A
arctic_ged
Guest
Hi all,
My server went down last night,
I had a look at the logs and this is what I found in var/log/messages
Apr 9 19:43:17 s15248676 sshd(pam_unix)[16767]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=v31314.1blu.de user=root
Apr 9 19:43:19 s15248676 sshd(pam_unix)[16774]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=v31314.1blu.de user=root
Apr 9 19:43:22 s15248676 sshd(pam_unix)[16781]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=v31314.1blu.de user=root
Apr 9 19:43:25 s15248676 sshd(pam_unix)[16788]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=v31314.1blu.de user=root
Apr 9 19:43:28 s15248676 sshd(pam_unix)[16795]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=v31314.1blu.de user=root
Apr 9 19:43:31 s15248676 sshd(pam_unix)[16802]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=v31314.1blu.de user=root
Apr 9 19:43:34 s15248676 sshd(pam_unix)[16809]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=v31314.1blu.de user=root
Apr 9 19:43:37 s15248676 sshd(pam_unix)[16816]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=v31314.1blu.de user=root
Apr 9 19:43:40 s15248676 sshd(pam_unix)[16823]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=v31314.1blu.de user=root
Apr 9 19:43:43 s15248676 sshd(pam_unix)[16830]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=v31314.1blu.de user=root
Apr 9 19:43:46 s15248676 sshd(pam_unix)[16837]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=v31314.1blu.de user=root
there is hundreds of these messages just before the server went down also in etc/httpd/logs/error_log there is hundreds of entries like this
[Sun Apr 08 21:32:39 2007] [error] [client 91.121.10.188] File does not exist: /var/www/vhosts/default/htdocs/phpMyAdmin-2.6.2-rc1
[Sun Apr 08 21:32:39 2007] [error] [client 91.121.10.188] File does not exist: /var/www/vhosts/default/htdocs/phpMyAdmin-2.6.2-beta1
[Sun Apr 08 21:32:40 2007] [error] [client 91.121.10.188] File does not exist: /var/www/vhosts/default/htdocs/phpMyAdmin-2.6.2
[Sun Apr 08 21:32:40 2007] [error] [client 91.121.10.188] File does not exist: /var/www/vhosts/default/htdocs/phpMyAdmin-2.6.2-pl1
[Sun Apr 08 21:32:40 2007] [error] [client 91.121.10.188] File does not exist: /var/www/vhosts/default/htdocs/phpMyAdmin-2.6.3-rc1
[Sun Apr 08 21:32:40 2007] [error] [client 91.121.10.188] File does not exist: /var/www/vhosts/default/htdocs/phpMyAdmin-2.6.3
[Sun Apr 08 21:32:40 2007] [error] [client 91.121.10.188] File does not exist: /var/www/vhosts/default/htdocs/phpMyAdmin-2.6.3-pl1
[Sun Apr 08 21:32:40 2007] [error] [client 91.121.10.188] File does not exist: /var/www/vhosts/default/htdocs/phpMyAdmin-2.6.4-rc1
[Sun Apr 08 21:32:40 2007] [error] [client 91.121.10.188] File does not exist: /var/www/vhosts/default/htdocs/phpMyAdmin-2.6.4-pl1
[Sun Apr 08 21:32:40 2007] [error] [client 91.121.10.188] File does not exist: /var/www/vhosts/default/htdocs/phpMyAdmin-2.6.4-pl2
[Sun Apr 08 21:32:40 2007] [error] [client 91.121.10.188] File does not exist: /var/www/vhosts/default/htdocs/phpMyAdmin-2.6.4-pl3
[Sun Apr 08 21:32:40 2007] [error] [client 91.121.10.188] File does not exist: /var/www/vhosts/default/htdocs/phpMyAdmin-2.6.4-pl4
[Sun Apr 08 21:32:40 2007] [error] [client 91.121.10.188] File does not exist: /var/www/vhosts/default/htdocs/phpMyAdmin-2.6.4
[Sun Apr 08 21:32:40 2007] [error] [client 91.121.10.188] File does not exist: /var/www/vhosts/default/htdocs/phpMyAdmin-2.7.0-beta1
[Sun Apr 08 21:32:40 2007] [error] [client 91.121.10.188] File does not exist: /var/www/vhosts/default/htdocs/phpMyAdmin-2.7.0-rc1
[Sun Apr 08 21:32:40 2007] [error] [client 91.121.10.188] File does not exist: /var/www/vhosts/default/htdocs/phpMyAdmin-2.7.0-pl1
[Sun Apr 08 21:32:41 2007] [error] [client 91.121.10.188] File does not exist: /var/www/vhosts/default/htdocs/phpMyAdmin-2.7.0-pl2
[Sun Apr 08 21:32:41 2007] [error] [client 91.121.10.188] File does not exist: /var/www/vhosts/default/htdocs/phpMyAdmin-2.7.0
[Sun Apr 08 21:32:41 2007] [error] [client 91.121.10.188] File does not exist: /var/www/vhosts/default/htdocs/phpMyAdmin-2.8.0-beta1
[Sun Apr 08 21:32:41 2007] [error] [client 91.121.10.188] File does not exist: /var/www/vhosts/default/htdocs/phpMyAdmin-2.8.0-rc1
[Sun Apr 08 21:32:41 2007] [error] [client 91.121.10.188] File does not exist: /var/www/vhosts/default/htdocs/phpMyAdmin-2.8.0-rc2
[Sun Apr 08 21:32:41 2007] [error] [client 91.121.10.188] File does not exist: /var/www/vhosts/default/htdocs/phpMyAdmin-2.8.0
[Sun Apr 08 21:32:41 2007] [error] [client 91.121.10.188] File does not exist: /var/www/vhosts/default/htdocs/phpMyAdmin-2.8.0.1
[Sun Apr 08 21:32:41 2007] [error] [client 91.121.10.188] File does not exist: /var/www/vhosts/default/htdocs/phpMyAdmin-2.8.0.2
[Sun Apr 08 21:32:41 2007] [error] [client 91.121.10.188] File does not exist: /var/www/vhosts/default/htdocs/phpMyAdmin-2.8.0.3
[Sun Apr 08 21:32:41 2007] [error] [client 91.121.10.188] File does not exist: /var/www/vhosts/default/htdocs/phpMyAdmin-2.8.0.4
[Sun Apr 08 21:32:41 2007] [error] [client 91.121.10.188] File does not exist: /var/www/vhosts/default/htdocs/phpMyAdmin-2.8.1-rc1
[Sun Apr 08 21:32:41 2007] [error] [client 91.121.10.188] File does not exist: /var/www/vhosts/default/htdocs/phpMyAdmin-2.8.1
[Sun Apr 08 21:32:41 2007] [error] [client 91.121.10.188] File does not exist: /var/www/vhosts/default/htdocs/phpMyAdmin-2.8.2
[Sun Apr 08 21:32:41 2007] [error] [client 91.121.10.188] File does not exist: /var/www/vhosts/default/htdocs/admin
[Sun Apr 08 21:32:41 2007] [error] [client 91.121.10.188] File does not exist: /var/www/vhosts/default/htdocs/admin
Am I right to assume that the messages in the first log suggest that someone has been continuously trying to log into the server using SSH and in the second log that they were trying to find a control panel of the server??
Could this have caused the server to crash??
Any help would be really appreciated..
My server went down last night,
I had a look at the logs and this is what I found in var/log/messages
Apr 9 19:43:17 s15248676 sshd(pam_unix)[16767]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=v31314.1blu.de user=root
Apr 9 19:43:19 s15248676 sshd(pam_unix)[16774]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=v31314.1blu.de user=root
Apr 9 19:43:22 s15248676 sshd(pam_unix)[16781]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=v31314.1blu.de user=root
Apr 9 19:43:25 s15248676 sshd(pam_unix)[16788]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=v31314.1blu.de user=root
Apr 9 19:43:28 s15248676 sshd(pam_unix)[16795]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=v31314.1blu.de user=root
Apr 9 19:43:31 s15248676 sshd(pam_unix)[16802]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=v31314.1blu.de user=root
Apr 9 19:43:34 s15248676 sshd(pam_unix)[16809]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=v31314.1blu.de user=root
Apr 9 19:43:37 s15248676 sshd(pam_unix)[16816]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=v31314.1blu.de user=root
Apr 9 19:43:40 s15248676 sshd(pam_unix)[16823]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=v31314.1blu.de user=root
Apr 9 19:43:43 s15248676 sshd(pam_unix)[16830]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=v31314.1blu.de user=root
Apr 9 19:43:46 s15248676 sshd(pam_unix)[16837]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=v31314.1blu.de user=root
there is hundreds of these messages just before the server went down also in etc/httpd/logs/error_log there is hundreds of entries like this
[Sun Apr 08 21:32:39 2007] [error] [client 91.121.10.188] File does not exist: /var/www/vhosts/default/htdocs/phpMyAdmin-2.6.2-rc1
[Sun Apr 08 21:32:39 2007] [error] [client 91.121.10.188] File does not exist: /var/www/vhosts/default/htdocs/phpMyAdmin-2.6.2-beta1
[Sun Apr 08 21:32:40 2007] [error] [client 91.121.10.188] File does not exist: /var/www/vhosts/default/htdocs/phpMyAdmin-2.6.2
[Sun Apr 08 21:32:40 2007] [error] [client 91.121.10.188] File does not exist: /var/www/vhosts/default/htdocs/phpMyAdmin-2.6.2-pl1
[Sun Apr 08 21:32:40 2007] [error] [client 91.121.10.188] File does not exist: /var/www/vhosts/default/htdocs/phpMyAdmin-2.6.3-rc1
[Sun Apr 08 21:32:40 2007] [error] [client 91.121.10.188] File does not exist: /var/www/vhosts/default/htdocs/phpMyAdmin-2.6.3
[Sun Apr 08 21:32:40 2007] [error] [client 91.121.10.188] File does not exist: /var/www/vhosts/default/htdocs/phpMyAdmin-2.6.3-pl1
[Sun Apr 08 21:32:40 2007] [error] [client 91.121.10.188] File does not exist: /var/www/vhosts/default/htdocs/phpMyAdmin-2.6.4-rc1
[Sun Apr 08 21:32:40 2007] [error] [client 91.121.10.188] File does not exist: /var/www/vhosts/default/htdocs/phpMyAdmin-2.6.4-pl1
[Sun Apr 08 21:32:40 2007] [error] [client 91.121.10.188] File does not exist: /var/www/vhosts/default/htdocs/phpMyAdmin-2.6.4-pl2
[Sun Apr 08 21:32:40 2007] [error] [client 91.121.10.188] File does not exist: /var/www/vhosts/default/htdocs/phpMyAdmin-2.6.4-pl3
[Sun Apr 08 21:32:40 2007] [error] [client 91.121.10.188] File does not exist: /var/www/vhosts/default/htdocs/phpMyAdmin-2.6.4-pl4
[Sun Apr 08 21:32:40 2007] [error] [client 91.121.10.188] File does not exist: /var/www/vhosts/default/htdocs/phpMyAdmin-2.6.4
[Sun Apr 08 21:32:40 2007] [error] [client 91.121.10.188] File does not exist: /var/www/vhosts/default/htdocs/phpMyAdmin-2.7.0-beta1
[Sun Apr 08 21:32:40 2007] [error] [client 91.121.10.188] File does not exist: /var/www/vhosts/default/htdocs/phpMyAdmin-2.7.0-rc1
[Sun Apr 08 21:32:40 2007] [error] [client 91.121.10.188] File does not exist: /var/www/vhosts/default/htdocs/phpMyAdmin-2.7.0-pl1
[Sun Apr 08 21:32:41 2007] [error] [client 91.121.10.188] File does not exist: /var/www/vhosts/default/htdocs/phpMyAdmin-2.7.0-pl2
[Sun Apr 08 21:32:41 2007] [error] [client 91.121.10.188] File does not exist: /var/www/vhosts/default/htdocs/phpMyAdmin-2.7.0
[Sun Apr 08 21:32:41 2007] [error] [client 91.121.10.188] File does not exist: /var/www/vhosts/default/htdocs/phpMyAdmin-2.8.0-beta1
[Sun Apr 08 21:32:41 2007] [error] [client 91.121.10.188] File does not exist: /var/www/vhosts/default/htdocs/phpMyAdmin-2.8.0-rc1
[Sun Apr 08 21:32:41 2007] [error] [client 91.121.10.188] File does not exist: /var/www/vhosts/default/htdocs/phpMyAdmin-2.8.0-rc2
[Sun Apr 08 21:32:41 2007] [error] [client 91.121.10.188] File does not exist: /var/www/vhosts/default/htdocs/phpMyAdmin-2.8.0
[Sun Apr 08 21:32:41 2007] [error] [client 91.121.10.188] File does not exist: /var/www/vhosts/default/htdocs/phpMyAdmin-2.8.0.1
[Sun Apr 08 21:32:41 2007] [error] [client 91.121.10.188] File does not exist: /var/www/vhosts/default/htdocs/phpMyAdmin-2.8.0.2
[Sun Apr 08 21:32:41 2007] [error] [client 91.121.10.188] File does not exist: /var/www/vhosts/default/htdocs/phpMyAdmin-2.8.0.3
[Sun Apr 08 21:32:41 2007] [error] [client 91.121.10.188] File does not exist: /var/www/vhosts/default/htdocs/phpMyAdmin-2.8.0.4
[Sun Apr 08 21:32:41 2007] [error] [client 91.121.10.188] File does not exist: /var/www/vhosts/default/htdocs/phpMyAdmin-2.8.1-rc1
[Sun Apr 08 21:32:41 2007] [error] [client 91.121.10.188] File does not exist: /var/www/vhosts/default/htdocs/phpMyAdmin-2.8.1
[Sun Apr 08 21:32:41 2007] [error] [client 91.121.10.188] File does not exist: /var/www/vhosts/default/htdocs/phpMyAdmin-2.8.2
[Sun Apr 08 21:32:41 2007] [error] [client 91.121.10.188] File does not exist: /var/www/vhosts/default/htdocs/admin
[Sun Apr 08 21:32:41 2007] [error] [client 91.121.10.188] File does not exist: /var/www/vhosts/default/htdocs/admin
Am I right to assume that the messages in the first log suggest that someone has been continuously trying to log into the server using SSH and in the second log that they were trying to find a control panel of the server??
Could this have caused the server to crash??
Any help would be really appreciated..