Anzeige:
Ergebnis 1 bis 4 von 4

Thema: gehackt?

  1. #1
    Registrierter Benutzer
    Registriert seit
    Feb 2003
    Beiträge
    208

    gehackt?

    hi!

    ich schaue gerade so ganz routinemäßig in meine logs und da steht unter var/logs/messages fast nichts mehr. jetzt habe ich festgestellt, dass heute morgen um 4:15 uhr syslogd neugestartet wurde, obwohl da definitiv niemand auf dem server war. ich war erst um 6.50 uhr auf dem server. ist das normal?

    alles was das logfile noch enthält ist
    Code:
    Oct 20 04:15:00 server syslogd 1.4.1: restart.
    Oct 20 04:15:00 server su: (to nobody) root on none
    Oct 20 04:15:00 server su: pam_unix2: session started for user nobody, service su 
    Oct 20 04:15:01 server su: pam_unix2: session finished for user nobody, service su 
    Oct 20 04:18:03 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=195.92.95.94 DST=212.227.214.118 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=62459 DF PROTO=TCP SPT=1797 DPT=80 WINDOW=32768 RES=0x00 SYN URGP=0 OPT (020405B4010303000101080A24E9D8C600000000) 
    Oct 20 04:18:03 server kernel: klogd 1.4.1, ---------- state change ---------- 
    Oct 20 04:18:03 server kernel: Inspecting /boot/System.map-2.6.5-7.108-default
    Oct 20 04:18:03 server kernel: Loaded 23748 symbols from /boot/System.map-2.6.5-7.108-default.
    Oct 20 04:18:03 server kernel: Symbols match kernel version 2.6.5.
    Oct 20 04:18:03 server kernel: No module symbols loaded - kernel modules not enabled. 
    Oct 20 04:23:20 server kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=63.250.25.185 DST=212.227.214.118 LEN=78 TOS=0x00 PREC=0x00 TTL=115 ID=42487 PROTO=UDP SPT=1027 DPT=137 LEN=58 
    Oct 20 04:30:56 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=210.122.45.105 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=105 ID=33880 DF PROTO=TCP SPT=1836 DPT=25 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B401010402) 
    Oct 20 04:32:23 server master[11579]: about to exec /usr/lib/cyrus/bin/ctl_cyrusdb
    Oct 20 04:32:23 server ctl_cyrusdb[11579]: checkpointing cyrus databases
    Oct 20 04:32:23 server ctl_cyrusdb[11579]: archiving database file: /var/lib/imap/annotations.db
    Oct 20 04:32:23 server ctl_cyrusdb[11579]: archiving log file: /var/lib/imap/db/log.0000000001
    Oct 20 04:32:23 server ctl_cyrusdb[11579]: archiving database file: /var/lib/imap/mailboxes.db
    Oct 20 04:32:23 server ctl_cyrusdb[11579]: archiving log file: /var/lib/imap/db/log.0000000001
    Oct 20 04:32:23 server ctl_cyrusdb[11579]: done checkpointing cyrus databases
    Oct 20 04:32:23 server master[2696]: process 11579 exited, status 0
    Oct 20 04:40:39 server kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=213.238.112.213 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=52655 PROTO=TCP SPT=26730 DPT=445 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405B401010402) 
    Oct 20 04:41:28 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=195.92.95.61 DST=212.227.214.118 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=42085 DF PROTO=TCP SPT=38650 DPT=80 WINDOW=57344 RES=0x00 SYN URGP=0 OPT (020405B4010303000101080A0D469BF200000000) 
    Oct 20 04:49:21 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=68.203.138.5 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=103 ID=21107 DF PROTO=TCP SPT=3360 DPT=25 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (0204059C01010402) 
    Oct 20 04:59:00 server /USR/SBIN/CRON[11603]: (root) CMD ( rm -f /var/spool/cron/lastrun/cron.hourly) 
    Oct 20 05:02:23 server master[11622]: about to exec /usr/lib/cyrus/bin/ctl_cyrusdb
    Oct 20 05:02:23 server ctl_cyrusdb[11622]: checkpointing cyrus databases
    Oct 20 05:02:23 server ctl_cyrusdb[11622]: archiving database file: /var/lib/imap/annotations.db
    Oct 20 05:02:23 server ctl_cyrusdb[11622]: archiving log file: /var/lib/imap/db/log.0000000001
    Oct 20 05:02:23 server ctl_cyrusdb[11622]: archiving database file: /var/lib/imap/mailboxes.db
    Oct 20 05:02:23 server ctl_cyrusdb[11622]: archiving log file: /var/lib/imap/db/log.0000000001
    Oct 20 05:02:23 server ctl_cyrusdb[11622]: done checkpointing cyrus databases
    Oct 20 05:02:23 server master[2696]: process 11622 exited, status 0
    Oct 20 05:12:24 server -- MARK --
    Oct 20 05:17:00 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=68.123.18.75 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=15548 DF PROTO=TCP SPT=4648 DPT=25 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402) 
    Oct 20 05:17:09 server master[11651]: about to exec /usr/lib/cyrus/bin/lmtpd
    Oct 20 05:17:09 server lmtpunix[11651]: executed
    Oct 20 05:17:09 server lmtpunix[11651]: accepted connection
    Oct 20 05:17:09 server lmtpunix[11651]: lmtp connection preauth'd as postman
    Oct 20 05:17:09 server lmtpunix[11651]: IOERROR: fstating sieve script /var/lib/sieve/s/sew_mail_0001/defaultbc: No such file or directory
    Oct 20 05:17:09 server lmtpunix[11651]: duplicate_check: <9a5c01c4b654$47ac6578$4d213c8a@ts-group.fi> user.sew_mail_0001   0
    Oct 20 05:17:10 server lmtpunix[11651]: mystore: starting txn 2147483899
    Oct 20 05:17:10 server lmtpunix[11651]: mystore: committing txn 2147483899
    Oct 20 05:17:10 server lmtpunix[11651]: duplicate_mark: <9a5c01c4b654$47ac6578$4d213c8a@ts-group.fi> user.sew_mail_0001   1098242229 78
    Oct 20 05:18:10 server master[2696]: process 11651 exited, status 0
    Oct 20 05:32:23 server master[11671]: about to exec /usr/lib/cyrus/bin/ctl_cyrusdb
    Oct 20 05:32:23 server ctl_cyrusdb[11671]: checkpointing cyrus databases
    Oct 20 05:32:23 server ctl_cyrusdb[11671]: archiving database file: /var/lib/imap/annotations.db
    Oct 20 05:32:23 server ctl_cyrusdb[11671]: archiving log file: /var/lib/imap/db/log.0000000001
    Oct 20 05:32:23 server ctl_cyrusdb[11671]: archiving database file: /var/lib/imap/mailboxes.db
    Oct 20 05:32:23 server ctl_cyrusdb[11671]: archiving log file: /var/lib/imap/db/log.0000000001
    Oct 20 05:32:23 server ctl_cyrusdb[11671]: done checkpointing cyrus databases
    Oct 20 05:32:23 server master[2696]: process 11671 exited, status 0
    Oct 20 05:37:06 server kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=213.236.154.64 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=30735 DF PROTO=TCP SPT=1449 DPT=135 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B401010402) 
    Oct 20 05:37:09 server kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=213.236.154.64 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=31002 DF PROTO=TCP SPT=1449 DPT=135 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B401010402) 
    Oct 20 05:38:46 server kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=210.196.41.165 DST=212.227.214.118 LEN=78 TOS=0x00 PREC=0x00 TTL=106 ID=53808 PROTO=UDP SPT=40124 DPT=137 LEN=58 
    Oct 20 05:43:14 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=61.81.118.182 DST=212.227.214.118 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=34378 DF PROTO=TCP SPT=34676 DPT=21 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40402080A00E9DE7D0000000001030300) 
    Oct 20 05:43:15 server in.proftpd[11675]: connect from 61.81.118.182 (61.81.118.182)
    Oct 20 05:43:15 server proftpd[11675]: server.domain.de (61.81.118.182[61.81.118.182]) - FTP session opened. 
    Oct 20 05:43:15 server proftpd[11675]: server.domain.de (61.81.118.182[61.81.118.182]) - FTP session closed. 
    Oct 20 05:59:00 server /USR/SBIN/CRON[11695]: (root) CMD ( rm -f /var/spool/cron/lastrun/cron.hourly) 
    Oct 20 06:00:12 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=61.234.104.28 DST=212.227.214.118 LEN=60 TOS=0x00 PREC=0x00 TTL=37 ID=24038 DF PROTO=TCP SPT=60564 DPT=21 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40402080A0E46AC420000000001030300) 
    Oct 20 06:00:13 server in.proftpd[11714]: connect from 61.234.104.28 (61.234.104.28)
    Oct 20 06:00:13 server proftpd[11714]: server.domain.de (61.234.104.28[61.234.104.28]) - FTP session opened. 
    Oct 20 06:00:13 server proftpd[11714]: server.domain.de (61.234.104.28[61.234.104.28]) - FTP session closed. 
    Oct 20 06:02:23 server master[11715]: about to exec /usr/lib/cyrus/bin/ctl_cyrusdb
    Oct 20 06:02:23 server ctl_cyrusdb[11715]: checkpointing cyrus databases
    Oct 20 06:02:23 server ctl_cyrusdb[11715]: archiving database file: /var/lib/imap/annotations.db
    Oct 20 06:02:23 server ctl_cyrusdb[11715]: archiving log file: /var/lib/imap/db/log.0000000001
    Oct 20 06:02:23 server ctl_cyrusdb[11715]: archiving database file: /var/lib/imap/mailboxes.db
    Oct 20 06:02:23 server ctl_cyrusdb[11715]: archiving log file: /var/lib/imap/db/log.0000000001
    Oct 20 06:02:23 server ctl_cyrusdb[11715]: done checkpointing cyrus databases
    Oct 20 06:02:23 server master[2696]: process 11715 exited, status 0
    Oct 20 06:07:18 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=61.82.169.197 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=1256 DF PROTO=TCP SPT=3116 DPT=25 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402) 
    Oct 20 06:07:48 server kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=61.112.171.185 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=54926 DF PROTO=TCP SPT=3045 DPT=135 WINDOW=8760 RES=0x00 SYN URGP=0 OPT (020405B401010402) 
    Oct 20 06:09:30 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=219.238.232.104 DST=212.227.214.118 LEN=60 TOS=0x00 PREC=0x00 TTL=38 ID=57959 DF PROTO=TCP SPT=49417 DPT=21 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40402080A10D12F500000000001030300) 
    Oct 20 06:09:30 server in.proftpd[11720]: connect from 219.238.232.104 (219.238.232.104)
    Oct 20 06:09:30 server proftpd[11720]: server.domain.de (219.238.232.104[219.238.232.104]) - FTP session opened. 
    Oct 20 06:09:31 server proftpd[11720]: server.domain.de (219.238.232.104[219.238.232.104]) - FTP session closed.
    Oct 20 06:11:50 server kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=200.66.158.209 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=42491 DF PROTO=TCP SPT=3502 DPT=17300 WINDOW=8760 RES=0x00 SYN URGP=0 OPT (020405B401010402) 
    Oct 20 06:11:53 server kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=200.66.158.209 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=42677 DF PROTO=TCP SPT=3502 DPT=17300 WINDOW=8760 RES=0x00 SYN URGP=0 OPT (020405B401010402) 
    Oct 20 06:13:22 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=220.190.81.129 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=102 ID=15769 DF PROTO=TCP SPT=3384 DPT=25 WINDOW=64800 RES=0x00 SYN URGP=0 OPT (020405A001010402) 
    Oct 20 06:13:25 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=220.190.81.129 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=102 ID=16404 DF PROTO=TCP SPT=3384 DPT=25 WINDOW=64800 RES=0x00 SYN URGP=0 OPT (020405A001010402) 
    Oct 20 06:32:23 server master[11763]: about to exec /usr/lib/cyrus/bin/ctl_cyrusdb
    Oct 20 06:32:23 server ctl_cyrusdb[11763]: checkpointing cyrus databases
    Oct 20 06:32:23 server ctl_cyrusdb[11763]: archiving database file: /var/lib/imap/annotations.db
    Oct 20 06:32:23 server ctl_cyrusdb[11763]: archiving log file: /var/lib/imap/db/log.0000000001
    Oct 20 06:32:23 server ctl_cyrusdb[11763]: archiving database file: /var/lib/imap/mailboxes.db
    Oct 20 06:32:23 server ctl_cyrusdb[11763]: archiving log file: /var/lib/imap/db/log.0000000001
    Oct 20 06:32:23 server ctl_cyrusdb[11763]: done checkpointing cyrus databases
    Oct 20 06:32:23 server master[2696]: process 11763 exited, status 0
    Oct 20 06:43:44 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=80.139.51.153 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=52 ID=8378 DF PROTO=TCP SPT=55582 DPT=143 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405A401010402) 
    Oct 20 06:43:44 server master[11767]: about to exec /usr/lib/cyrus/bin/imapd
    Oct 20 06:43:44 server imap[11767]: executed
    Oct 20 06:43:44 server imap[11767]: accepted connection
    Oct 20 06:43:44 server imap[11767]: OTP unavailable because can't read/write key database /etc/opiekeys: No such file or directory
    Oct 20 06:43:44 server PAM-warn[2487]: function=[pam_sm_authenticate] service=[imap] terminal=[<unknown>] user=[sew_mail_0001] ruser=[<unknown>] rhost=[<unknown>] 
    Oct 20 06:43:44 server PAM-warn[2487]: function=[pam_sm_acct_mgmt] service=[imap] terminal=[<unknown>] user=[sew_mail_0001] ruser=[<unknown>] rhost=[<unknown>] 
    Oct 20 06:43:44 server imap[11767]: login: p508B3399.dip.t-dialin.net [80.139.51.153] sew_mail_0001 plaintext 
    Oct 20 06:43:45 server imap[11767]: seen_db: user sew_mail_0001 opened /var/lib/imap/user/s/sew_mail_0001.seen
    Oct 20 06:43:45 server imap[11767]: open: user sew_mail_0001 opened INBOX
    Oct 20 06:43:51 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=80.139.51.153 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=52 ID=8504 DF PROTO=TCP SPT=55583 DPT=143 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405A401010402) 
    Oct 20 06:43:51 server master[11768]: about to exec /usr/lib/cyrus/bin/imapd
    Oct 20 06:43:51 server imap[11768]: executed
    Oct 20 06:43:51 server imap[11768]: accepted connection
    Oct 20 06:43:51 server PAM-warn[2529]: function=[pam_sm_authenticate] service=[imap] terminal=[<unknown>] user=[sew_mail_0001] ruser=[<unknown>] rhost=[<unknown>] 
    Oct 20 06:43:51 server PAM-warn[2529]: function=[pam_sm_acct_mgmt] service=[imap] terminal=[<unknown>] user=[sew_mail_0001] ruser=[<unknown>] rhost=[<unknown>] 
    Oct 20 06:43:51 server imap[11768]: login: p508B3399.dip.t-dialin.net [80.139.51.153] sew_mail_0001 plaintext 
    Oct 20 06:43:51 server imap[11768]: seen_db: user sew_mail_0001 opened /var/lib/imap/user/s/sew_mail_0001.seen
    Oct 20 06:43:51 server imap[11768]: open: user sew_mail_0001 opened INBOX.SPAM
    Oct 20 06:44:14 server imap[11768]: seen_db: user sew_mail_0001 opened /var/lib/imap/user/s/sew_mail_0001.seen
    Oct 20 06:44:15 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=80.139.51.153 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=52 ID=8627 DF PROTO=TCP SPT=55584 DPT=143 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405A401010402) 
    Oct 20 06:44:15 server master[11769]: about to exec /usr/lib/cyrus/bin/imapd
    Oct 20 06:44:15 server imap[11769]: executed
    Oct 20 06:44:15 server imap[11769]: accepted connection
    Oct 20 06:44:15 server PAM-warn[2531]: function=[pam_sm_authenticate] service=[imap] terminal=[<unknown>] user=[sew_mail_0001] ruser=[<unknown>] rhost=[<unknown>] 
    Oct 20 06:44:15 server PAM-warn[2531]: function=[pam_sm_acct_mgmt] service=[imap] terminal=[<unknown>] user=[sew_mail_0001] ruser=[<unknown>] rhost=[<unknown>] 
    Oct 20 06:44:15 server imap[11769]: login: p508B3399.dip.t-dialin.net [80.139.51.153] sew_mail_0001 plaintext 
    Oct 20 06:44:15 server imap[11769]: seen_db: user sew_mail_0001 opened /var/lib/imap/user/s/sew_mail_0001.seen
    Oct 20 06:44:15 server imap[11769]: open: user sew_mail_0001 opened INBOX.allgemein.2004-10
    Oct 20 06:44:15 server kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=207.30.169.177 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=105 ID=36298 DF PROTO=TCP SPT=56405 DPT=17300 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402) 
    Oct 20 06:44:18 server kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=207.30.169.177 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=105 ID=36516 DF PROTO=TCP SPT=56405 DPT=17300 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402) 
    Oct 20 06:44:28 server kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=213.35.248.218 DST=212.227.214.118 LEN=78 TOS=0x00 PREC=0x00 TTL=110 ID=40181 PROTO=UDP SPT=3055 DPT=137 LEN=58 
    Oct 20 06:44:39 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=81.197.206.111 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=59881 DF PROTO=TCP SPT=3593 DPT=25 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B401010402) 
    Oct 20 06:47:12 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=66.72.152.219 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=104 ID=14076 DF PROTO=TCP SPT=4331 DPT=25 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405AC01010402) 
    Oct 20 06:47:42 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=80.139.51.153 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=52 ID=9449 DF PROTO=TCP SPT=55591 DPT=3129 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405A401010402) 
    Oct 20 06:48:10 server sshd[11793]: error: PAM: Authentication failure
    Oct 20 06:48:16 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=80.139.51.153 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=52 ID=9472 DF PROTO=TCP SPT=55592 DPT=3129 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405A401010402) 
    Oct 20 06:48:20 server sshd[11796]: Accepted keyboard-interactive/pam for sshmaster1 from ::ffff:80.139.51.153 port 55592 ssh2
    Oct 20 06:48:21 server sshd[11800]: error: open /dev/tty failed - could not set controlling tty: Permission denied
    Oct 20 06:48:25 server su: (to root) sshmaster1 on /dev/pts/0
    Oct 20 06:48:25 server su: pam_unix2: session started for user root, service su 
    Oct 20 06:49:39 server webmin[12342]: Webmin starting 
    Oct 20 06:49:49 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=80.139.51.153 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=52 ID=10202 DF PROTO=TCP SPT=55593 DPT=10000 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405A401010402) 
    Oct 20 06:49:54 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=80.139.51.153 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=52 ID=10218 DF PROTO=TCP SPT=55594 DPT=10000 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405A401010402) 
    Oct 20 06:49:54 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=80.139.51.153 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=52 ID=10229 DF PROTO=TCP SPT=55595 DPT=10000 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405A401010402) 
    Oct 20 06:49:54 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=80.139.51.153 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=52 ID=10246 DF PROTO=TCP SPT=55596 DPT=10000 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405A401010402) 
    Oct 20 06:50:01 server webmin[12346]: Successful login as root from 80.139.51.153 
    Oct 20 06:50:01 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=80.139.51.153 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=52 ID=10287 DF PROTO=TCP SPT=55597 DPT=10000 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405A401010402) 
    Oct 20 06:50:02 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=80.139.51.153 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=52 ID=10301 DF PROTO=TCP SPT=55598 DPT=10000 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405A401010402) 
    Oct 20 06:50:02 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=80.139.51.153 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=52 ID=10311 DF PROTO=TCP SPT=55599 DPT=10000 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405A401010402) 
    Oct 20 06:50:07 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=80.139.51.153 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=52 ID=10625 DF PROTO=TCP SPT=55600 DPT=10000 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405A401010402) 
    Oct 20 06:50:07 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=80.139.51.153 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=52 ID=10635 DF PROTO=TCP SPT=55601 DPT=10000 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405A401010402) 
    Oct 20 06:50:08 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=80.139.51.153 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=52 ID=10718 DF PROTO=TCP SPT=55602 DPT=10000 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405A401010402) 
    Oct 20 06:50:13 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=80.139.51.153 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=52 ID=10966 DF PROTO=TCP SPT=55603 DPT=10000 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405A401010402) 
    Oct 20 06:50:58 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=80.139.51.153 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=52 ID=11094 DF PROTO=TCP SPT=55604 DPT=10000 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405A401010402) 
    Oct 20 06:53:07 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=80.139.51.153 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=52 ID=11986 DF PROTO=TCP SPT=55613 DPT=10000 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405A401010402) 
    Oct 20 06:53:09 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=80.139.51.153 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=52 ID=12018 DF PROTO=TCP SPT=55614 DPT=10000 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405A401010402) 
    Oct 20 06:53:13 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=80.139.51.153 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=52 ID=12056 DF PROTO=TCP SPT=55615 DPT=10000 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405A401010402) 
    Oct 20 06:53:15 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=80.139.51.153 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=52 ID=12082 DF PROTO=TCP SPT=55616 DPT=10000 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405A401010402) 
    Oct 20 06:53:16 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=80.139.51.153 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=52 ID=12096 DF PROTO=TCP SPT=55617 DPT=10000 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405A401010402) 
    Oct 20 06:53:17 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=80.139.51.153 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=52 ID=12121 DF PROTO=TCP SPT=55618 DPT=10000 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405A401010402) 
    Oct 20 06:53:19 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=80.139.51.153 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=52 ID=12161 DF PROTO=TCP SPT=55619 DPT=10000 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405A401010402) 
    Oct 20 06:53:23 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=80.139.51.153 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=52 ID=12189 DF PROTO=TCP SPT=55620 DPT=10000 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405A401010402) 
    Oct 20 06:53:32 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=80.139.51.153 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=52 ID=12225 DF PROTO=TCP SPT=55621 DPT=10000 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405A401010402) 
    Oct 20 06:53:59 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=80.139.51.153 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=52 ID=12352 DF PROTO=TCP SPT=55622 DPT=10000 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405A401010402) 
    Oct 20 06:54:28 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=80.139.51.153 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=52 ID=12719 DF PROTO=TCP SPT=55623 DPT=10000 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405A401010402)

    mfg
    bruce
    Geändert von Bruce (20.10.04 um 06:57 Uhr)

  2. #2
    Alpha Fan Avatar von r2k
    Registriert seit
    Apr 2003
    Beiträge
    772
    Zitat Zitat von Bruce
    hi!

    ich schaue gerade so ganz routinemäßig in meine logs und da steht unter var/logs/messages fast nichts mehr. jetzt habe ich festgestellt, dass heute morgen um 4:15 uhr syslogd neugestartet wurde, obwohl da definitiv niemand auf dem server war. ich war erst um 6.50 uhr auf dem server. ist das normal?

    alles was das logfile noch enthält ist
    Code:
    Oct 20 04:15:00 server syslogd 1.4.1: restart.
    Oct 20 04:15:00 server su: (to nobody) root on none
    Oct 20 04:15:00 server su: pam_unix2: session started for user nobody, service su 
    Oct 20 04:15:01 server su: pam_unix2: session finished for user nobody, service su 
    Oct 20 04:18:03 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=195.92.95.94 DST=212.227.214.118 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=62459 DF PROTO=TCP SPT=1797 DPT=80 WINDOW=32768 RES=0x00 SYN URGP=0 OPT (020405B4010303000101080A24E9D8C600000000) 
    Oct 20 04:18:03 server kernel: klogd 1.4.1, ---------- state change ---------- 
    Oct 20 04:18:03 server kernel: Inspecting /boot/System.map-2.6.5-7.108-default
    Oct 20 04:18:03 server kernel: Loaded 23748 symbols from /boot/System.map-2.6.5-7.108-default.
    Oct 20 04:18:03 server kernel: Symbols match kernel version 2.6.5.
    Oct 20 04:18:03 server kernel: No module symbols loaded - kernel modules not enabled. 
    Oct 20 04:23:20 server kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=63.250.25.185 DST=212.227.214.118 LEN=78 TOS=0x00 PREC=0x00 TTL=115 ID=42487 PROTO=UDP SPT=1027 DPT=137 LEN=58 
    Oct 20 04:30:56 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=210.122.45.105 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=105 ID=33880 DF PROTO=TCP SPT=1836 DPT=25 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B401010402) 
    Oct 20 04:32:23 server master[11579]: about to exec /usr/lib/cyrus/bin/ctl_cyrusdb
    Oct 20 04:32:23 server ctl_cyrusdb[11579]: checkpointing cyrus databases
    Oct 20 04:32:23 server ctl_cyrusdb[11579]: archiving database file: /var/lib/imap/annotations.db
    Oct 20 04:32:23 server ctl_cyrusdb[11579]: archiving log file: /var/lib/imap/db/log.0000000001
    Oct 20 04:32:23 server ctl_cyrusdb[11579]: archiving database file: /var/lib/imap/mailboxes.db
    Oct 20 04:32:23 server ctl_cyrusdb[11579]: archiving log file: /var/lib/imap/db/log.0000000001
    Oct 20 04:32:23 server ctl_cyrusdb[11579]: done checkpointing cyrus databases
    Oct 20 04:32:23 server master[2696]: process 11579 exited, status 0
    Oct 20 04:40:39 server kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=213.238.112.213 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=52655 PROTO=TCP SPT=26730 DPT=445 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405B401010402) 
    Oct 20 04:41:28 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=195.92.95.61 DST=212.227.214.118 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=42085 DF PROTO=TCP SPT=38650 DPT=80 WINDOW=57344 RES=0x00 SYN URGP=0 OPT (020405B4010303000101080A0D469BF200000000) 
    Oct 20 04:49:21 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=68.203.138.5 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=103 ID=21107 DF PROTO=TCP SPT=3360 DPT=25 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (0204059C01010402) 
    Oct 20 04:59:00 server /USR/SBIN/CRON[11603]: (root) CMD ( rm -f /var/spool/cron/lastrun/cron.hourly) 
    Oct 20 05:02:23 server master[11622]: about to exec /usr/lib/cyrus/bin/ctl_cyrusdb
    Oct 20 05:02:23 server ctl_cyrusdb[11622]: checkpointing cyrus databases
    Oct 20 05:02:23 server ctl_cyrusdb[11622]: archiving database file: /var/lib/imap/annotations.db
    Oct 20 05:02:23 server ctl_cyrusdb[11622]: archiving log file: /var/lib/imap/db/log.0000000001
    Oct 20 05:02:23 server ctl_cyrusdb[11622]: archiving database file: /var/lib/imap/mailboxes.db
    Oct 20 05:02:23 server ctl_cyrusdb[11622]: archiving log file: /var/lib/imap/db/log.0000000001
    Oct 20 05:02:23 server ctl_cyrusdb[11622]: done checkpointing cyrus databases
    Oct 20 05:02:23 server master[2696]: process 11622 exited, status 0
    Oct 20 05:12:24 server -- MARK --
    Oct 20 05:17:00 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=68.123.18.75 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=15548 DF PROTO=TCP SPT=4648 DPT=25 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402) 
    Oct 20 05:17:09 server master[11651]: about to exec /usr/lib/cyrus/bin/lmtpd
    Oct 20 05:17:09 server lmtpunix[11651]: executed
    Oct 20 05:17:09 server lmtpunix[11651]: accepted connection
    Oct 20 05:17:09 server lmtpunix[11651]: lmtp connection preauth'd as postman
    Oct 20 05:17:09 server lmtpunix[11651]: IOERROR: fstating sieve script /var/lib/sieve/s/sew_mail_0001/defaultbc: No such file or directory
    Oct 20 05:17:09 server lmtpunix[11651]: duplicate_check: <9a5c01c4b654$47ac6578$4d213c8a@ts-group.fi> user.sew_mail_0001   0
    Oct 20 05:17:10 server lmtpunix[11651]: mystore: starting txn 2147483899
    Oct 20 05:17:10 server lmtpunix[11651]: mystore: committing txn 2147483899
    Oct 20 05:17:10 server lmtpunix[11651]: duplicate_mark: <9a5c01c4b654$47ac6578$4d213c8a@ts-group.fi> user.sew_mail_0001   1098242229 78
    Oct 20 05:18:10 server master[2696]: process 11651 exited, status 0
    Oct 20 05:32:23 server master[11671]: about to exec /usr/lib/cyrus/bin/ctl_cyrusdb
    Oct 20 05:32:23 server ctl_cyrusdb[11671]: checkpointing cyrus databases
    Oct 20 05:32:23 server ctl_cyrusdb[11671]: archiving database file: /var/lib/imap/annotations.db
    Oct 20 05:32:23 server ctl_cyrusdb[11671]: archiving log file: /var/lib/imap/db/log.0000000001
    Oct 20 05:32:23 server ctl_cyrusdb[11671]: archiving database file: /var/lib/imap/mailboxes.db
    Oct 20 05:32:23 server ctl_cyrusdb[11671]: archiving log file: /var/lib/imap/db/log.0000000001
    Oct 20 05:32:23 server ctl_cyrusdb[11671]: done checkpointing cyrus databases
    Oct 20 05:32:23 server master[2696]: process 11671 exited, status 0
    Oct 20 05:37:06 server kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=213.236.154.64 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=30735 DF PROTO=TCP SPT=1449 DPT=135 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B401010402) 
    Oct 20 05:37:09 server kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=213.236.154.64 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=31002 DF PROTO=TCP SPT=1449 DPT=135 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B401010402) 
    Oct 20 05:38:46 server kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=210.196.41.165 DST=212.227.214.118 LEN=78 TOS=0x00 PREC=0x00 TTL=106 ID=53808 PROTO=UDP SPT=40124 DPT=137 LEN=58 
    Oct 20 05:43:14 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=61.81.118.182 DST=212.227.214.118 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=34378 DF PROTO=TCP SPT=34676 DPT=21 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40402080A00E9DE7D0000000001030300) 
    Oct 20 05:43:15 server in.proftpd[11675]: connect from 61.81.118.182 (61.81.118.182)
    Oct 20 05:43:15 server proftpd[11675]: server.domain.de (61.81.118.182[61.81.118.182]) - FTP session opened. 
    Oct 20 05:43:15 server proftpd[11675]: server.domain.de (61.81.118.182[61.81.118.182]) - FTP session closed. 
    Oct 20 05:59:00 server /USR/SBIN/CRON[11695]: (root) CMD ( rm -f /var/spool/cron/lastrun/cron.hourly) 
    Oct 20 06:00:12 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=61.234.104.28 DST=212.227.214.118 LEN=60 TOS=0x00 PREC=0x00 TTL=37 ID=24038 DF PROTO=TCP SPT=60564 DPT=21 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40402080A0E46AC420000000001030300) 
    Oct 20 06:00:13 server in.proftpd[11714]: connect from 61.234.104.28 (61.234.104.28)
    Oct 20 06:00:13 server proftpd[11714]: server.domain.de (61.234.104.28[61.234.104.28]) - FTP session opened. 
    Oct 20 06:00:13 server proftpd[11714]: server.domain.de (61.234.104.28[61.234.104.28]) - FTP session closed. 
    Oct 20 06:02:23 server master[11715]: about to exec /usr/lib/cyrus/bin/ctl_cyrusdb
    Oct 20 06:02:23 server ctl_cyrusdb[11715]: checkpointing cyrus databases
    Oct 20 06:02:23 server ctl_cyrusdb[11715]: archiving database file: /var/lib/imap/annotations.db
    Oct 20 06:02:23 server ctl_cyrusdb[11715]: archiving log file: /var/lib/imap/db/log.0000000001
    Oct 20 06:02:23 server ctl_cyrusdb[11715]: archiving database file: /var/lib/imap/mailboxes.db
    Oct 20 06:02:23 server ctl_cyrusdb[11715]: archiving log file: /var/lib/imap/db/log.0000000001
    Oct 20 06:02:23 server ctl_cyrusdb[11715]: done checkpointing cyrus databases
    Oct 20 06:02:23 server master[2696]: process 11715 exited, status 0
    Oct 20 06:07:18 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=61.82.169.197 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=1256 DF PROTO=TCP SPT=3116 DPT=25 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402) 
    Oct 20 06:07:48 server kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=61.112.171.185 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=54926 DF PROTO=TCP SPT=3045 DPT=135 WINDOW=8760 RES=0x00 SYN URGP=0 OPT (020405B401010402) 
    Oct 20 06:09:30 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=219.238.232.104 DST=212.227.214.118 LEN=60 TOS=0x00 PREC=0x00 TTL=38 ID=57959 DF PROTO=TCP SPT=49417 DPT=21 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40402080A10D12F500000000001030300) 
    Oct 20 06:09:30 server in.proftpd[11720]: connect from 219.238.232.104 (219.238.232.104)
    Oct 20 06:09:30 server proftpd[11720]: server.domain.de (219.238.232.104[219.238.232.104]) - FTP session opened. 
    Oct 20 06:09:31 server proftpd[11720]: server.domain.de (219.238.232.104[219.238.232.104]) - FTP session closed.
    Oct 20 06:11:50 server kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=200.66.158.209 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=42491 DF PROTO=TCP SPT=3502 DPT=17300 WINDOW=8760 RES=0x00 SYN URGP=0 OPT (020405B401010402) 
    Oct 20 06:11:53 server kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=200.66.158.209 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=42677 DF PROTO=TCP SPT=3502 DPT=17300 WINDOW=8760 RES=0x00 SYN URGP=0 OPT (020405B401010402) 
    Oct 20 06:13:22 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=220.190.81.129 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=102 ID=15769 DF PROTO=TCP SPT=3384 DPT=25 WINDOW=64800 RES=0x00 SYN URGP=0 OPT (020405A001010402) 
    Oct 20 06:13:25 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=220.190.81.129 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=102 ID=16404 DF PROTO=TCP SPT=3384 DPT=25 WINDOW=64800 RES=0x00 SYN URGP=0 OPT (020405A001010402) 
    Oct 20 06:32:23 server master[11763]: about to exec /usr/lib/cyrus/bin/ctl_cyrusdb
    Oct 20 06:32:23 server ctl_cyrusdb[11763]: checkpointing cyrus databases
    Oct 20 06:32:23 server ctl_cyrusdb[11763]: archiving database file: /var/lib/imap/annotations.db
    Oct 20 06:32:23 server ctl_cyrusdb[11763]: archiving log file: /var/lib/imap/db/log.0000000001
    Oct 20 06:32:23 server ctl_cyrusdb[11763]: archiving database file: /var/lib/imap/mailboxes.db
    Oct 20 06:32:23 server ctl_cyrusdb[11763]: archiving log file: /var/lib/imap/db/log.0000000001
    Oct 20 06:32:23 server ctl_cyrusdb[11763]: done checkpointing cyrus databases
    Oct 20 06:32:23 server master[2696]: process 11763 exited, status 0
    Oct 20 06:43:44 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=80.139.51.153 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=52 ID=8378 DF PROTO=TCP SPT=55582 DPT=143 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405A401010402) 
    Oct 20 06:43:44 server master[11767]: about to exec /usr/lib/cyrus/bin/imapd
    Oct 20 06:43:44 server imap[11767]: executed
    Oct 20 06:43:44 server imap[11767]: accepted connection
    Oct 20 06:43:44 server imap[11767]: OTP unavailable because can't read/write key database /etc/opiekeys: No such file or directory
    Oct 20 06:43:44 server PAM-warn[2487]: function=[pam_sm_authenticate] service=[imap] terminal=[<unknown>] user=[sew_mail_0001] ruser=[<unknown>] rhost=[<unknown>] 
    Oct 20 06:43:44 server PAM-warn[2487]: function=[pam_sm_acct_mgmt] service=[imap] terminal=[<unknown>] user=[sew_mail_0001] ruser=[<unknown>] rhost=[<unknown>] 
    Oct 20 06:43:44 server imap[11767]: login: p508B3399.dip.t-dialin.net [80.139.51.153] sew_mail_0001 plaintext 
    Oct 20 06:43:45 server imap[11767]: seen_db: user sew_mail_0001 opened /var/lib/imap/user/s/sew_mail_0001.seen
    Oct 20 06:43:45 server imap[11767]: open: user sew_mail_0001 opened INBOX
    Oct 20 06:43:51 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=80.139.51.153 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=52 ID=8504 DF PROTO=TCP SPT=55583 DPT=143 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405A401010402) 
    Oct 20 06:43:51 server master[11768]: about to exec /usr/lib/cyrus/bin/imapd
    Oct 20 06:43:51 server imap[11768]: executed
    Oct 20 06:43:51 server imap[11768]: accepted connection
    Oct 20 06:43:51 server PAM-warn[2529]: function=[pam_sm_authenticate] service=[imap] terminal=[<unknown>] user=[sew_mail_0001] ruser=[<unknown>] rhost=[<unknown>] 
    Oct 20 06:43:51 server PAM-warn[2529]: function=[pam_sm_acct_mgmt] service=[imap] terminal=[<unknown>] user=[sew_mail_0001] ruser=[<unknown>] rhost=[<unknown>] 
    Oct 20 06:43:51 server imap[11768]: login: p508B3399.dip.t-dialin.net [80.139.51.153] sew_mail_0001 plaintext 
    Oct 20 06:43:51 server imap[11768]: seen_db: user sew_mail_0001 opened /var/lib/imap/user/s/sew_mail_0001.seen
    Oct 20 06:43:51 server imap[11768]: open: user sew_mail_0001 opened INBOX.SPAM
    Oct 20 06:44:14 server imap[11768]: seen_db: user sew_mail_0001 opened /var/lib/imap/user/s/sew_mail_0001.seen
    Oct 20 06:44:15 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=80.139.51.153 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=52 ID=8627 DF PROTO=TCP SPT=55584 DPT=143 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405A401010402) 
    Oct 20 06:44:15 server master[11769]: about to exec /usr/lib/cyrus/bin/imapd
    Oct 20 06:44:15 server imap[11769]: executed
    Oct 20 06:44:15 server imap[11769]: accepted connection
    Oct 20 06:44:15 server PAM-warn[2531]: function=[pam_sm_authenticate] service=[imap] terminal=[<unknown>] user=[sew_mail_0001] ruser=[<unknown>] rhost=[<unknown>] 
    Oct 20 06:44:15 server PAM-warn[2531]: function=[pam_sm_acct_mgmt] service=[imap] terminal=[<unknown>] user=[sew_mail_0001] ruser=[<unknown>] rhost=[<unknown>] 
    Oct 20 06:44:15 server imap[11769]: login: p508B3399.dip.t-dialin.net [80.139.51.153] sew_mail_0001 plaintext 
    Oct 20 06:44:15 server imap[11769]: seen_db: user sew_mail_0001 opened /var/lib/imap/user/s/sew_mail_0001.seen
    Oct 20 06:44:15 server imap[11769]: open: user sew_mail_0001 opened INBOX.allgemein.2004-10
    Oct 20 06:44:15 server kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=207.30.169.177 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=105 ID=36298 DF PROTO=TCP SPT=56405 DPT=17300 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402) 
    Oct 20 06:44:18 server kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=207.30.169.177 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=105 ID=36516 DF PROTO=TCP SPT=56405 DPT=17300 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402) 
    Oct 20 06:44:28 server kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=213.35.248.218 DST=212.227.214.118 LEN=78 TOS=0x00 PREC=0x00 TTL=110 ID=40181 PROTO=UDP SPT=3055 DPT=137 LEN=58 
    Oct 20 06:44:39 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=81.197.206.111 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=59881 DF PROTO=TCP SPT=3593 DPT=25 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B401010402) 
    Oct 20 06:47:12 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=66.72.152.219 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=104 ID=14076 DF PROTO=TCP SPT=4331 DPT=25 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405AC01010402) 
    Oct 20 06:47:42 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=80.139.51.153 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=52 ID=9449 DF PROTO=TCP SPT=55591 DPT=3129 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405A401010402) 
    Oct 20 06:48:10 server sshd[11793]: error: PAM: Authentication failure
    Oct 20 06:48:16 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=80.139.51.153 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=52 ID=9472 DF PROTO=TCP SPT=55592 DPT=3129 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405A401010402) 
    Oct 20 06:48:20 server sshd[11796]: Accepted keyboard-interactive/pam for sshmaster1 from ::ffff:80.139.51.153 port 55592 ssh2
    Oct 20 06:48:21 server sshd[11800]: error: open /dev/tty failed - could not set controlling tty: Permission denied
    Oct 20 06:48:25 server su: (to root) sshmaster1 on /dev/pts/0
    Oct 20 06:48:25 server su: pam_unix2: session started for user root, service su 
    Oct 20 06:49:39 server webmin[12342]: Webmin starting 
    Oct 20 06:49:49 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=80.139.51.153 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=52 ID=10202 DF PROTO=TCP SPT=55593 DPT=10000 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405A401010402) 
    Oct 20 06:49:54 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=80.139.51.153 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=52 ID=10218 DF PROTO=TCP SPT=55594 DPT=10000 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405A401010402) 
    Oct 20 06:49:54 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=80.139.51.153 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=52 ID=10229 DF PROTO=TCP SPT=55595 DPT=10000 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405A401010402) 
    Oct 20 06:49:54 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=80.139.51.153 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=52 ID=10246 DF PROTO=TCP SPT=55596 DPT=10000 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405A401010402) 
    Oct 20 06:50:01 server webmin[12346]: Successful login as root from 80.139.51.153 
    Oct 20 06:50:01 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=80.139.51.153 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=52 ID=10287 DF PROTO=TCP SPT=55597 DPT=10000 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405A401010402) 
    Oct 20 06:50:02 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=80.139.51.153 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=52 ID=10301 DF PROTO=TCP SPT=55598 DPT=10000 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405A401010402) 
    Oct 20 06:50:02 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=80.139.51.153 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=52 ID=10311 DF PROTO=TCP SPT=55599 DPT=10000 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405A401010402) 
    Oct 20 06:50:07 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=80.139.51.153 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=52 ID=10625 DF PROTO=TCP SPT=55600 DPT=10000 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405A401010402) 
    Oct 20 06:50:07 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=80.139.51.153 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=52 ID=10635 DF PROTO=TCP SPT=55601 DPT=10000 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405A401010402) 
    Oct 20 06:50:08 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=80.139.51.153 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=52 ID=10718 DF PROTO=TCP SPT=55602 DPT=10000 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405A401010402) 
    Oct 20 06:50:13 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=80.139.51.153 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=52 ID=10966 DF PROTO=TCP SPT=55603 DPT=10000 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405A401010402) 
    Oct 20 06:50:58 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=80.139.51.153 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=52 ID=11094 DF PROTO=TCP SPT=55604 DPT=10000 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405A401010402) 
    Oct 20 06:53:07 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=80.139.51.153 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=52 ID=11986 DF PROTO=TCP SPT=55613 DPT=10000 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405A401010402) 
    Oct 20 06:53:09 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=80.139.51.153 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=52 ID=12018 DF PROTO=TCP SPT=55614 DPT=10000 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405A401010402) 
    Oct 20 06:53:13 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=80.139.51.153 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=52 ID=12056 DF PROTO=TCP SPT=55615 DPT=10000 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405A401010402) 
    Oct 20 06:53:15 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=80.139.51.153 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=52 ID=12082 DF PROTO=TCP SPT=55616 DPT=10000 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405A401010402) 
    Oct 20 06:53:16 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=80.139.51.153 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=52 ID=12096 DF PROTO=TCP SPT=55617 DPT=10000 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405A401010402) 
    Oct 20 06:53:17 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=80.139.51.153 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=52 ID=12121 DF PROTO=TCP SPT=55618 DPT=10000 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405A401010402) 
    Oct 20 06:53:19 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=80.139.51.153 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=52 ID=12161 DF PROTO=TCP SPT=55619 DPT=10000 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405A401010402) 
    Oct 20 06:53:23 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=80.139.51.153 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=52 ID=12189 DF PROTO=TCP SPT=55620 DPT=10000 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405A401010402) 
    Oct 20 06:53:32 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=80.139.51.153 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=52 ID=12225 DF PROTO=TCP SPT=55621 DPT=10000 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405A401010402) 
    Oct 20 06:53:59 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=80.139.51.153 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=52 ID=12352 DF PROTO=TCP SPT=55622 DPT=10000 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405A401010402) 
    Oct 20 06:54:28 server kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:76:ef:b9:1d:00:02:85:04:8b:c0:08:00 SRC=80.139.51.153 DST=212.227.214.118 LEN=48 TOS=0x00 PREC=0x00 TTL=52 ID=12719 DF PROTO=TCP SPT=55623 DPT=10000 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405A401010402)

    mfg
    bruce
    Gib mal uptime ein, dann siehst du wie lange der Server läuft!

  3. #3
    Registrierter Benutzer
    Registriert seit
    Feb 2003
    Beiträge
    208
    uptime gibt aus:
    7:38am an 2 Tage 9:06, 1 Benutzer, Durchschnittslast: 0,07, 0,02, 0,00

  4. #4
    weils meins ist! Avatar von Kip
    Registriert seit
    Apr 2001
    Ort
    Darmstadt
    Beiträge
    1.138
    hast du vielleicht logrotate laufen? das startet den syslog auch neu ... mit "last" siehst du übrigens die letzten logins, schau mal ob morgens jemand auf dem server war.

Ähnliche Themen

  1. Apache Server gehackt
    Von Ellcrys im Forum Linux als Server
    Antworten: 6
    Letzter Beitrag: 23.09.03, 13:44
  2. Gehackt! Aber was treibt der Lümmel auf meiner Kiste?
    Von Hans-Georg Normann im Forum Sicherheit
    Antworten: 42
    Letzter Beitrag: 30.04.03, 15:08
  3. gehackt oder ?
    Von -Sensemann- im Forum Meldungen und Mitglieder
    Antworten: 18
    Letzter Beitrag: 16.12.02, 23:32
  4. Wie wird man eindlcih geHACKT
    Von localhost im Forum Linux als Server
    Antworten: 11
    Letzter Beitrag: 03.11.02, 13:00
  5. Mein Rechner wurde gehackt!!!
    Von Thomas Coboos im Forum Linux als Server
    Antworten: 34
    Letzter Beitrag: 04.03.02, 11:38

Lesezeichen

Berechtigungen

  • Neue Themen erstellen: Nein
  • Themen beantworten: Nein
  • Anhänge hochladen: Nein
  • Beiträge bearbeiten: Nein
  •