当前位置: 技术问答>linux和unix
帮我看看邮件服务器是不是受到攻击了?谢谢。
来源: 互联网 发布时间:2015-09-29
本文导语: 下面是系统邮件里的内容: ################## LogWatch 2.6 Begin ##################### --------------------- proftpd-messages Begin ------------------------ **Unmatched Entries** localhost.localdomain (AOrleans-252-1-14-49.w83-115.abo.wanadoo.fr[83.115.44.49...
下面是系统邮件里的内容:
################## LogWatch 2.6 Begin #####################
--------------------- proftpd-messages Begin ------------------------
**Unmatched Entries**
localhost.localdomain (AOrleans-252-1-14-49.w83-115.abo.wanadoo.fr[83.115.44.49]) - FTP session opened.
localhost.localdomain (AOrleans-252-1-14-49.w83-115.abo.wanadoo.fr[83.115.44.49]) - FTP session closed.
localhost.localdomain (202.120.229.10[202.120.229.10]) - FTP session opened.
localhost.localdomain (202.120.229.10[202.120.229.10]) - no such user 'anonymous'
localhost.localdomain (202.120.229.10[202.120.229.10]) - FTP session closed.
localhost.localdomain (220.197.42.6[220.197.42.6]) - FTP session opened.
localhost.localdomain (220.197.42.6[220.197.42.6]) - FTP session closed.
---------------------- proftpd-messages End -------------------------
---------------- Connections (secure-log) Begin -------------------
**Unmatched Entries**
proftpd[31701]: localhost.localdomain (202.120.229.10[202.120.229.10]) - USER anonymous: no such user found from 202.120.229.10 [202.120.229.10] to 211.138.143.186:21
----------------- Connections (secure-log) End --------------------
--------------------- SSHD Begin ------------------------
Failed logins from these:
root/password from 210.90.86.123: 1 time(s)
root/password from 219.218.142.119: 3 time(s)
**Unmatched Entries**
Received disconnect from 210.90.86.123: 11: Bye Bye
input_userauth_request: illegal user admin
Failed password for illegal user admin from 210.90.86.123 port 1649 ssh2
Received disconnect from 210.90.86.123: 11: Bye Bye
input_userauth_request: illegal user test
Failed password for illegal user test from 210.90.86.123 port 1674 ssh2
Received disconnect from 210.90.86.123: 11: Bye Bye
input_userauth_request: illegal user guest
Failed password for illegal user guest from 210.90.86.123 port 1721 ssh2
Received disconnect from 210.90.86.123: 11: Bye Bye
input_userauth_request: illegal user test
Failed password for illegal user test from 219.218.142.119 port 53020 ssh2
Received disconnect from 219.218.142.119: 11: Bye Bye
input_userauth_request: illegal user guest
Failed password for illegal user guest from 219.218.142.119 port 53061 ssh2
Received disconnect from 219.218.142.119: 11: Bye Bye
input_userauth_request: illegal user admin
Failed password for illegal user admin from 219.218.142.119 port 53107 ssh2
Received disconnect from 219.218.142.119: 11: Bye Bye
input_userauth_request: illegal user admin
Failed password for illegal user admin from 219.218.142.119 port 53156 ssh2
Received disconnect from 219.218.142.119: 11: Bye Bye
input_userauth_request: illegal user user
Failed password for illegal user user from 219.218.142.119 port 53196 ssh2
Received disconnect from 219.218.142.119: 11: Bye Bye
Received disconnect from 219.218.142.119: 11: Bye Bye
Received disconnect from 219.218.142.119: 11: Bye Bye
Received disconnect from 219.218.142.119: 11: Bye Bye
input_userauth_request: illegal user test
Failed password for illegal user test from 219.218.142.119 port 53733 ssh2
Received disconnect from 219.218.142.119: 11: Bye Bye
---------------------- SSHD End -------------------------
###################### LogWatch End #########################
################## LogWatch 2.6 Begin #####################
--------------------- proftpd-messages Begin ------------------------
**Unmatched Entries**
localhost.localdomain (AOrleans-252-1-14-49.w83-115.abo.wanadoo.fr[83.115.44.49]) - FTP session opened.
localhost.localdomain (AOrleans-252-1-14-49.w83-115.abo.wanadoo.fr[83.115.44.49]) - FTP session closed.
localhost.localdomain (202.120.229.10[202.120.229.10]) - FTP session opened.
localhost.localdomain (202.120.229.10[202.120.229.10]) - no such user 'anonymous'
localhost.localdomain (202.120.229.10[202.120.229.10]) - FTP session closed.
localhost.localdomain (220.197.42.6[220.197.42.6]) - FTP session opened.
localhost.localdomain (220.197.42.6[220.197.42.6]) - FTP session closed.
---------------------- proftpd-messages End -------------------------
---------------- Connections (secure-log) Begin -------------------
**Unmatched Entries**
proftpd[31701]: localhost.localdomain (202.120.229.10[202.120.229.10]) - USER anonymous: no such user found from 202.120.229.10 [202.120.229.10] to 211.138.143.186:21
----------------- Connections (secure-log) End --------------------
--------------------- SSHD Begin ------------------------
Failed logins from these:
root/password from 210.90.86.123: 1 time(s)
root/password from 219.218.142.119: 3 time(s)
**Unmatched Entries**
Received disconnect from 210.90.86.123: 11: Bye Bye
input_userauth_request: illegal user admin
Failed password for illegal user admin from 210.90.86.123 port 1649 ssh2
Received disconnect from 210.90.86.123: 11: Bye Bye
input_userauth_request: illegal user test
Failed password for illegal user test from 210.90.86.123 port 1674 ssh2
Received disconnect from 210.90.86.123: 11: Bye Bye
input_userauth_request: illegal user guest
Failed password for illegal user guest from 210.90.86.123 port 1721 ssh2
Received disconnect from 210.90.86.123: 11: Bye Bye
input_userauth_request: illegal user test
Failed password for illegal user test from 219.218.142.119 port 53020 ssh2
Received disconnect from 219.218.142.119: 11: Bye Bye
input_userauth_request: illegal user guest
Failed password for illegal user guest from 219.218.142.119 port 53061 ssh2
Received disconnect from 219.218.142.119: 11: Bye Bye
input_userauth_request: illegal user admin
Failed password for illegal user admin from 219.218.142.119 port 53107 ssh2
Received disconnect from 219.218.142.119: 11: Bye Bye
input_userauth_request: illegal user admin
Failed password for illegal user admin from 219.218.142.119 port 53156 ssh2
Received disconnect from 219.218.142.119: 11: Bye Bye
input_userauth_request: illegal user user
Failed password for illegal user user from 219.218.142.119 port 53196 ssh2
Received disconnect from 219.218.142.119: 11: Bye Bye
Received disconnect from 219.218.142.119: 11: Bye Bye
Received disconnect from 219.218.142.119: 11: Bye Bye
Received disconnect from 219.218.142.119: 11: Bye Bye
input_userauth_request: illegal user test
Failed password for illegal user test from 219.218.142.119 port 53733 ssh2
Received disconnect from 219.218.142.119: 11: Bye Bye
---------------------- SSHD End -------------------------
###################### LogWatch End #########################
|
没什么了
正常
只是有人尝试登录你的sshd
正常
只是有人尝试登录你的sshd
|
是的.
|
有匿名用户想登陆你的proftp服务器
可惜你的服务器不允许匿名登陆;-)
可惜你的服务器不允许匿名登陆;-)
|
没有问题啊, 是有人想进去,可惜要不就是你的安全性还是挺高的,或者是那个试图进入者的功力还不够,呵呵
|
正常的日志
|
从日志上看,只不过是有人在扫描你的机器。
如果是被攻破了那就得好好查查,比如:ps -aux, netstat -npl之类的
如果是被攻破了那就得好好查查,比如:ps -aux, netstat -npl之类的