Tema: Re: Problema
Autorius: Bilibobas
Data: 2010-10-15 11:39:19
Va kokiu pas mane buna, kinieciai nerimsta:

Oct 15 08:41:58 www1 sshd[9371]: Failed password for root from 61.168.229.149 port 45366 ssh2
Oct 15 08:42:02 www1 sshd[9373]: Address 61.168.229.149 maps to pc149.zz.ha.cn, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Oct 15 08:42:02 www1 sshd[9373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.168.229.149  user=root
Oct 15 08:42:04 www1 sshd[9373]: Failed password for root from 61.168.229.149 port 45711 ssh2
Oct 15 08:42:07 www1 sshd[9376]: Address 61.168.229.149 maps to pc149.zz.ha.cn, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Oct 15 08:42:07 www1 sshd[9376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.168.229.149  user=root
Oct 15 08:42:09 www1 sshd[9376]: Failed password for root from 61.168.229.149 port 46048 ssh2
Oct 15 08:42:12 www1 sshd[9378]: Address 61.168.229.149 maps to pc149.zz.ha.cn, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Oct 15 08:42:12 www1 sshd[9378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.168.229.149  user=root
Oct 15 08:42:14 www1 sshd[9378]: Failed password for root from 61.168.229.149 port 46429 ssh2
Oct 15 08:42:18 www1 sshd[9380]: Address 61.168.229.149 maps to pc149.zz.ha.cn, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Oct 15 08:42:18 www1 sshd[9380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.168.229.149  user=root
Oct 15 08:42:20 www1 sshd[9380]: Failed password for root from 61.168.229.149 port 46764 ssh2
Oct 15 08:42:23 www1 sshd[9382]: Address 61.168.229.149 maps to pc149.zz.ha.cn, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Oct 15 08:42:23 www1 sshd[9382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.168.229.149  user=root
Oct 15 08:42:25 www1 sshd[9382]: Failed password for root from 61.168.229.149 port 47117 ssh2
Oct 15 08:42:28 www1 sshd[9384]: Address 61.168.229.149 maps to pc149.zz.ha.cn, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Oct 15 08:42:28 www1 sshd[9384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.168.229.149  user=root



"Bilibobas" <kakbubu@tralia.lt> wrote in message news:i993hv$68g$1@trimpas.omnitel.net...
> uzklausos gali eiti, firewallo darbas filtruoti jas. Bet uzklausos neturi uzlenkti sistemos. Pas mane sshd veikia, uzklausu VISADA buna bet jos gyventi netrugdo. Tas pats is su ftpd- pabando prisiloginti ir poto nustoja. Serveris del to nesijaudina.
> Vienintelis blogas variantas kai tu uzklausu buna tikrai daug, kai tave floodina ir atakuoja (DOSina). Cia tada gelbejo ir kokios nors kitokios priemones ir vamzdio storis.
> 
> Tu geriau tikrink, ar i tavo httpd failus neipurske kokio pasalinio kodo. O jei www ten valdomas keliu zmoniu, tai ar kuris nors vartotojas neisitaise kokiu nors virusu.
> 
> Bye, Levas
> 
> "Idomu" <idomus@omnitel.lt> wrote in message news:i99381$5pd$1@trimpas.omnitel.net...
>> tai rodo begale bandymu jungtis prie ssh, bet kad as pakeiciau ssh porta ir 
>> visai servisa sustabdziau, bet va vistiek tos uzklausos eina... nezinau, kur 
>> ieskoti, galite pasiulyti dar ka? p.s. /tmp tai nieko neradau....
>> 
>> "Bilibobas" <kakbubu@tralia.lt> wrote in message 
>> news:i992ib$4k4$1@trimpas.omnitel.net...
>>> nu tai log failas apie problemas. Paziurek kas viduje. O poto galima ir 
>>> istrinti.
>>>
>>> Ieskok blogesniu reikalu.
>>>
>>> "Idomu" <idomus@omnitel.lt> wrote in message 
>>> news:i991q3$35k$1@trimpas.omnitel.net...
>>>> va ka radau /log/var secure 209MB dydzio!!!!! ka daryti?
>>>>
>>>> "arulis" <aruliss@gmail.com> wrote in message
>>>> news:i991gv$2k9$1@trimpas.omnitel.net...
>>>>> tikrink visus /tmp - jau ka idomaus rasi :)
>>>>>
>>>>>
>>>>> Idomu wrote:
>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:41602         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    21698/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:40964         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    13812/sshd:
>>>>>>
>>>>>> tcp        0      0 www.xxx.xxx:41045         www.irrp.org.ua:ircd
>>>>>> ESTABLISHED 30397/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:42836         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    20227/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:43002         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    19599/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:43417         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    4043/sshd:
>>>>>>
>>>>>> tcp        0      0 www.xxx.xxx:http 
>>>>>> 189.115.38.86.ip.erdve:3660
>>>>>> TIME_WAIT   -
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:45617         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    20028/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:47005         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    9362/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:46140         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    28397/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:47833         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    21565/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:47819         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    23774/sshd:
>>>>>>
>>>>>> tcp        0      0 www.xxx.xxx:http 
>>>>>> 189.115.38.86.ip.erdve:3674
>>>>>> TIME_WAIT   -
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:47270         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    13625/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:47324         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    29728/sshd:
>>>>>>
>>>>>> tcp        0      0 www.xxx.xxx:http 
>>>>>> 189.115.38.86.ip.erdve:3676
>>>>>> TIME_WAIT   -
>>>>>>
>>>>>> tcp        0      0 www.xxx.xxx:http 
>>>>>> 189.115.38.86.ip.erdve:3678
>>>>>> TIME_WAIT   -
>>>>>>
>>>>>> tcp        0      0 www.xxx.xxx:http 
>>>>>> 189.115.38.86.ip.erdve:3680
>>>>>> TIME_WAIT   -
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:33525         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    22203/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:32940         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    5330/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:32978         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    18157/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:33198         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    13399/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:35508         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    3577/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:35587         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    30051/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:35605         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    22380/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:35785         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    31830/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:34859         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    32212/sshd:
>>>>>>
>>>>>> tcp        0      0 www.xxx.xxx:35024         www.irrp.org.ua:ircd
>>>>>> ESTABLISHED 32526/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:36842         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    22484/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:35962         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    23776/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:36027         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    32349/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:36177         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    3373/sshd:
>>>>>>
>>>>>> tcp        0      0 www.xxx.xxx:37539         www.irrp.org.ua:ircd
>>>>>> ESTABLISHED 31821/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:37784         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    11581/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:37247         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    25830/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:38662         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    16184/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:38802         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    9790/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:38353         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    26291/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:39881         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    6136/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:39419         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    5884/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:40473         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    29850/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:40569         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    23989/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:40567         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    3972/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:40202         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    15837/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:59192         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    7838/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:59389         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    1913/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:59829         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    13610/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:60745         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    20008/sshd:
>>>>>>
>>>>>> tcp        0      0 www.xxx.xxx:http 
>>>>>> 189.115.38.86.ip.erdve:3607
>>>>>> TIME_WAIT   -
>>>>>>
>>>>>> tcp        0      0 www.xxx.xxx:http 
>>>>>> 189.115.38.86.ip.erdve:3611
>>>>>> TIME_WAIT   -
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:49760         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    32493/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:49675         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    1801/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:49828         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    11630/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:49362         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    18315/sshd:
>>>>>>
>>>>>> tcp        0      0 www.xxx.xxx:http 
>>>>>> 189.115.38.86.ip.erdve:3618
>>>>>> TIME_WAIT   -
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:49409         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    26615/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:49421         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    31988/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:50995         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    26518/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:51000         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    24558/sshd:
>>>>>>
>>>>>>
>>>>>>
>>>>>> va matau koki bruda, tai bando jungtis is www.irrp.org.ua:ircd sshu i
>>>>>> mano
>>>>>> www.xxx.xxx skirtingu portu.... Kaip praspresti sita reikala... sakysit
>>>>>> firewall apsirastyti, centos nerases, tik turiu debiabn firewall
>>>>>> prabandyta, kaip ispresti sita reikala?
>>>>>>
>>>>>>
>>>>>> "bertas" <bertas@freemail.lt> wrote in message
>>>>>> news:i98vm1$v26$1@trimpas.omnitel.net...
>>>>>>> Man panaiai bna, bet irgi nerandu prieasties.
>>>>>>> Tik pas mane, kiek suprantu apache visk suvalgo.
>>>>>>> Tiesa iek tiek situacija pasitais, kai ijungiau clamav.
>>>>>>> Bet iaip randomu kart  par, ar  savait randu serv
>>>>>>> (virtual) pakibus - visas RAM sunaudotas, procesorius dirba 100%.
>>>>>>> Nerandu problemos sprendimo. Tame servery pagrinde veikia apache, kiti
>>>>>>> servisai kituose virtualiuose servuose. Jei kas susidr su tuo bt
>>>>>>> gerai, kad duotumt mini. Blogiausia, kad negaliu prognozuoti kada
>>>>>>> tai atsitiks...
>>>>>>> 2010.10.15 09:44, arulis ra:
>>>>>>>> netstat -atp
>>>>>>>
>>>>>
>>>>
>>>> 
>> 
>>
+bsd: dovanelemix2010-11-22 21:05
+file securitymykolas2010-11-22 19:20
+Xen triukasbertas2010-11-21 20:05
+LINUX ir Bites VMC. Padekit laimetinews-omni2010-11-19 20:56
+VirtualizacijaLiu2010-11-19 01:01
+HDD ERR UNCVilius Jakas2010-11-18 19:10
+Bacula ir TS2900lingus2010-11-17 12:58
+Q: .htaccessbambukas2010-11-17 12:56
+openvzatlaikes antanas2010-11-11 23:04
dell vostro 1500 ir vidinis IRDAhangover2010-11-09 23:34
+Interneto srauto stebejimasccc2010-11-09 10:27
+mceditGiedrius2010-11-05 17:48
+Failų apsauga nuo kopijavimoFlycat2010-11-05 10:23
+hosting control panelmix2010-11-04 09:23
+ext4 suformatuotos particijos atstatymasvytjon2010-11-02 13:31
+Web serveris ir rašymo teisės į diskąbullka2010-11-02 10:36
+debian raid installerisandrws2010-10-27 18:12
+Priėjimo kontrolėHyperlink2010-10-26 12:38
+Nelabai unix, bet : ar yra normalus ext3 supportas po windowsais?meska2010-10-22 09:00
Iceweasel + lietuvybėSigun2010-10-20 14:43
+Ubuntu 10.10 Netbook editionVasaris2010-10-15 21:29
-Problemapaprastas2010-10-14 21:46
Re: ProblemaDidzkis2010-10-18 14:26
Re: ProblemaIdomu2010-10-21 12:35
Re: Problemapaprastas2010-10-14 22:05
Re: ProblemaDidzkis2010-10-15 09:28
Re: Problemaarulis2010-10-15 09:43
Re: Problemabertas2010-10-15 10:25
Re: ProblemaDunduk@s2010-10-15 10:42
Re: ProblemaIdomu2010-10-15 10:49
Re: ProblemaDunduk@s2010-10-15 10:59
Re: ProblemaIdomu2010-10-15 11:12
Re: ProblemaIdomu2010-10-15 10:37
Re: ProblemaNicMC2010-10-17 23:19
Re: ProblemaDidzkis2010-10-15 14:36
Re: Problemaejs2010-10-15 13:02
Re: ProblemaIdomu2010-10-15 13:07
Re: ProblemaTadas2010-10-15 18:06
Re: Problemaejs2010-10-15 13:24
Re: Problemanews-omni2010-10-15 12:11
Re: Problemaarulis2010-10-15 14:12
Re: Problemaejs2010-10-15 12:45
Re: ProblemaIdomu2010-10-15 12:53
Re: ProblemaDidzkis2010-10-15 14:44
Re: Problemaarulis2010-10-15 10:57
Re: Problemaarulis2010-10-15 11:49
Re: ProblemaIdomu2010-10-15 11:58
Re: Problemaarulis2010-10-15 12:03
Re: ProblemaIdomu2010-10-15 13:00
Re: Problemaarulis2010-10-15 14:00
Re: Problemaarulis2010-10-15 14:20
Re: Problemaejs2010-10-15 14:25
Re: Problemaarulis2010-10-15 14:35
Re: Problemaejs2010-10-15 14:45
Re: Problemaarulis2010-10-15 14:55
Re: Problemaejs2010-10-15 13:03
Re: ProblemaIdomu2010-10-15 11:02
Re: ProblemaBilibobas2010-10-15 11:15
Re: ProblemaIdomu2010-10-15 11:26
Re: ProblemaBilibobas2010-10-15 11:31
Re: ProblemaIdomu2010-10-15 11:44
Re: ProblemaLevas2010-10-15 17:17
Re: ProblemaBilibobas2010-10-15 11:39
Re: Problemahangover2010-10-15 12:45
Re: ProblemaLevas2010-10-15 17:16
Re: ProblemaBilibobas2010-10-15 10:40
Re: ProblemaIdomu2010-10-15 10:45
Re: Problemanews-omni2010-10-15 11:54
+Ubuntu 64 bitai ir vaizdasno2010-10-11 14:32
Dilma Roussefnão acredita em DEUS 74697Dilma Roussef2010-10-09 05:31
+Q: LINUX -> senam pc P3/256/8mgvideoJohn Smith2010-10-04 13:24
+gedit shortcut'asMaug Lee2010-10-02 14:30
+Q: freebsd timebambukas2010-09-30 12:01
+xbmc live cd problemadonisg2010-09-28 23:50
Rosetta Stone Language CDklwn2010-09-28 08:33
+tinklinio disko mountmonaxas2010-09-20 20:27
+blogai, portalai apie linux administravimamykolas2010-09-18 16:14
+xfce4 ir LTbambukas2010-09-15 08:14
+Kaip nustatyt kas istrina failus serveryje?klausiu2010-09-13 10:59
+Mac OSX DVD kopijavimas i hdd per windowsm.k.2010-09-13 10:14
+smtp serveris namuosemykolas2010-09-12 12:03
+Linux perkelimas i esxiValierka2010-09-10 14:08
+Klausimas naujokoAlgirdas2010-09-08 13:48
+OT Linux distribucija....Mr.T2010-09-03 18:18
+Ubuntu 10.04 ekranasVitas2010-09-02 11:38
+Mokyklos intranetuiS.2010-09-01 17:50
+xfce rezoliucijabambukas2010-09-01 16:08
+Freebsd +assp, subject perasymo problemaRamunas A.2010-09-01 12:45
+FIREWALLIdomu2010-08-30 14:53
autocad electrical 2010 autodesk full download crack torrent j.couDo_ieecm2001 winols cpwin rapidshare torrent<ecm2001.winols@free-downloads.com>2010-08-25 23:45