Hundreds of unknown entries in Linux logwatch
Posted
by Saif Bechan
on Server Fault
See other posts from Server Fault
or by Saif Bechan
Published on 2010-03-20T03:26:26Z
Indexed on
2010/03/20
3:31 UTC
Read the original article
Hit count: 778
I have a dedicated server which runs centos. Today i got an email from loginwatch on my server with hundreds of lines of 'errors'. I don't really know what they are becasue i am fairly new at this.
The lines are in a few sections, I will display the first 10 of all of them, i hope someone can help me fix these problems.
--------------------- Named Begin ------------------------
**Unmatched Entries**
client 216.146.46.136 notify question section contains no SOA: 8 Time(s)
client 92.114.98.10 query (cache) 'adobe.com/A/IN' denied: 4 Time(s)
network unreachable resolving '11.254.75.75.in-addr.arpa/PTR/IN': 2001:7fd::1#53: 1 Time(s)
network unreachable resolving '136.176.97.93.in-addr.arpa/PTR/IN': 2001:13c7:7002:3000::11#53: 1 Time(s)
network unreachable resolving '136.176.97.93.in-addr.arpa/PTR/IN': 2001:500:13::c7d4:35#53: 1 Time(s)
network unreachable resolving '136.176.97.93.in-addr.arpa/PTR/IN': 2001:500:2e::1#53: 2 Time(s)
network unreachable resolving '136.176.97.93.in-addr.arpa/PTR/IN': 2001:610:240:0:53::193#53: 1 Time(s)
network unreachable resolving '136.176.97.93.in-addr.arpa/PTR/IN': 2001:610:240:0:53::3#53: 1 Time(s)
network unreachable resolving '136.176.97.93.in-addr.arpa/PTR/IN': 2001:660:3006:1::1:1#53: 1 Time(s)
network unreachable resolving '136.176.97.93.in-addr.arpa/PTR/IN': 2001:6b0:7::2#53: 1 Time(s)
network unreachable resolving '136.176.97.93.in-addr.arpa/PTR/IN': 2001:dc0:1:0:4777::140#53: 1 Time(s)
network unreachable resolving '136.176.97.93.in-addr.arpa/PTR/IN': 2001:dc0:2001:a:4608::59#53: 1 Time(s)
network unreachable resolving '146.250.19.67.in-addr.arpa/PTR/IN': 2001:5a0:10::2#53: 1 Time(s)
network unreachable resolving '149.207.106.87.in-addr.arpa/PTR/IN': 2001:7fd::1#53: 1 Time(s)
network unreachable resolving '178.62.24.195.in-addr.arpa/PTR/IN': 2001:7fd::1#53: 1 Time(s)
this goes on for hundreds of lines with all different domain names.
--------------------- pam_unix Begin ------------------------
Failed logins from:
78.86.126.211 (78-86-126-211.zone2.bethere.co.uk): 111 times
93.97.176.136 (93-97-176-136.dsl.cnl.uk.net): 113 times
121.14.145.32: 136 times
190.152.69.5: 248 times
209.160.72.15: 572 times
210.26.48.35: 2 times
212.235.111.224 (DSL212-235-111-224.bb.netvision.net.il): 140 times
218.206.25.29: 140 times
Illegal users from:
78.86.126.211 (78-86-126-211.zone2.bethere.co.uk): 2665 times
93.97.176.136 (93-97-176-136.dsl.cnl.uk.net): 2539 times
121.14.145.32: 116 times
190.152.69.5: 34 times
209.160.72.15: 324 times
218.206.25.29: 8051 times
proftpd:
Unknown Entries:
session opened for user cent_ftp by (uid=0): 15 Time(s)
session closed for user cent_ftp: 14 Time(s)
sshd:
Authentication Failures:
unknown (218.206.25.29): 8051 Time(s)
unknown (78-86-126-211.zone2.bethere.co.uk): 2665 Time(s)
unknown (93.97.176.136): 2539 Time(s)
root (209.160.72.15): 558 Time(s)
unknown (209.160.72.15): 324 Time(s)
root (190.152.69.5): 246 Time(s)
unknown (121.14.145.32): 116 Time(s)
root (121.14.145.32): 106 Time(s)
root (dsl212-235-111-224.bb.netvision.net.il): 70 Time(s)
root (93.97.176.136): 44 Time(s)
root (78-86-126-211.zone2.bethere.co.uk): 37 Time(s)
unknown (190.152.69.5): 34 Time(s)
mysql (121.14.145.32): 30 Time(s)
nobody (218.206.25.29): 26 Time(s)
mail (218.206.25.29): 24 Time(s)
news (218.206.25.29): 24 Time(s)
root (218.206.25.29): 24 Time(s)
--------------------- SSHD Begin ------------------------
**Unmatched Entries**
pam_succeed_if(sshd:auth): error retrieving information about user tavi : 2 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user pam : 2 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user konchog : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user stavrum : 2 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user rachel : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user affiliates : 24 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user nen : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user cobra : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user pass : 7 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user hacer : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user chung : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user zainee : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user radu : 2 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user alka : 4 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user albert : 5 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user turcia : 2 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user cordell : 2 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user silver : 2 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user dragon : 3 time(s)
If someone wants to see the whole log i can upload it somewhere. Am i being hacked, what is this all??
I hope someone can help me, this does not look good at all.
© Server Fault or respective owner
