N
nhouse
Guest
Ok... here's some more stuff from my log files. These are from my "messages" log:
Feb 26 09:10:22 nhousemedia sshd(pam_unix)[8289]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=quebec-hse-ppp241914.qc.sympatico.ca
there are LOTS of these... maybe the attempt to spam. Then this one looks like the point where the server caughed:
Feb 26 11:59:56 nhousemedia named[9602]: lame server resolving 'nis.dacom.co.kr' (in 'dacom.co.kr'?): 211.216.50.150#53
Feb 26 11:59:56 nhousemedia named[9602]: lame server resolving 'ns2.dacom.co.kr' (in 'dacom.co.kr'?): 211.216.50.150#53
Feb 26 12:00:19 nhousemedia named[9602]: lame server resolving 'nsz2.latnet.lv' (in 'lv'?): 159.148.108.2#53
Feb 26 12:00:25 nhousemedia named[9602]: lame server resolving '213.16.3.8.in-addr.arpa' (in '213.16.3.8.in-addr.arpa'?): 8.3.16.222#53
Feb 26 12:00:25 nhousemedia last message repeated 3 times
Feb 26 12:01:07 nhousemedia named[9602]: client 24.176.127.33#62692: updating zone 'hcpbe.com/IN': update failed: 'RRset exists (value dependent)' prerequisite not satisfied (NXRRSET)
Feb 26 12:01:07 nhousemedia named[9602]: client 24.176.127.33#62695: update 'hcpbe.com/IN' denied
Feb 26 12:02:38 nhousemedia xinetd[18276]: smtp: fork failed: Cannot allocate memory (errno = 12)
Feb 26 12:02:39 nhousemedia xinetd[18276]: smtp: fork failed: Cannot allocate memory (errno = 12)
Feb 26 12:02:39 nhousemedia syslogd: select: Cannot allocate memory
Feb 26 12:02:39 nhousemedia xinetd[18276]: smtp: fork failed: Cannot allocate memory (errno = 12)
Feb 26 12:02:39 nhousemedia xinetd[18276]: smtp: fork failed: Cannot allocate memory (errno = 12)
Feb 26 12:02:39 nhousemedia relaylock: /var/qmail/bin/relaylock: Unable to connect to the mysql database, relay will work in closed mode & white list will not work
Feb 26 12:02:40 nhousemedia syslogd: select: Cannot allocate memory
Feb 26 12:02:40 nhousemedia last message repeated 9 times
Feb 26 12:02:40 nhousemedia relaylock: /var/qmail/bin/relaylock: Unable to connect to the mysql database, relay will work in closed mode & white list will not work
Feb 26 12:02:40 nhousemedia named[9664]: socket.c:2100: fatal error:
Feb 26 12:02:40 nhousemedia named[9664]: select() failed: Cannot allocate memory
Feb 26 12:02:40 nhousemedia named[9664]: exiting (due to fatal error in library)
Feb 26 12:04:08 nhousemedia named: named shutdown failed
Feb 26 12:04:08 nhousemedia httpd: httpd shutdown succeeded
Feb 26 12:04:09 nhousemedia named: named shutdown failed
Feb 26 12:04:10 nhousemedia httpd: httpd shutdown failed
Feb 26 12:04:12 nhousemedia named[5090]: starting BIND 9.2.1 -u named -c /etc/named.conf -u named -t /var/named/run-root
Feb 26 12:04:12 nhousemedia named[5090]: using 1 CPU
Feb 26 12:04:12 nhousemedia named[5376]: loading configuration from '/etc/named.conf'
Feb 26 12:04:12 nhousemedia named[5376]: no IPv6 interfaces found
Feb 26 12:04:12 nhousemedia named[5376]: listening on IPv4 interface lo, 127.0.0.1#53
Feb 26 12:04:12 nhousemedia named[5376]: listening on IPv4 interface venet0:0, 68.178.156.20#53
Feb 26 12:04:12 nhousemedia named[5376]: listening on IPv4 interface venet0:1, 68.178.156.25#53
Feb 26 12:04:12 nhousemedia named[5376]: listening on IPv4 interface venet0:2, 68.178.156.26#53
Feb 26 12:04:12 nhousemedia named[5376]: listening on IPv4 interface venet0:3, 68.178.156.202#53
Feb 26 12:04:12 nhousemedia named[5376]: command channel listening on 127.0.0.1#953
This also happened...
Feb 26 12:04:12 nhousemedia httpd: WARNING: MaxClients of 400 exceeds ServerLimit value of 256 servers,
Feb 26 12:04:12 nhousemedia httpd: lowering MaxClients to 256. To increase, please see the ServerLimit
Ok, in the httpd.conf file, can I fix this by changing the ServerLimit to 400 as well? I don't want to mess this file up and I am a newbie to a lot of this.
NOW, this looks rather ominous... it comes from the error log and looks like someone tried to hack in but was denied... THEN it looks like something did get transferred?
chmod: failed to get attributes of `r0nin': No such file or directory
sh: line 1: /usr/bin/wget: Permission denied
chmod: failed to get attributes of `r0nin': No such file or directory
sh: line 1: /usr/bin/wget: Permission denied
chmod: failed to get attributes of `r0nin': No such file or directory
% Total % Received % Xferd Average Speed Time Curr.
Dload Upload Total Current Left Speed
0 761 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0
100 761 100 761 0 0 542 0 0:00:01 0:00:01 0:00:00 47562
% Total % Received % Xferd Average Speed Time Curr.
Dload Upload Total Current Left Speed
0 761 0 0 0 0 0 0 --:--:-- 0:00:00 --:--:-- 0
100 761 100 761 0 0 2193 0 0:00:00 0:00:00 0:00:00 371k
% Total % Received % Xferd Average Speed Time Curr.
Dload Upload Total Current Left Speed
0 761 0 0 0 0 0 0 --:--:-- 0:00:00 --:--:-- 0
100 761 100 761 0 0 1921 0 0:00:00 0:00:00 0:00:00 371k
How can this be???
Help?
Feb 26 09:10:22 nhousemedia sshd(pam_unix)[8289]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=quebec-hse-ppp241914.qc.sympatico.ca
there are LOTS of these... maybe the attempt to spam. Then this one looks like the point where the server caughed:
Feb 26 11:59:56 nhousemedia named[9602]: lame server resolving 'nis.dacom.co.kr' (in 'dacom.co.kr'?): 211.216.50.150#53
Feb 26 11:59:56 nhousemedia named[9602]: lame server resolving 'ns2.dacom.co.kr' (in 'dacom.co.kr'?): 211.216.50.150#53
Feb 26 12:00:19 nhousemedia named[9602]: lame server resolving 'nsz2.latnet.lv' (in 'lv'?): 159.148.108.2#53
Feb 26 12:00:25 nhousemedia named[9602]: lame server resolving '213.16.3.8.in-addr.arpa' (in '213.16.3.8.in-addr.arpa'?): 8.3.16.222#53
Feb 26 12:00:25 nhousemedia last message repeated 3 times
Feb 26 12:01:07 nhousemedia named[9602]: client 24.176.127.33#62692: updating zone 'hcpbe.com/IN': update failed: 'RRset exists (value dependent)' prerequisite not satisfied (NXRRSET)
Feb 26 12:01:07 nhousemedia named[9602]: client 24.176.127.33#62695: update 'hcpbe.com/IN' denied
Feb 26 12:02:38 nhousemedia xinetd[18276]: smtp: fork failed: Cannot allocate memory (errno = 12)
Feb 26 12:02:39 nhousemedia xinetd[18276]: smtp: fork failed: Cannot allocate memory (errno = 12)
Feb 26 12:02:39 nhousemedia syslogd: select: Cannot allocate memory
Feb 26 12:02:39 nhousemedia xinetd[18276]: smtp: fork failed: Cannot allocate memory (errno = 12)
Feb 26 12:02:39 nhousemedia xinetd[18276]: smtp: fork failed: Cannot allocate memory (errno = 12)
Feb 26 12:02:39 nhousemedia relaylock: /var/qmail/bin/relaylock: Unable to connect to the mysql database, relay will work in closed mode & white list will not work
Feb 26 12:02:40 nhousemedia syslogd: select: Cannot allocate memory
Feb 26 12:02:40 nhousemedia last message repeated 9 times
Feb 26 12:02:40 nhousemedia relaylock: /var/qmail/bin/relaylock: Unable to connect to the mysql database, relay will work in closed mode & white list will not work
Feb 26 12:02:40 nhousemedia named[9664]: socket.c:2100: fatal error:
Feb 26 12:02:40 nhousemedia named[9664]: select() failed: Cannot allocate memory
Feb 26 12:02:40 nhousemedia named[9664]: exiting (due to fatal error in library)
Feb 26 12:04:08 nhousemedia named: named shutdown failed
Feb 26 12:04:08 nhousemedia httpd: httpd shutdown succeeded
Feb 26 12:04:09 nhousemedia named: named shutdown failed
Feb 26 12:04:10 nhousemedia httpd: httpd shutdown failed
Feb 26 12:04:12 nhousemedia named[5090]: starting BIND 9.2.1 -u named -c /etc/named.conf -u named -t /var/named/run-root
Feb 26 12:04:12 nhousemedia named[5090]: using 1 CPU
Feb 26 12:04:12 nhousemedia named[5376]: loading configuration from '/etc/named.conf'
Feb 26 12:04:12 nhousemedia named[5376]: no IPv6 interfaces found
Feb 26 12:04:12 nhousemedia named[5376]: listening on IPv4 interface lo, 127.0.0.1#53
Feb 26 12:04:12 nhousemedia named[5376]: listening on IPv4 interface venet0:0, 68.178.156.20#53
Feb 26 12:04:12 nhousemedia named[5376]: listening on IPv4 interface venet0:1, 68.178.156.25#53
Feb 26 12:04:12 nhousemedia named[5376]: listening on IPv4 interface venet0:2, 68.178.156.26#53
Feb 26 12:04:12 nhousemedia named[5376]: listening on IPv4 interface venet0:3, 68.178.156.202#53
Feb 26 12:04:12 nhousemedia named[5376]: command channel listening on 127.0.0.1#953
This also happened...
Feb 26 12:04:12 nhousemedia httpd: WARNING: MaxClients of 400 exceeds ServerLimit value of 256 servers,
Feb 26 12:04:12 nhousemedia httpd: lowering MaxClients to 256. To increase, please see the ServerLimit
Ok, in the httpd.conf file, can I fix this by changing the ServerLimit to 400 as well? I don't want to mess this file up and I am a newbie to a lot of this.
NOW, this looks rather ominous... it comes from the error log and looks like someone tried to hack in but was denied... THEN it looks like something did get transferred?
chmod: failed to get attributes of `r0nin': No such file or directory
sh: line 1: /usr/bin/wget: Permission denied
chmod: failed to get attributes of `r0nin': No such file or directory
sh: line 1: /usr/bin/wget: Permission denied
chmod: failed to get attributes of `r0nin': No such file or directory
% Total % Received % Xferd Average Speed Time Curr.
Dload Upload Total Current Left Speed
0 761 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0
100 761 100 761 0 0 542 0 0:00:01 0:00:01 0:00:00 47562
% Total % Received % Xferd Average Speed Time Curr.
Dload Upload Total Current Left Speed
0 761 0 0 0 0 0 0 --:--:-- 0:00:00 --:--:-- 0
100 761 100 761 0 0 2193 0 0:00:00 0:00:00 0:00:00 371k
% Total % Received % Xferd Average Speed Time Curr.
Dload Upload Total Current Left Speed
0 761 0 0 0 0 0 0 --:--:-- 0:00:00 --:--:-- 0
100 761 100 761 0 0 1921 0 0:00:00 0:00:00 0:00:00 371k
How can this be???
Help?