Hi all,
Bagaimana cara mengatasi serangan spt log dari Logwatch dibawah ini ?
Apakah mail server kami sudah disusupi ?
Mohon pencerahannya.
Thanks.
-eum-
Spec : Redhat 9.0+Qmail+Vpopmail+Qmailadmin+Sqwebmail+Apache 2.0
=============================
################### LogWatch 4.3.1 (01/13/03) ####################
Processing Initiated: Fri Jun 16 04:02:01 2006
Date Range Processed: yesterday
Detail Level of Output: 0
Logfiles for Host: xxx.xxx.xxx.xxx
################################################################
--------------------- pam_unix Begin ------------------------
sshd:
Authentication Failures:
root (email.bvig.com.tw ): 1 Time(s)
nobody (210.0.215.71 ): 1 Time(s)
mailman (210.0.215.71 ): 1 Time(s)
rpm (210.0.215.71 ): 1 Time(s)
ftp (210.0.215.71 ): 1 Time(s)
games (210.0.215.71 ): 1 Time(s)
halt (210.0.215.71 ): 1 Time(s)
sshd (210.0.215.71 ): 1 Time(s)
operator (210.0.215.71 ): 1 Time(s)
root (dsl-kpogw7-feb8f900-35.dhcp.inet.fi ): 1 Time(s)
root (210.0.215.71 ): 15 Time(s)
lp (210.0.215.71 ): 1 Time(s)
amanda (210.0.215.71 ): 1 Time(s)
bin (212.116.148.154 ): 2 Time(s)
mail (210.0.215.71 ): 1 Time(s)
apache (212.116.148.154 ): 3 Time(s)
shutdown (210.0.215.71 ): 1 Time(s)
named (210.0.215.71 ): 1 Time(s)
daemon (210.0.215.71 ): 1 Time(s)
adm (212.116.148.154 ): 6 Time(s)
root (211.242.212.100 ): 3 Time(s)
alias (210.0.215.71 ): 1 Time(s)
root (218.14.146.205 ): 1 Time(s)
postgres (210.0.215.71 ): 1 Time(s)
apache (210.0.215.71 ): 1 Time(s)
alias (61.131.89.97 ): 1 Time(s)
alias (212.116.148.154 ): 2 Time(s)
mysql (dsl-kpogw7-feb8f900-35.dhcp.inet.fi ): 1 Time(s)
adm (210.0.215.71 ): 1 Time(s)
root (cm28113.red.mundo-r.com ): 1 Time(s)
sync (210.0.215.71 ): 1 Time(s)
root (211.144.32.119 ): 1 Time(s)
mysql (210.0.215.71 ): 1 Time(s)
news (210.0.215.71 ): 1 Time(s)
bin (210.0.215.71 ): 1 Time(s)
alias (evr91-2-82-233-255-16.fbx.proxad.net ): 1 Time(s)
daemon (212.116.148.154 ): 2 Time(s)
uucp (210.0.215.71 ): 1 Time(s)
smmsp (210.0.215.71 ): 1 Time(s)
---------------------- pam_unix End -------------------------
--------------------- SSHD Begin ------------------------
Failed logins from these:
adm/password from 210.0.215.71: 1 Time(s)
adm/password from 212.116.148.154: 6 Time(s)
alias/password from 210.0.215.71: 1 Time(s)
alias/password from 212.116.148.154: 2 Time(s)
alias/password from 61.131.89.97: 1 Time(s)
alias/password from 82.233.255.16: 1 Time(s)
amanda/password from 210.0.215.71: 1 Time(s)
apache/password from 210.0.215.71: 1 Time(s)
apache/password from 212.116.148.154: 3 Time(s)
bin/password from 210.0.215.71: 1 Time(s)
bin/password from 212.116.148.154: 2 Time(s)
daemon/password from 210.0.215.71: 1 Time(s)
daemon/password from 212.116.148.154: 2 Time(s)
ftp/password from 210.0.215.71: 1 Time(s)
games/password from 210.0.215.71: 1 Time(s)
halt/password from 210.0.215.71: 1 Time(s)
lp/password from 210.0.215.71: 1 Time(s)
mail/password from 210.0.215.71: 1 Time(s)
mailman/password from 210.0.215.71: 1 Time(s)
mysql/password from 210.0.215.71: 1 Time(s)
mysql/password from 84.249.184.35: 1 Time(s)
named/password from 210.0.215.71: 1 Time(s)
news/password from 210.0.215.71: 1 Time(s)
nobody/password from 210.0.215.71: 1 Time(s)
operator/password from 210.0.215.71: 1 Time(s)
postgres/password from 210.0.215.71: 1 Time(s)
root/password from 210.0.215.71: 15 Time(s)
root/password from 211.144.32.119: 1 Time(s)
root/password from 211.242.212.100: 3 Time(s)
root/password from 213.60.28.113: 1 Time(s)
root/password from 218.14.146.205: 1 Time(s)
root/password from 220.132.120.231: 1 Time(s)
root/password from 84.249.184.35: 1 Time(s)
rpm/password from 210.0.215.71: 1 Time(s)
shutdown/password from 210.0.215.71: 1 Time(s)
smmsp/password from 210.0.215.71: 1 Time(s)
sshd/password from 210.0.215.71: 1 Time(s)
sync/password from 210.0.215.71: 1 Time(s)
uucp/password from 210.0.215.71: 1 Time(s)
**Unmatched Entries**
Illegal user staff from 210.0.215.71
Illegal user sales from 210.0.215.71
Illegal user recruit from 210.0.215.71
Illegal user office from 210.0.215.71
Illegal user samba from 210.0.215.71
Illegal user tomcat from 210.0.215.71
Illegal user webadmin from 210.0.215.71
Illegal user spam from 210.0.215.71
Illegal user virus from 210.0.215.71
Illegal user cyrus from 210.0.215.71
Illegal user oracle from 210.0.215.71
Illegal user michael from 210.0.215.71
Illegal user test from 210.0.215.71
Illegal user webmaster from 210.0.215.71 Illegal user postmaster from
210.0.215.71 Illegal user postfix from 210.0.215.71 Illegal user paul
from 210.0.215.71 Illegal user guest from 210.0.215.71 Illegal user
admin from 210.0.215.71 Illegal user linux from 210.0.215.71 Illegal
user user from 210.0.215.71 Illegal user david from 210.0.215.71
Illegal user web from 210.0.215.71 Illegal user pgsql from
210.0.215.71 Illegal user info from 210.0.215.71 Illegal user tony
from 210.0.215.71 Illegal user core from 210.0.215.71 Illegal user
newsletter from 210.0.215.71 Illegal user visitor from 210.0.215.71
Illegal user ftpuser from 210.0.215.71 Illegal user username from
210.0.215.71 Illegal user administrator from 210.0.215.71 Illegal user
library from 210.0.215.71 Illegal user test from 210.0.215.71 Illegal
user admin from 210.0.215.71 Illegal user guest from 210.0.215.71
Illegal user master from 210.0.215.71 Illegal user admin from
210.0.215.71 Illegal user admin from 210.0.215.71 Illegal user admin
from 210.0.215.71 Illegal user admin from 210.0.215.71 Illegal user
test from 210.0.215.71 Illegal user test from 210.0.215.71 Illegal
user webmaster from 210.0.215.71 Illegal user username from
210.0.215.71 Illegal user user from 210.0.215.71 Illegal user admin
from 210.0.215.71 Illegal user test from 210.0.215.71 Illegal user
danny from 210.0.215.71 Illegal user alex from 210.0.215.71 Illegal
user brett from 210.0.215.71 Illegal user mike from 210.0.215.71
Illegal user alan from 210.0.215.71 Illegal user data from
210.0.215.71 Illegal user www-data from 210.0.215.71 Illegal user http
from 210.0.215.71 Illegal user httpd from 210.0.215.71 Illegal user
pop from 210.0.215.71 Illegal user backup from 210.0.215.71 Illegal
user info from 210.0.215.71 Illegal user shop from 210.0.215.71
Illegal user sales from 210.0.215.71 Illegal user web from
210.0.215.71 Illegal user www from 210.0.215.71 Illegal user wwwrun
from 210.0.215.71 Illegal user adam from 210.0.215.71 Illegal user
stephen from 210.0.215.71 Illegal user richard from 210.0.215.71
Illegal user george from 210.0.215.71 Illegal user john from
210.0.215.71 Illegal user angel from 210.0.215.71 Illegal user pgsql
from 210.0.215.71 Illegal user ident from 210.0.215.71 Illegal user
webpop from 210.0.215.71 Illegal user susan from 210.0.215.71 Illegal
user sunny from 210.0.215.71 Illegal user steven from 210.0.215.71
Illegal user ssh from 210.0.215.71 Illegal user search from
210.0.215.71 Illegal user sara from 210.0.215.71 Illegal user robert
from 210.0.215.71 Illegal user richard from 210.0.215.71 Illegal user
party from 210.0.215.71 Illegal user sgi from 210.0.215.71 Illegal
user users from 210.0.215.71 Illegal user admins from 210.0.215.71
Illegal user admins from 210.0.215.71 Illegal user dean from
210.0.215.71 Illegal user unknown from 210.0.215.71 Illegal user
securityagent from 210.0.215.71 Illegal user tokend from 210.0.215.71
Illegal user windowserver from 210.0.215.71 Illegal user appowner from
210.0.215.71 Illegal user xgridagent from 210.0.215.71 Illegal user
agent from 210.0.215.71 Illegal user xgridcontroller from 210.0.215.71
Illegal user jabber from 210.0.215.71 Illegal user amavisd from
210.0.215.71 Illegal user clamav from 210.0.215.71 Illegal user
appserver from 210.0.215.71 Illegal user cyrusimap from 210.0.215.71
Illegal user qtss from 210.0.215.71 Illegal user eppc from
210.0.215.71 Illegal user telnetd from 210.0.215.71 Illegal user
identd from 210.0.215.71 Illegal user gnats from 210.0.215.71 Illegal
user staff from 82.233.255.16 Illegal user sales from 82.233.255.16
Illegal user recruit from 82.233.255.16 Illegal user office from
82.233.255.16 Illegal user samba from 82.233.255.16 Illegal user
tomcat from 82.233.255.16 Illegal user webadmin from 82.233.255.16
Illegal user spam from 82.233.255.16 Illegal user virus from
82.233.255.16 Illegal user test from 211.242.212.100 Illegal user
guest from 211.242.212.100 Illegal user admin from 211.242.212.100
Illegal user admin from 211.242.212.100 Illegal user user from
211.242.212.100 Illegal user test from 211.242.212.100 Illegal user
staff from 61.131.89.97 Illegal user sales from 61.131.89.97 Illegal
user recruit from 61.131.89.97 Illegal user admin from 84.249.184.35
Illegal user test from 84.249.184.35 Illegal user guest from
84.249.184.35 Illegal user webmaster from 84.249.184.35 Illegal user
test from 212.116.148.154 Illegal user test from 212.116.148.154
Illegal user test from 212.116.148.154 Illegal user test from
212.116.148.154 Illegal user test from 212.116.148.154 Illegal user
test from 212.116.148.154 Illegal user test from 212.116.148.154
Illegal user test from 212.116.148.154 Illegal user test from
212.116.148.154 Illegal user test from 212.116.148.154 Illegal user
test from 212.116.148.154 Illegal user test from 212.116.148.154
Illegal user test from 212.116.148.154 Illegal user test from
212.116.148.154 Illegal user test from 212.116.148.154 Illegal user
tester from 212.116.148.154 Illegal user tester from 212.116.148.154
Illegal user tester from 212.116.148.154 Illegal user tester from
212.116.148.154 Illegal user tester from 212.116.148.154 Illegal user
tester from 212.116.148.154 Illegal user tester from 212.116.148.154
Illegal user tester from 212.116.148.154 Illegal user tester from
212.116.148.154 Illegal user tester from 212.116.148.154 Illegal user
tester from 212.116.148.154 Illegal user tester from 212.116.148.154
Illegal user tester from 212.116.148.154 Illegal user tester from
212.116.148.154 Illegal user tester from 212.116.148.154 Illegal user
testing from 212.116.148.154 Illegal user testing from 212.116.148.154
Illegal user testing from 212.116.148.154 Illegal user testing from
212.116.148.154 Illegal user testing from 212.116.148.154 Illegal user
testing from 212.116.148.154 Illegal user testing from 212.116.148.154
Illegal user testing from 212.116.148.154 Illegal user testing from
212.116.148.154 Illegal user testing from 212.116.148.154 Illegal user
testing from 212.116.148.154 Illegal user testing from 212.116.148.154
Illegal user testing from 212.116.148.154 Illegal user testing from
212.116.148.154 Illegal user testing from 212.116.148.154 Illegal user
testbox from 212.116.148.154 Illegal user guest from 212.116.148.154
Illegal user guest from 212.116.148.154 Illegal user guest from
212.116.148.154 Illegal user guest from 212.116.148.154 Illegal user
guest from 212.116.148.154 Illegal user guest from 212.116.148.154
Illegal user guest from 212.116.148.154 Illegal user guest from
212.116.148.154 Illegal user guest from 212.116.148.154 Illegal user
guest from 212.116.148.154 Illegal user guest from 212.116.148.154
Illegal user guest from 212.116.148.154 Illegal user guest from
212.116.148.154 Illegal user guest from 212.116.148.154 Illegal user
account from 212.116.148.154 Illegal user account from 212.116.148.154
Illegal user admissions from 212.116.148.154 Illegal user admissions
from 212.116.148.154 Illegal user admin from 212.116.148.154 Illegal
user admin from 212.116.148.154 Illegal user admin from
212.116.148.154 Illegal user admin from 212.116.148.154 Illegal user
admin from 212.116.148.154 Illegal user admin from 212.116.148.154
Illegal user admin from 212.116.148.154 Illegal user admin from
212.116.148.154 Illegal user admin from 212.116.148.154 Illegal user
admin from 212.116.148.154 Illegal user admin from 212.116.148.154
Illegal user admin from 212.116.148.154 Illegal user admin from
212.116.148.154 Illegal user admin from 212.116.148.154 Illegal user
admin from 212.116.148.154 Illegal user admin from 212.116.148.154
Illegal user administrator from 212.116.148.154 Illegal user
administrator from 212.116.148.154 Illegal user administrator from
212.116.148.154 Illegal user administrator from 212.116.148.154
Illegal user administrator from 212.116.148.154 Illegal user alumni
from 212.116.148.154 Illegal user alumni from 212.116.148.154 Illegal
user apache2 from 212.116.148.154 Illegal user apache2 from
212.116.148.154 Illegal user apache2 from 212.116.148.154 Illegal user
apache2 from 212.116.148.154 Illegal user backup from 212.116.148.154
Illegal user backup from 212.116.148.154 Illegal user bind from
212.116.148.154 Illegal user bind from 212.116.148.154 Illegal user
build from 212.116.148.154 Illegal user build from 212.116.148.154
Illegal user canna from 212.116.148.154 Illegal user canna from
212.116.148.154 Illegal user clamav from 212.116.148.154 Illegal user
clamav from 212.116.148.154 Illegal user class from 212.116.148.154
Illegal user class from 212.116.148.154 Illegal user class2004 from
212.116.148.154 Illegal user class2005 from 212.116.148.154 Illegal
user cpanel from 212.116.148.154 Illegal user cpanel from
212.116.148.154 Illegal user cvs from 212.116.148.154 Illegal user cvs
from 212.116.148.154 Illegal user cvsuser from 212.116.148.154 Illegal
user cvsuser from 212.116.148.154 Illegal user dbadmin from
212.116.148.154
---------------------- SSHD End -------------------------
###################### LogWatch End #########################
--
FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab
Unsubscribe: kirim email ke [EMAIL PROTECTED]
Arsip dan info milis selengkapnya di http://linux.or.id/milis
