:14:42,809 fail2ban.jail : INFO Jail 'ssh' uses poller
2010-10-24 04:14:42,810 fail2ban.filter : INFO Added logfile = /var/log/auth.log
2010-10-24 04:14:42,810 fail2ban.filter : INFO Set maxRetry = 6
2010-10-24 04:14:42,811 fail2ban.filter : INFO Set findtime = 600
2010-10-24 04:14:42,812 fail2ban.actions: INFO Set banTime = 600
2010-10-24 04:14:42,872 fail2ban.jail : INFO Jail 'ssh' started
2010-10-24 04:14:44,895 fail2ban.actions: WARNING [ssh] Ban 111.171.206.167
2010-10-24 04:24:44,902 fail2ban.actions: WARNING [ssh] Unban 111.171.206.167
2010-10-24 06:46:58,005 fail2ban.actions: WARNING [ssh] Ban 111.171.206.167
2010-10-24 06:56:58,888 fail2ban.actions: WARNING [ssh] Unban 111.171.206.167
2010-10-24 08:16:59,866 fail2ban.actions: WARNING [ssh] Ban 111.171.206.167
2010-10-24 08:27:00,460 fail2ban.actions: WARNING [ssh] Unban 111.171.206.167
2010-10-24 11:33:00,403 fail2ban.actions: WARNING [ssh] Ban 113.12.94.87
2010-10-24 11:43:00,494 fail2ban.actions: WARNING [ssh] Unban 113.12.94.87
2010-10-24 19:00:49,672 fail2ban.actions: WARNING [ssh] Ban 219.153.49.151
2010-10-24 19:00:53,737 fail2ban.actions: WARNING [ssh] 219.153.49.151 already banned
2010-10-24 19:10:49,747 fail2ban.actions: WARNING [ssh] Unban 219.153.49.151
2010-10-25 00:26:05,525 fail2ban.actions: WARNING [ssh] Ban 113.12.94.87
2010-10-25 00:36:05,853 fail2ban.actions: WARNING [ssh] Unban 113.12.94.87
2010-10-25 03:04:20,733 fail2ban.actions: WARNING [ssh] Ban 113.12.94.87
2010-10-25 03:14:20,738 fail2ban.actions: WARNING [ssh] Unban 113.12.94.87
2010-10-25 04:14:49,543 fail2ban.filter : INFO Log rotation detected for /var/log/auth.log
2010-10-25 15:46:16,913 fail2ban.actions: WARNING [ssh] Ban 222.73.163.21
2010-10-25 15:56:17,762 fail2ban.actions: WARNING [ssh] Unban 222.73.163.21
2010-10-26 12:15:28,444 fail2ban.actions: WARNING [ssh] Ban 61.135.88.47
2010-10-26 12:15:41,584 fail2ban.actions: WARNING [ssh] 61.135.88.47 already banned
2010-10-26 12:15:42,584 fail2ban.actions: WARNING [ssh] 61.135.88.47 already banned
2010-10-26 12:25:28,588 fail2ban.actions: WARNING [ssh] Unban 61.135.88.47
2010-10-26 12:44:26,603 fail2ban.actions: WARNING [ssh] Ban 180.70.116.110
2010-10-26 12:54:26,610 fail2ban.actions: WARNING [ssh] Unban 180.70.116.110
Site error log - note the config page errors, I never tried to get into management pages through this domain and as a matter of fact their blocked, is someone probing??
Quote:
19 16:26:04 2010] [error] [client 99.198.52.181] File does not exist: /var/www/3ezbids.com/web/favicon.ico
[Sun Sep 19 16:27:55 2010] [error] [client 99.198.52.181] File does not exist: /var/www/3ezbids.com/web/favicon.ico
[Sun Sep 19 16:28:00 2010] [error] [client 99.198.52.181] File does not exist: /var/www/3ezbids.com/web/favicon.ico
[Sun Sep 19 16:28:12 2010] [error] [client 99.198.52.181] File does not exist: /var/www/3ezbids.com/web/favicon.ico
[Sun Sep 19 17:08:32 2010] [error] [client 64.15.159.169] File does not exist: /var/www/3ezbids.com/web/mysql
[Sun Sep 19 17:08:32 2010] [error] [client 64.15.159.169] File does not exist: /var/www/3ezbids.com/web/phpmyadmin
[Sun Sep 19 17:08:32 2010] [error] [client 64.15.159.169] File does not exist: /var/www/3ezbids.com/web/phpMyAdmin
[Sun Sep 19 17:08:32 2010] [error] [client 64.15.159.169] File does not exist: /var/www/3ezbids.com/web/pma
[Sun Sep 19 17:08:32 2010] [error] [client 64.15.159.169] File does not exist: /var/www/3ezbids.com/web/scripts
[Sun Sep 19 17:08:32 2010] [error] [client 64.15.159.169] File does not exist: /var/www/3ezbids.com/web/phpmyadmin, referer: 173.212.254.49
[Sun Sep 19 17:08:32 2010] [error] [client 64.15.159.169] File does not exist: /var/www/3ezbids.com/web/phpmyadmin
[Sun Sep 19 17:08:32 2010] [error] [client 64.15.159.169] File does not exist: /var/www/3ezbids.com/web/mysql, referer: 173.212.254.49
[Sun Sep 19 17:08:32 2010] [error] [client 64.15.159.169] File does not exist: /var/www/3ezbids.com/web/phpmyadmin, referer: 173.212.254.49
[Sun Sep 19 17:08:32 2010] [error] [client 64.15.159.169] File does not exist: /var/www/3ezbids.com/web/pma, referer: 173.212.254.49
[Sun Sep 19 17:08:32 2010] [error] [client 64.15.159.169] File does not exist: /var/www/3ezbids.com/web/mysql
[Sun Sep 19 17:08:32 2010] [error] [client 64.15.159.169] File does not exist: /var/www/3ezbids.com/web/phpMyAdmin, referer: 173.212.254.49
[Sun Sep 19 17:08:32 2010] [error] [client 64.15.159.169] File does not exist: /var/www/3ezbids.com/web/scripts, referer: 173.212.254.49
[Sun Sep 19 17:08:32 2010] [error] [client 64.15.159.169] File does not exist: /var/www/3ezbids.com/web/pma
[Sun Sep 19 17:08:32 2010] [error] [client 64.15.159.169] File does not exist: /var/www/3ezbids.com/web/phpMyAdmin
[Sun Sep 19 17:08:32 2010] [error] [client 64.15.159.169] File does not exist: /var/www/3ezbids.com/web/mysql, referer: 173.212.254.49
[Sun Sep 19 17:08:32 2010] [error] [client 64.15.159.169] File does not exist: /var/www/3ezbids.com/web/scripts
[Sun Sep 19 17:08:32 2010] [error] [client 64.15.159.169] File does not exist: /var/www/3ezbids.com/web/pma, referer: 173.212.254.49
[Sun Sep 19 17:08:32 2010] [error] [client 64.15.159.169] File does not exist: /var/www/3ezbids.com/web/phpMyAdmin, referer: 173.212.254.49
[Sun Sep 19 17:08:32 2010] [error] [client 64.15.159.169] File does not exist: /var/www/3ezbids.com/web/scripts, referer: 173.212.254.49
[Sun Sep 19 17:58:50 2010] [error] [client 99.198.52.181] File does not exist: /var/www/3ezbids.com/web/favicon.ico
[Sun Sep 19 19:48:19
More for the same site, I used net tools to check the ip's and they are coming from Germany and Russia mostly, whats going on??


Quote:
/var/www/3ezbids.com/web/favicon.ico
[Thu Sep 23 06:44:14 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/w00tw00t.at.blackhats.romanian.anti-sec
[Thu Sep 23 06:44:15 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/scripts
[Thu Sep 23 06:44:15 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/admin
[Thu Sep 23 06:44:16 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/admin
[Thu Sep 23 06:44:16 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/admin
[Thu Sep 23 06:44:17 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/db
[Thu Sep 23 06:44:17 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/dbadmin
[Thu Sep 23 06:44:17 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/myadmin
[Thu Sep 23 06:44:18 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/mysql
[Thu Sep 23 06:44:18 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/mysqladmin
[Thu Sep 23 06:44:19 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/typo3
[Thu Sep 23 06:44:19 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpadmin
[Thu Sep 23 06:44:19 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpMyAdmin
[Thu Sep 23 06:44:20 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpmyadmin
[Thu Sep 23 06:44:20 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpmyadmin1
[Thu Sep 23 06:44:21 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpmyadmin2
[Thu Sep 23 06:44:21 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/pma
[Thu Sep 23 06:44:21 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/web
[Thu Sep 23 06:44:22 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/xampp
[Thu Sep 23 06:44:22 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/web
[Thu Sep 23 06:44:23 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/php-my-admin
[Thu Sep 23 06:44:23 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/websql
[Thu Sep 23 06:44:23 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpmyadmin
[Thu Sep 23 06:44:24 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpMyAdmin
[Thu Sep 23 06:44:24 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpMyAdmin-2
[Thu Sep 23 06:44:25 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/php-my-admin
[Thu Sep 23 06:44:25 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpMyAdmin-2.2.3
[Thu Sep 23 06:44:25 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpMyAdmin-2.2.6
[Thu Sep 23 06:44:26 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpMyAdmin-2.5.1
[Thu Sep 23 06:44:27 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpMyAdmin-2.5.4
[Thu Sep 23 06:44:27 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpMyAdmin-2.5.5-rc1
[Thu Sep 23 06:44:27 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpMyAdmin-2.5.5-rc2
[Thu Sep 23 06:44:27 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpMyAdmin-2.5.5
[Thu Sep 23 06:44:28 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpMyAdmin-2.5.5-pl1
[Thu Sep 23 06:44:28 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpMyAdmin-2.5.6-rc1
[Thu Sep 23 06:44:29 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpMyAdmin-2.5.6-rc2
[Thu Sep 23 06:44:29 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpMyAdmin-2.5.6
[Thu Sep 23 06:44:29 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpMyAdmin-2.5.7
[Thu Sep 23 06:44:30 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpMyAdmin-2.5.7-pl1
[Thu Sep 23 06:44:30 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpMyAdmin-2.6.0-alpha
[Thu Sep 23 06:44:31 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpMyAdmin-2.6.0-alpha2
[Thu Sep 23 06:44:31 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpMyAdmin-2.6.0-beta1
[Thu Sep 23 06:44:31 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpMyAdmin-2.6.0-beta2
[Thu Sep 23 06:44:32 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpMyAdmin-2.6.0-rc1
[Thu Sep 23 06:44:32 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpMyAdmin-2.6.0-rc2
[Thu Sep 23 06:44:33 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpMyAdmin-2.6.0-rc3
[Thu Sep 23 06:44:33 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpMyAdmin-2.6.0
[Thu Sep 23 06:44:33 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpMyAdmin-2.6.0-pl1
[Thu Sep 23 06:44:34 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpMyAdmin-2.6.0-pl2
[Thu Sep 23 06:44:34 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpMyAdmin-2.6.0-pl3
[Thu Sep 23 06:44:35 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpMyAdmin-2.6.1-rc1
[Thu Sep 23 06:44:35 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpMyAdmin-2.6.1-rc2
[Thu Sep 23 06:44:35 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpMyAdmin-2.6.1
[Thu Sep 23 06:44:36 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpMyAdmin-2.6.1-pl1
[Thu Sep 23 06:44:36 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpMyAdmin-2.6.1-pl2
[Thu Sep 23 06:44:37 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpMyAdmin-2.6.1-pl3
[Thu Sep 23 06:44:37 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpMyAdmin-2.6.2-rc1
[Thu Sep 23 06:44:37 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpMyAdmin-2.6.2-beta1
[Thu Sep 23 06:44:38 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpMyAdmin-2.6.2-rc1
[Thu Sep 23 06:44:38 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpMyAdmin-2.6.2
[Thu Sep 23 06:44:39 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpMyAdmin-2.6.2-pl1
[Thu Sep 23 06:44:39 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpMyAdmin-2.6.3
[Thu Sep 23 06:44:39 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpMyAdmin-2.6.3-rc1
[Thu Sep 23 06:44:40 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpMyAdmin-2.6.3
[Thu Sep 23 06:44:40 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpMyAdmin-2.6.3-pl1
[Thu Sep 23 06:44:41 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpMyAdmin-2.6.4-rc1
[Thu Sep 23 06:44:41 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpMyAdmin-2.6.4-pl1
[Thu Sep 23 06:44:41 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpMyAdmin-2.6.4-pl2
[Thu Sep 23 06:44:42 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpMyAdmin-2.6.4-pl3
[Thu Sep 23 06:44:42 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpMyAdmin-2.6.4-pl4
[Thu Sep 23 06:44:43 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpMyAdmin-2.6.4
[Thu Sep 23 06:44:43 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpMyAdmin-2.7.0-beta1
[Thu Sep 23 06:44:43 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpMyAdmin-2.7.0-rc1
[Thu Sep 23 06:44:44 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpMyAdmin-2.7.0-pl1
[Thu Sep 23 06:44:45 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpMyAdmin-2.7.0-pl2
[Thu Sep 23 06:44:45 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpMyAdmin-2.7.0
[Thu Sep 23 06:44:45 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpMyAdmin-2.8.0-beta1
[Thu Sep 23 06:44:45 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpMyAdmin-2.8.0-rc1
[Thu Sep 23 06:44:46 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpMyAdmin-2.8.0-rc2
[Thu Sep 23 06:44:46 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpMyAdmin-2.8.0
[Thu Sep 23 06:44:47 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpMyAdmin-2.8.0.1
[Thu Sep 23 06:44:47 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpMyAdmin-2.8.0.2
[Thu Sep 23 06:44:47 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpMyAdmin-2.8.0.3
[Thu Sep 23 06:44:47 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpMyAdmin-2.8.0.4
[Thu Sep 23 06:44:48 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpMyAdmin-2.8.1-rc1
[Thu Sep 23 06:44:48 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpMyAdmin-2.8.1
[Thu Sep 23 06:44:49 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpMyAdmin-2.8.2
[Thu Sep 23 06:44:49 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/sqlmanager
[Thu Sep 23 06:44:49 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/mysqlmanager
[Thu Sep 23 06:44:50 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/p
[Thu Sep 23 06:44:50 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/PMA2005
[Thu Sep 23 06:44:51 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/pma2005
[Thu Sep 23 06:44:51 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpmanager
[Thu Sep 23 06:44:51 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/php-myadmin
[Thu Sep 23 06:44:52 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/phpmy-admin
[Thu Sep 23 06:44:52 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/webadmin
[Thu Sep 23 06:44:53 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/sqlweb
[Thu Sep 23 06:44:53 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/websql
[Thu Sep 23 06:44:53 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/webdb
[Thu Sep 23 06:44:54 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/mysqladmin
[Thu Sep 23 06:44:54 2010] [error] [client 72.11.128.37] File does not exist: /var/www/3ezbids.com/web/mysql-admin
[Thu Sep 23 08:26:56 2010] [error] [client 99.198.52.181] File does not exist:
Please help explain this and what to do, its happening all over my server and my clients that run businesses on this are having the 500 errors, for give me for being ignorant but you have to learn somehow right?
Reply With Quote
Sponsored Links
 

Bookmarks

Tags
hacked, ispconfig 3, probed, probing, spam

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +2. The time now is 13:55.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.