aïe je flippe !
8 messages • Page 1 sur 1
Consultez la formation à Google Analytics de WebRankInfo / Ranking Metrics
aïe je flippe !
le Mar Mar 01, 2005 13:31
Salut les gars,
j'ai vraiment besoin de vous, j'ai installé la semaine dernière un dédié (pour la première fois) et je recois les logs ci-dessous par mail.
est ce que vous pouvez m'aider à y comprendre quelque chose car je flippe à fond
et aussi me donner des conseils
################### LogWatch 4.3.2 (02/18/03) ####################
Processing Initiated: Tue Mar 1 04:02:02 2005
Date Range Processed: yesterday
Detail Level of Output: 0
##################
--------------------- PAM_pwdb Begin ------------------------
Opened Sessions:
Service: ftp
User xxxxxxxx - 7 Time(s)
1) ca veut dire qu'il y a eu 7 connections sur le ftp ?
---------------------- PAM_pwdb End -------------------------
--------------------- pam_unix Begin ------------------------
sshd:
Invalid Users:
Unknown Account: 68 Time(s)
2) on a essayer 68 fois de rentrer en ssh ?
3) y a t'il un risque et si oui que puis faire ?
Authentication Failures:
root (hsdbpa69-11-82-80.sasknet.sk.ca ): 8 Time(s)
unknown (www.o-view.com.tw ): 65 Time(s)
root (62.193.226.4 ): 8 Time(s)
unknown (221.115.123.27 ): 3 Time(s)
root (220.194.58.113 ): 2 Time(s)
mail (www.o-view.com.tw ): 1 Time(s)
---------------------- pam_unix End -------------------------
--------------------- Connections (secure-log) Begin ------------------------
Connections:
Service ftp:
193.251.32.103: 7 Time(s)
Service smtp:
12.210.180.40: 1 Time(s)
24.30.126.158: 1 Time(s)
61.80.47.242: 1 Time(s)
67.183.24.225: 1 Time(s)
82.9.95.199: 1 Time(s)
84.97.114.247: 140 Time(s)
4) quelqu'un aurait il envoyé 140 mails grace à mon serveur ?
5) si oui comment ? le mode "relay smtp" est fermé !
194.149.160.8: 1 Time(s)
203.144.143.6: 1 Time(s)
207.114.181.2: 1 Time(s)
210.181.99.139: 1 Time(s)
212.46.17.154: 1 Time(s)
217.27.90.134: 1 Time(s)
218.79.84.225: 1 Time(s)
218.190.72.39: 1 Time(s)
219.137.235.124: 1 Time(s)
222.98.226.199: 1 Time(s)
---------------------- Connections (secure-log) End -------------------------
--------------------- SSHD Begin ------------------------
Failed logins from these:
admin/password from 221.115.123.27: 1 Time(s)
andrew/password from 61.62.22.219: 2 Time(s)
angel/password from 61.62.22.219: 1 Time(s)
barbara/password from 61.62.22.219: 1 Time(s)
betty/password from 61.62.22.219: 1 Time(s)
billy/password from 61.62.22.219: 2 Time(s)
brandon/password from 61.62.22.219: 2 Time(s)
brian/password from 61.62.22.219: 1 Time(s)
buddy/password from 61.62.22.219: 1 Time(s)
carmen/password from 61.62.22.219: 2 Time(s)
charlie/password from 61.62.22.219: 2 Time(s)
connect/password from 61.62.22.219: 1 Time(s)
credit/password from 61.62.22.219: 1 Time(s)
daniel/password from 61.62.22.219: 2 Time(s)
david/password from 61.62.22.219: 2 Time(s)
dog/password from 61.62.22.219: 1 Time(s)
emily/password from 61.62.22.219: 1 Time(s)
eric/password from 61.62.22.219: 1 Time(s)
fire/password from 61.62.22.219: 1 Time(s)
god/password from 61.62.22.219: 1 Time(s)
guest/password from 221.115.123.27: 1 Time(s)
horse/password from 61.62.22.219: 1 Time(s)
host/password from 61.62.22.219: 1 Time(s)
info/password from 61.62.22.219: 1 Time(s)
jane/password from 61.62.22.219: 1 Time(s)
jason/password from 61.62.22.219: 2 Time(s)
jeremy/password from 61.62.22.219: 1 Time(s)
joe/password from 61.62.22.219: 1 Time(s)
johnny/password from 61.62.22.219: 1 Time(s)
jordan/password from 61.62.22.219: 2 Time(s)
justin/password from 61.62.22.219: 2 Time(s)
larisa/password from 61.62.22.219: 1 Time(s)
lion/password from 61.62.22.219: 2 Time(s)
local/password from 61.62.22.219: 1 Time(s)
lucy/password from 61.62.22.219: 1 Time(s)
magic/password from 61.62.22.219: 2 Time(s)
mail/password from 61.62.22.219: 1 Time(s)
manager/password from 61.62.22.219: 1 Time(s)
maria/password from 61.62.22.219: 1 Time(s)
max/password from 61.62.22.219: 1 Time(s)
michael/password from 61.62.22.219: 2 Time(s)
nicholas/password from 61.62.22.219: 1 Time(s)
nicole/password from 61.62.22.219: 2 Time(s)
nokia/password from 61.62.22.219: 1 Time(s)
robin/password from 61.62.22.219: 1 Time(s)
root/password from 220.194.58.113: 2 Time(s)
root/password from 62.193.226.4: 8 Time(s)
root/password from 69.11.82.80: 8 Time(s)
rose/password from 61.62.22.219: 1 Time(s)
sparc/password from 61.62.22.219: 1 Time(s)
stephen/password from 61.62.22.219: 1 Time(s)
steven/password from 61.62.22.219: 2 Time(s)
test/password from 221.115.123.27: 1 Time(s)
tom/password from 61.62.22.219: 1 Time(s)
tv/password from 61.62.22.219: 1 Time(s)
vampire/password from 61.62.22.219: 1 Time(s)
william/password from 61.62.22.219: 1 Time(s)
**Unmatched Entries**
Illegal user test from 221.115.123.27
Illegal user guest from 221.115.123.27
Illegal user admin from 221.115.123.27
Illegal user jordan from 61.62.22.219
Illegal user jordan from 61.62.22.219
Illegal user michael from 61.62.22.219
Illegal user michael from 61.62.22.219
Illegal user nicole from 61.62.22.219
Illegal user nicole from 61.62.22.219
Illegal user daniel from 61.62.22.219
Illegal user daniel from 61.62.22.219
Illegal user andrew from 61.62.22.219
Illegal user andrew from 61.62.22.219
Illegal user magic from 61.62.22.219
Illegal user magic from 61.62.22.219
Illegal user lion from 61.62.22.219
Illegal user lion from 61.62.22.219
Illegal user david from 61.62.22.219
Illegal user david from 61.62.22.219
Illegal user jason from 61.62.22.219
Illegal user jason from 61.62.22.219
Illegal user carmen from 61.62.22.219
Illegal user carmen from 61.62.22.219
Illegal user justin from 61.62.22.219
Illegal user justin from 61.62.22.219
Illegal user charlie from 61.62.22.219
Illegal user charlie from 61.62.22.219
Illegal user steven from 61.62.22.219
Illegal user steven from 61.62.22.219
Illegal user brandon from 61.62.22.219
Illegal user brandon from 61.62.22.219
Illegal user brian from 61.62.22.219
Illegal user stephen from 61.62.22.219
Illegal user william from 61.62.22.219
Illegal user angel from 61.62.22.219
Illegal user emily from 61.62.22.219
Illegal user eric from 61.62.22.219
Illegal user joe from 61.62.22.219
Illegal user tom from 61.62.22.219
Illegal user billy from 61.62.22.219
Illegal user buddy from 61.62.22.219
Illegal user jeremy from 61.62.22.219
Illegal user vampire from 61.62.22.219
Illegal user betty from 61.62.22.219
Illegal user max from 61.62.22.219
Illegal user nicholas from 61.62.22.219
Illegal user robin from 61.62.22.219
Illegal user johnny from 61.62.22.219
Illegal user lucy from 61.62.22.219
Illegal user maria from 61.62.22.219
Illegal user rose from 61.62.22.219
Illegal user god from 61.62.22.219
Illegal user barbara from 61.62.22.219
Illegal user larisa from 61.62.22.219
Illegal user jane from 61.62.22.219
Illegal user dog from 61.62.22.219
Illegal user sparc from 61.62.22.219
Illegal user credit from 61.62.22.219
Illegal user info from 61.62.22.219
Illegal user manager from 61.62.22.219
Illegal user horse from 61.62.22.219
Illegal user nokia from 61.62.22.219
Illegal user tv from 61.62.22.219
Illegal user connect from 61.62.22.219
Illegal user fire from 61.62.22.219
Illegal user local from 61.62.22.219
Illegal user host from 61.62.22.219
Illegal user billy from 61.62.22.219
---------------------- SSHD End -------------------------
------------------ Disk Space --------------------
Filesystem Size Used Avail Use% Mounted on
/dev/hda3 73G 1.6G 68G 3% /
/dev/hda1 99M 8.2M 86M 9% /boot
none 117M 0 117M 0% /dev/shm
###################### LogWatch End #########################
j'ai vraiment besoin de vous, j'ai installé la semaine dernière un dédié (pour la première fois) et je recois les logs ci-dessous par mail.
est ce que vous pouvez m'aider à y comprendre quelque chose car je flippe à fond
et aussi me donner des conseils
################### LogWatch 4.3.2 (02/18/03) ####################
Processing Initiated: Tue Mar 1 04:02:02 2005
Date Range Processed: yesterday
Detail Level of Output: 0
##################
--------------------- PAM_pwdb Begin ------------------------
Opened Sessions:
Service: ftp
User xxxxxxxx - 7 Time(s)
1) ca veut dire qu'il y a eu 7 connections sur le ftp ?
---------------------- PAM_pwdb End -------------------------
--------------------- pam_unix Begin ------------------------
sshd:
Invalid Users:
Unknown Account: 68 Time(s)
2) on a essayer 68 fois de rentrer en ssh ?
3) y a t'il un risque et si oui que puis faire ?
Authentication Failures:
root (hsdbpa69-11-82-80.sasknet.sk.ca ): 8 Time(s)
unknown (www.o-view.com.tw ): 65 Time(s)
root (62.193.226.4 ): 8 Time(s)
unknown (221.115.123.27 ): 3 Time(s)
root (220.194.58.113 ): 2 Time(s)
mail (www.o-view.com.tw ): 1 Time(s)
---------------------- pam_unix End -------------------------
--------------------- Connections (secure-log) Begin ------------------------
Connections:
Service ftp:
193.251.32.103: 7 Time(s)
Service smtp:
12.210.180.40: 1 Time(s)
24.30.126.158: 1 Time(s)
61.80.47.242: 1 Time(s)
67.183.24.225: 1 Time(s)
82.9.95.199: 1 Time(s)
84.97.114.247: 140 Time(s)
4) quelqu'un aurait il envoyé 140 mails grace à mon serveur ?
5) si oui comment ? le mode "relay smtp" est fermé !
194.149.160.8: 1 Time(s)
203.144.143.6: 1 Time(s)
207.114.181.2: 1 Time(s)
210.181.99.139: 1 Time(s)
212.46.17.154: 1 Time(s)
217.27.90.134: 1 Time(s)
218.79.84.225: 1 Time(s)
218.190.72.39: 1 Time(s)
219.137.235.124: 1 Time(s)
222.98.226.199: 1 Time(s)
---------------------- Connections (secure-log) End -------------------------
--------------------- SSHD Begin ------------------------
Failed logins from these:
admin/password from 221.115.123.27: 1 Time(s)
andrew/password from 61.62.22.219: 2 Time(s)
angel/password from 61.62.22.219: 1 Time(s)
barbara/password from 61.62.22.219: 1 Time(s)
betty/password from 61.62.22.219: 1 Time(s)
billy/password from 61.62.22.219: 2 Time(s)
brandon/password from 61.62.22.219: 2 Time(s)
brian/password from 61.62.22.219: 1 Time(s)
buddy/password from 61.62.22.219: 1 Time(s)
carmen/password from 61.62.22.219: 2 Time(s)
charlie/password from 61.62.22.219: 2 Time(s)
connect/password from 61.62.22.219: 1 Time(s)
credit/password from 61.62.22.219: 1 Time(s)
daniel/password from 61.62.22.219: 2 Time(s)
david/password from 61.62.22.219: 2 Time(s)
dog/password from 61.62.22.219: 1 Time(s)
emily/password from 61.62.22.219: 1 Time(s)
eric/password from 61.62.22.219: 1 Time(s)
fire/password from 61.62.22.219: 1 Time(s)
god/password from 61.62.22.219: 1 Time(s)
guest/password from 221.115.123.27: 1 Time(s)
horse/password from 61.62.22.219: 1 Time(s)
host/password from 61.62.22.219: 1 Time(s)
info/password from 61.62.22.219: 1 Time(s)
jane/password from 61.62.22.219: 1 Time(s)
jason/password from 61.62.22.219: 2 Time(s)
jeremy/password from 61.62.22.219: 1 Time(s)
joe/password from 61.62.22.219: 1 Time(s)
johnny/password from 61.62.22.219: 1 Time(s)
jordan/password from 61.62.22.219: 2 Time(s)
justin/password from 61.62.22.219: 2 Time(s)
larisa/password from 61.62.22.219: 1 Time(s)
lion/password from 61.62.22.219: 2 Time(s)
local/password from 61.62.22.219: 1 Time(s)
lucy/password from 61.62.22.219: 1 Time(s)
magic/password from 61.62.22.219: 2 Time(s)
mail/password from 61.62.22.219: 1 Time(s)
manager/password from 61.62.22.219: 1 Time(s)
maria/password from 61.62.22.219: 1 Time(s)
max/password from 61.62.22.219: 1 Time(s)
michael/password from 61.62.22.219: 2 Time(s)
nicholas/password from 61.62.22.219: 1 Time(s)
nicole/password from 61.62.22.219: 2 Time(s)
nokia/password from 61.62.22.219: 1 Time(s)
robin/password from 61.62.22.219: 1 Time(s)
root/password from 220.194.58.113: 2 Time(s)
root/password from 62.193.226.4: 8 Time(s)
root/password from 69.11.82.80: 8 Time(s)
rose/password from 61.62.22.219: 1 Time(s)
sparc/password from 61.62.22.219: 1 Time(s)
stephen/password from 61.62.22.219: 1 Time(s)
steven/password from 61.62.22.219: 2 Time(s)
test/password from 221.115.123.27: 1 Time(s)
tom/password from 61.62.22.219: 1 Time(s)
tv/password from 61.62.22.219: 1 Time(s)
vampire/password from 61.62.22.219: 1 Time(s)
william/password from 61.62.22.219: 1 Time(s)
**Unmatched Entries**
Illegal user test from 221.115.123.27
Illegal user guest from 221.115.123.27
Illegal user admin from 221.115.123.27
Illegal user jordan from 61.62.22.219
Illegal user jordan from 61.62.22.219
Illegal user michael from 61.62.22.219
Illegal user michael from 61.62.22.219
Illegal user nicole from 61.62.22.219
Illegal user nicole from 61.62.22.219
Illegal user daniel from 61.62.22.219
Illegal user daniel from 61.62.22.219
Illegal user andrew from 61.62.22.219
Illegal user andrew from 61.62.22.219
Illegal user magic from 61.62.22.219
Illegal user magic from 61.62.22.219
Illegal user lion from 61.62.22.219
Illegal user lion from 61.62.22.219
Illegal user david from 61.62.22.219
Illegal user david from 61.62.22.219
Illegal user jason from 61.62.22.219
Illegal user jason from 61.62.22.219
Illegal user carmen from 61.62.22.219
Illegal user carmen from 61.62.22.219
Illegal user justin from 61.62.22.219
Illegal user justin from 61.62.22.219
Illegal user charlie from 61.62.22.219
Illegal user charlie from 61.62.22.219
Illegal user steven from 61.62.22.219
Illegal user steven from 61.62.22.219
Illegal user brandon from 61.62.22.219
Illegal user brandon from 61.62.22.219
Illegal user brian from 61.62.22.219
Illegal user stephen from 61.62.22.219
Illegal user william from 61.62.22.219
Illegal user angel from 61.62.22.219
Illegal user emily from 61.62.22.219
Illegal user eric from 61.62.22.219
Illegal user joe from 61.62.22.219
Illegal user tom from 61.62.22.219
Illegal user billy from 61.62.22.219
Illegal user buddy from 61.62.22.219
Illegal user jeremy from 61.62.22.219
Illegal user vampire from 61.62.22.219
Illegal user betty from 61.62.22.219
Illegal user max from 61.62.22.219
Illegal user nicholas from 61.62.22.219
Illegal user robin from 61.62.22.219
Illegal user johnny from 61.62.22.219
Illegal user lucy from 61.62.22.219
Illegal user maria from 61.62.22.219
Illegal user rose from 61.62.22.219
Illegal user god from 61.62.22.219
Illegal user barbara from 61.62.22.219
Illegal user larisa from 61.62.22.219
Illegal user jane from 61.62.22.219
Illegal user dog from 61.62.22.219
Illegal user sparc from 61.62.22.219
Illegal user credit from 61.62.22.219
Illegal user info from 61.62.22.219
Illegal user manager from 61.62.22.219
Illegal user horse from 61.62.22.219
Illegal user nokia from 61.62.22.219
Illegal user tv from 61.62.22.219
Illegal user connect from 61.62.22.219
Illegal user fire from 61.62.22.219
Illegal user local from 61.62.22.219
Illegal user host from 61.62.22.219
Illegal user billy from 61.62.22.219
---------------------- SSHD End -------------------------
------------------ Disk Space --------------------
Filesystem Size Used Avail Use% Mounted on
/dev/hda3 73G 1.6G 68G 3% /
/dev/hda1 99M 8.2M 86M 9% /boot
none 117M 0 117M 0% /dev/shm
###################### LogWatch End #########################
Dernière édition par caro le Mar Mar 01, 2005 14:12, édité 1 fois.
le Mar Mar 01, 2005 13:37
1) oui et tu as le user
2) oui
3) choisi des mots de passe complexe ( lettres, chiffres et symbôles cabalistiques ).
Tu pourrais aussi limiter l'accès SSH à ton IP, à ne pas faire si tu as une IP dynamique.
4) il y a eu 140 connections à ton serveur mail, cela ne dit pas que tout les mails ont été accepté en dépôt, et encore moins qu'il y a eu du relais.
Maintenant que tu as un dédié, n'oublies pas de mettre les mises à jours de sécurités, de bien vérifier tes users/passwords...
2) oui
3) choisi des mots de passe complexe ( lettres, chiffres et symbôles cabalistiques ).
Tu pourrais aussi limiter l'accès SSH à ton IP, à ne pas faire si tu as une IP dynamique.
4) il y a eu 140 connections à ton serveur mail, cela ne dit pas que tout les mails ont été accepté en dépôt, et encore moins qu'il y a eu du relais.
Maintenant que tu as un dédié, n'oublies pas de mettre les mises à jours de sécurités, de bien vérifier tes users/passwords...
le Mar Mar 01, 2005 13:46
On a scanné ta bécanne tout simplement.
Un conseil, bloque les requêtes ICMP si ca ne gêne pas les applis qui tournent sur ton serveur. Pour plus de sécurité tu peux modifier les ports par défaut des services, c'est un sécurité de plus contre les scanneurs ...
Un conseil, bloque les requêtes ICMP si ca ne gêne pas les applis qui tournent sur ton serveur. Pour plus de sécurité tu peux modifier les ports par défaut des services, c'est un sécurité de plus contre les scanneurs ...
le Mar Mar 01, 2005 14:19
rituel a écrit:c'est un sécurité de plus contre les scanneurs ...
justement Rituel, je voulais changer le port ssh qui est 22.
mais je ne trouve aucune explication,
comment changer de port ssh ?
et quel port choisir à la place ?
merci beaucoup.
caro
le Mar Mar 01, 2005 14:25
caro a écrit:rituel a écrit:c'est un sécurité de plus contre les scanneurs ...
justement Rituel, je voulais changer le port ssh qui est 22.
mais je ne trouve aucune explication,
comment changer de port ssh ?
et quel port choisir à la place ?
merci beaucoup.
caro
tu édites /etc/ssh/sshd_config
Au début tu peux changer l'option :
Port 22
vers autres choses,
puis tu redémarres le services : /etc/init.d/sshd restart ( attention quand tu fais cela, restes connecté et tentes de te connecter dans une autre fenêtre : en cas de problème, tu auras toujours la première connection pour revenir en arrière et annuler tes changements ).
Mais -> si tu te plantes, bah tu peux plus te logguer
Intérêt de changer le port : aucun si tes mots de pass sont bien choisis et que tu suis les mises à jours de sécurité.
Quel port choisir ? quelque chose au dessus de 1000 et qui ne soit pas dans /etc/services
le Mar Mar 01, 2005 14:59
caro a écrit:rituel a écrit:c'est un sécurité de plus contre les scanneurs ...
justement Rituel, je voulais changer le port ssh qui est 22.
mais je ne trouve aucune explication,
comment changer de port ssh ?
et quel port choisir à la place ?
merci beaucoup.
caro
J'utilise le port 4242 souvent....
Sinon c'est a priori dans un fichier sshd_config que tu pourras faire ca....
Avant de toucher a SSH, laisse un moyen de pouvoir rerentrer en cas de conneries, comme Telnet ou un shell.
PS : Sinon tu peux interdire les mots de passes et ne passer que par des clefs, ce que je vais bientot totalement faire sur mes machines....
Les risques deviennent quasi-nulls.
Sinon empecher root de pouvoir se logguer par SSH est aussi une bonne chose. Si un gars tente de bruteforce ton MDP root, il finira par rentrer.
8 messages • Page 1 sur 1
Formation recommandée sur ce thème :
Formation Google Analytics : en 2 jours, apprenez comment exploiter l'essentiel des possibilités de l'outil de mesure d'audience de Google. Formation animée par Julien Coquet, expert certifié officiellement par Google Analytics.
Tous les détails sur le site Ranking Metrics : programme, prix, dates et lieux, inscription en ligne.
Lectures recommandées sur ce thème :
- AÏE AÏE AÏE Grosse chute dans les classements Google
- résolution! taille d'écran! fond adaptable! AIE AIE AIE
- google pour mon site aie aie aie!!!
- Flash aie
- Aïe j'ai tout cassé ...
- Aïe, deux url pour le même site...
- [Système de cache avec fichiers] Milliers de pages, aie ?
- aïe j'ai peut être fait une conner....
Qui est en ligne
Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 0 invités
- Index du forum
- L’équipe du forum • Supprimer les cookies du forum • Heures au format UTC + 1 heure
- Flux RSS de WebRankInfo :
le forum- les articles des dossiers
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
, traduction par phpBB-fr.com, mod SEO par phpbb-seo.com
Contact
Confidentialité