[BlueOnyx:15272] Possible Hack?

Richard Sidlin richard at sidlin.co.uk
Fri Apr 25 03:16:58 -05 2014 

This doesn't look great. What should I do please?

 

################### Logwatch 7.3.6 (05/19/07) #################### 

        Processing Initiated: Fri Apr 25 03:45:05 2014

        Date Range Processed: yesterday

                              ( 2014-Apr-24 )

                              Period is day.

      Detail Level of Output: 0

              Type of Output: unformatted

           Logfiles for Host: mk-bo4.xxxx.co.uk

  ################################################################## 

 

 --------------------- Dovecot Begin ------------------------ 

 

Dovecot disconnects:

    no auth attempts: 1 Time(s) 

 ---------------------- Dovecot End ------------------------- 

 

 --------------------- httpd Begin ------------------------ 

 

 A total of 3 sites probed the server 

    141.212.121.10

    141.212.121.128

    178.216.202.9

 Requests with error response codes

    400 Bad Request

       /: 1 Time(s)

    404 Not Found

       //images/stories/sekip.gif: 1 Time(s)

       /5KSeries2013.pdf: 2 Time(s)

       /Background.png: 30 Time(s)

       /Images/jb50thposter2.jpg: 1 Time(s)

       /Images/jbjuly11%20(1).JPG: 1 Time(s)

       /Menu%20Bar.js: 31 Time(s)

       /RMooreAward.htm: 1 Time(s)

       /VGA%20026.jpg: 1 Time(s)

       /aboutus.html: 3 Time(s)

       /admin.php: 1 Time(s)

       /administrator/index.php: 1 Time(s)

       /blocks/page_list/view.css?v=91bf9bc62f74e ... af9a762744be63e: 13
Time(s)

       /browserconfig.xml: 3 Time(s)

       /championships.html: 1 Time(s)

       /contact.html: 1 Time(s)

       /contact_head_office.html: 1 Time(s)

       /contactus.html: 8 Time(s)

       /css/images/logo.jpg: 2 Time(s)

       /datasheets/riello-ups-multidialog-09.pdf: 1 Time(s)

       /david_koppel.htm: 1 Time(s)

       /drivers.html: 1 Time(s)

       /employers.cfm: 1 Time(s)

       /favicon.ico: 65 Time(s)

       /html/FilmArchive/a-zTV/images/galleryHM_brigitte.jpg: 1 Time(s)

       /images/gallery/chatham-place-reading-014.jpg: 1 Time(s)

       /images/gallery/chatham-place-reading-05.jpg: 1 Time(s)

       /images/gallery/chatham-place-reading-06.jpg: 1 Time(s)

       /images/gallery/chatham-place-reading-1.jpg: 1 Time(s)

       /images/gallery/old-town-hall-001.jpg: 1 Time(s)

       /images/gallery/website020.jpg: 1 Time(s)

       /images/header.png: 28 Time(s)

       /images/photos/george_michael_boy_george.jpg: 1 Time(s)

       /images/photos/marlon_brando.jpg: 1 Time(s)

       /images/photos/naomi_campbell_kate_moss.jpg: 1 Time(s)

       /index.html: 4 Time(s)

       /index.php?option=com_jce&task=plugin&plug ... 86d0dd595c8e20b: 1
Time(s)

       /jquery.js: 5 Time(s)

       /js/switch.js: 1 Time(s)

       /media/jui/js/jquery-1.10.2.min.map: 8 Time(s)

       /our_philosophy.html: 1 Time(s)

       /overpainted.htm: 1 Time(s)

       /overpainted_lil_red_roosters.htm: 1 Time(s)

       /overpainted_thats_life.htm: 1 Time(s)

       /overpainted_the_passage_of_time.htm: 2 Time(s)

       /pages/motor/index.php: 1 Time(s)

       /pages/no_flash/index.html: 1 Time(s)

       /photo_naomi_campbell_kate_moss.htm: 1 Time(s)

       /pinegrand/favicon.ico: 6 Time(s)

       /pinegrand/images/background.png: 6 Time(s)

       /pinegrand/images/pinegrandheader.png: 6 Time(s)

       /privacy.cfm: 1 Time(s)

       /recruitment/themes/fmc/flowplayer/flowplayer-3.2.6.min.js: 2 Time(s)

       /recruitment/themes/fmc/js/bgstretcher.js: 1 Time(s)

       /recruitment/themes/fmc/js/countdown.js: 1 Time(s)

       /recruitment/themes/fmc/js/customScript.js: 2 Time(s)

       /recruitment/themes/fmc/js/jsScroll.js: 2 Time(s)

       /remastered_rolling_stones.htm: 1 Time(s)

       /remastered_three_tenors.htm: 1 Time(s)

       /removals_clearance_storage.php: 2 Time(s)

       /reservations/userDetails.asp: 2 Time(s)

       /robots.txt: 164 Time(s)

       /site/applynow.cfm: 1 Time(s)

       /site/applynow.cfm?apply=new&vacid=272466: 1 Time(s)

       /site/login.cfm: 3 Time(s)

       /site/site/jobboard_search.cfm: 3 Time(s)

       /site/vacancylist.cfm?: 1 Time(s)

       /site/vacancylist.cfm?start=111: 1 Time(s)

       /styles.css: 5 Time(s)

       /terms-of-use.cfm: 1 Time(s)

       /themes/cbcuk/common/js/jq-png-min.js: 1 Time(s)

       /wa54hxwnew.jpg: 1 Time(s)

       /wao4mhllow.jpg: 1 Time(s)

       /wimbledon.html: 1 Time(s)

       /wp-login.php: 1 Time(s)

       /xhtml/Stages/stage5.html: 1 Time(s)

       /xhtml/images/Stages/_notes/?C=N%3BO=D: 1 Time(s)

       /xhtml/images/holding/?C=N%3BO=A: 1 Time(s)

       /xhtml/images/mainbanner/?C=N%3BO=A: 1 Time(s)

       /xhtml/images/quicklink/?C=M%3BO=D: 1 Time(s)

    501 Not Implemented

       /site/jobboard_search.cfm: 3 Time(s)

       null: 3 Time(s)

 ---------------------- httpd End ------------------------- 

 

 --------------------- Connections (secure-log) Begin
------------------------ 

 

 **Unmatched Entries**

    useradd: failed adding user 'tomcat', data deleted: 1 Time(s)

 ---------------------- Connections (secure-log) End
------------------------- 

 

 --------------------- sendmail Begin (detail=3) ------------------------ 

 

 

 STATISTICS

----------

 Messages To Recipients:  18

Addressed Recipients:    19

Bytes Transferred:       52213

Messages No Valid Rcpts: 167

 SMTP SESSION, MESSAGE, OR RECIPIENT ERRORS

------------------------------------------

 WARNING!!!!  Possible Attack:

    Attempt from 124-11-175-165.static.tfn.net.tw [124.11.175.165] with:

       command=AUTH, count=4: 1 Time(s)

    Attempt from [65.222.223.170] with:

       command=AUTH, count=4: 3 Time(s)

               Total:  4 Time(s)

 Relaying denied: [Occurrences >= 1]

               Total:  120

 Lost input channel: [Occurrences >= 1]

               Total:  7

 Client quit before communicating: [Occurrences >= 1]

               Total:  603

 Unresolveable or non-existent domains: [Occurrences >= 1]

               Total:  1

 Mail Rejected:

               Total:  3

 Total SMTP Session, Message, and Recipient Errors handled by Sendmail:  738

 ---------------------- sendmail End ------------------------- 

 

 --------------------- yum Begin ------------------------ 

 

 Packages Updated:

    tomcat6-el-2.1-api-6.0.24-64.el6_5.noarch

    tomcat6-javadoc-6.0.24-64.el6_5.noarch

    tomcat6-admin-webapps-6.0.24-64.el6_5.noarch

    tomcat6-jsp-2.1-api-6.0.24-64.el6_5.noarch

    tomcat6-docs-webapp-6.0.24-64.el6_5.noarch

    tomcat6-servlet-2.5-api-6.0.24-64.el6_5.noarch

    tomcat6-lib-6.0.24-64.el6_5.noarch

    tomcat6-6.0.24-64.el6_5.noarch

    tomcat6-webapps-6.0.24-64.el6_5.noarch

 ---------------------- yum End ------------------------- 

 

 --------------------- Disk Space Begin ------------------------ 

 

Filesystem                   Size  Used Avail Use% Mounted on

/dev/mapper/VolGroup00-root  6.0G  2.5G  3.2G  43% /

/dev/sda1                    485M   83M  377M  18% /boot

/dev/mapper/VolGroup00-home  109G   32G   72G  31% /home

/dev/mapper/VolGroup00-tmp   2.0G   68M  1.9G   4% /tmp

/dev/mapper/VolGroup00-var   4.0G  683M  3.1G  18% /var

 

 ---------------------- Disk Space End ------------------------- 

 

 ###################### Logwatch End ######################### 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20140425/26ca3f91/attachment.html>

More information about the Blueonyx mailing list