Lord_Icon
Member
Hi,
folgende beunruhigende Log einträge habe ich ebend in /var/log/warn gefunden
Eigendlich brauch ich hier nicht groß weiterfragen. Ich denke, die Log spricht Bände.
Was ich aber nicht verstehe...
Wer ist denn so blöde, und versucht warlose Benutzerkombinationen von einen Server4You Server ?
Zumal ja sogar der Benutzername des Servers angegeben ist. (war da selber mal)
Meine Frage ist nun folgende:
Vor langer Zeit wurde mal mein Server gehackt und an diesen Tage habe ich mir geschworen jeden Hackversuch zu Anzeige zu bringen.
Was ratet Ihr mir ? wie sollte ich vorgehen ?
folgende beunruhigende Log einträge habe ich ebend in /var/log/warn gefunden
Code:
Jun 16 18:50:54 Kundensystem-Backup sshd[4557]: error: PAM: Authentication failure for postfix from kilo038.server4you.de
Jun 16 18:50:54 Kundensystem-Backup sshd[4560]: error: PAM: User not known to the underlying authentication module for illegal user quake from kilo038.server4you.de
Jun 16 18:50:54 Kundensystem-Backup sshd[4563]: error: PAM: User not known to the underlying authentication module for illegal user cstrike from kilo038.server4you.de
Jun 16 18:50:54 Kundensystem-Backup sshd[4566]: error: PAM: User not known to the underlying authentication module for illegal user mooha from kilo038.server4you.de
Jun 16 19:13:25 Kundensystem-Backup sshd[4781]: error: PAM: User not known to the underlying authentication module for illegal user postgres from kilo038.server4you.de
Jun 16 19:13:26 Kundensystem-Backup sshd[4784]: error: PAM: Authentication failure for mysql from kilo038.server4you.de
Jun 16 19:13:26 Kundensystem-Backup sshd[4787]: error: PAM: Authentication failure for games from kilo038.server4you.de
Jun 16 19:13:26 Kundensystem-Backup sshd[4790]: error: PAM: User not known to the underlying authentication module for illegal user operator from kilo038.server4you.de
Jun 16 19:13:26 Kundensystem-Backup sshd[4793]: error: PAM: User not known to the underlying authentication module for illegal user zope from kilo038.server4you.de
Jun 16 19:13:26 Kundensystem-Backup sshd[4796]: error: PAM: User not known to the underlying authentication module for illegal user nagios from kilo038.server4you.de
Jun 16 19:13:27 Kundensystem-Backup sshd[4799]: error: PAM: Authentication failure for nobody from kilo038.server4you.de
Jun 16 19:13:27 Kundensystem-Backup sshd[4802]: error: PAM: User not known to the underlying authentication module for illegal user nobody4 from kilo038.server4you.de
Jun 16 19:13:27 Kundensystem-Backup sshd[4805]: error: PAM: User not known to the underlying authentication module for illegal user ldap from kilo038.server4you.de
Jun 16 19:13:27 Kundensystem-Backup sshd[4808]: error: PAM: User not known to the underlying authentication module for illegal user tomcat from kilo038.server4you.de
Jun 16 19:15:10 Kundensystem-Backup postfix/trivial-rewrite[4850]: warning: do not list domain domain.de in BOTH virtual_alias_domains and relay_domains
Jun 16 19:25:39 Kundensystem-Backup postfix/trivial-rewrite[4962]: warning: do not list domain domain.de in BOTH virtual_alias_domains and relay_domains
Jun 16 19:32:07 Kundensystem-Backup sshd[5058]: error: PAM: User not known to the underlying authentication module for illegal user postgres from kilo038.server4you.de
Jun 16 19:32:07 Kundensystem-Backup sshd[5061]: error: PAM: Authentication failure for mysql from kilo038.server4you.de
Jun 16 19:32:08 Kundensystem-Backup sshd[5064]: error: PAM: Authentication failure for games from kilo038.server4you.de
Jun 16 19:32:08 Kundensystem-Backup sshd[5067]: error: PAM: User not known to the underlying authentication module for illegal user operator from kilo038.server4you.de
Jun 16 19:32:08 Kundensystem-Backup sshd[5070]: error: PAM: User not known to the underlying authentication module for illegal user zope from kilo038.server4you.de
Jun 16 19:32:08 Kundensystem-Backup sshd[5073]: error: PAM: User not known to the underlying authentication module for illegal user nagios from kilo038.server4you.de
Jun 16 19:32:08 Kundensystem-Backup sshd[5076]: error: PAM: Authentication failure for nobody from kilo038.server4you.de
Jun 16 19:32:08 Kundensystem-Backup sshd[5079]: error: PAM: User not known to the underlying authentication module for illegal user nobody4 from kilo038.server4you.de
Jun 16 19:32:09 Kundensystem-Backup sshd[5082]: error: PAM: User not known to the underlying authentication module for illegal user ldap from kilo038.server4you.de
Jun 16 19:32:09 Kundensystem-Backup sshd[5085]: error: PAM: User not known to the underlying authentication module for illegal user tomcat from kilo038.server4you.de
Jun 16 19:47:45 Kundensystem-Backup postfix/trivial-rewrite[5273]: warning: do not list domain domain.de in BOTH virtual_alias_domains and relay_domains
Jun 16 20:06:42 Kundensystem-Backup postfix/trivial-rewrite[5515]: warning: do not list domain domain.de in BOTH virtual_alias_domains and relay_domains
Jun 16 20:14:59 Kundensystem-Backup postfix/trivial-rewrite[5609]: warning: do not list domain domain.de in BOTH virtual_alias_domains and relay_domains
Jun 16 21:59:22 Kundensystem-Backup sshd[6722]: error: PAM: User not known to the underlying authentication module for illegal user postgres from kilo038.server4you.de
Jun 16 21:59:22 Kundensystem-Backup sshd[6725]: error: PAM: User not known to the underlying authentication module for illegal user postgres from kilo038.server4you.de
Jun 16 21:59:22 Kundensystem-Backup sshd[6728]: error: PAM: Authentication failure for mysql from kilo038.server4you.de
Jun 16 21:59:22 Kundensystem-Backup sshd[6731]: error: PAM: User not known to the underlying authentication module for illegal user oracle from kilo038.server4you.de
Jun 16 21:59:23 Kundensystem-Backup sshd[6734]: error: PAM: Authentication failure for games from kilo038.server4you.de
Jun 16 21:59:23 Kundensystem-Backup sshd[6737]: error: PAM: User not known to the underlying authentication module for illegal user postgres from kilo038.server4you.de
Jun 16 21:59:23 Kundensystem-Backup sshd[6740]: error: PAM: User not known to the underlying authentication module for illegal user tomcat from kilo038.server4you.de
Jun 16 21:59:23 Kundensystem-Backup sshd[6743]: error: PAM: User not known to the underlying authentication module for illegal user tomcat from kilo038.server4you.de
Jun 16 21:59:23 Kundensystem-Backup sshd[6746]: error: PAM: User not known to the underlying authentication module for illegal user backup from kilo038.server4you.de
Jun 16 21:59:24 Kundensystem-Backup sshd[6749]: error: PAM: User not known to the underlying authentication module for illegal user backup from kilo038.server4you.de
Was ich aber nicht verstehe...
Wer ist denn so blöde, und versucht warlose Benutzerkombinationen von einen Server4You Server ?
Zumal ja sogar der Benutzername des Servers angegeben ist. (war da selber mal)
Meine Frage ist nun folgende:
Vor langer Zeit wurde mal mein Server gehackt und an diesen Tage habe ich mir geschworen jeden Hackversuch zu Anzeige zu bringen.
Was ratet Ihr mir ? wie sollte ich vorgehen ?
Last edited by a moderator: