Hi, since one day, all the domains of my ISPConfig 3 server are not accessible. I can access to my server only through the IP address. I can login to the ISPConfig panel. I need help Any log from my server : Mail-queue : Data from: 2009-06-15 09:15 -Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient------- BD0BD84C299 3821 Sat Jun 13 13:18:39 [email protected] (host mail-1.domain.ch[194.124.254.5] said: 450 : Sender address rejected: MX or A record not found (in reply to RCPT TO command)) [email protected] (host mail.nell.ch[213.196.180.49] said: 450 Domain in Reverse-Path resolves to an invalid IP address (in reply to RCPT TO command)) [email protected] -- 5 Kbytes in 1 Request. Mail-log Jun 15 08:54:38 ks354764 amavis[4046]: Internal decoder for .zip Jun 15 08:54:38 ks354764 amavis[4046]: No decoder for .7z tried: 7zr, 7za, 7z Jun 15 08:54:38 ks354764 amavis[4046]: No decoder for .rar Jun 15 08:54:38 ks354764 amavis[4046]: Found decoder for .arj at /usr/bin/arj Jun 15 08:54:38 ks354764 amavis[4046]: Found decoder for .arc at /usr/bin/nomarch Jun 15 08:54:38 ks354764 amavis[4046]: Found decoder for .zoo at /usr/bin/zoo Jun 15 08:54:38 ks354764 amavis[4046]: No decoder for .lha Jun 15 08:54:38 ks354764 amavis[4046]: No decoder for .doc tried: ripole Jun 15 08:54:38 ks354764 amavis[4046]: Found decoder for .cab at /usr/bin/cabextract Jun 15 08:54:38 ks354764 amavis[4046]: No decoder for .tnef Jun 15 08:54:38 ks354764 amavis[4046]: Internal decoder for .tnef Jun 15 08:54:38 ks354764 amavis[4046]: Found decoder for .exe at /usr/bin/arj Jun 15 08:54:38 ks354764 amavis[4046]: Using primary internal av scanner code for ClamAV-clamd Jun 15 08:54:38 ks354764 amavis[4046]: Using primary internal av scanner code for check-jpeg Jun 15 08:54:38 ks354764 amavis[4046]: Found secondary av scanner ClamAV-clamscan at /usr/bin/clamscan Jun 15 08:54:38 ks354764 amavis[4046]: Creating db in /var/lib/amavis/db/; BerkeleyDB 0.34, libdb 4.6 Jun 15 08:54:42 ks354764 spamd[4162]: logger: removing stderr method Jun 15 08:54:46 ks354764 spamd[4201]: spamd: server started on port 783/tcp (running version 3.2.5) Jun 15 08:54:46 ks354764 spamd[4201]: spamd: server pid: 4201 Jun 15 08:54:46 ks354764 spamd[4201]: spamd: server successfully spawned child process, pid 4467 Jun 15 08:54:46 ks354764 spamd[4201]: spamd: server successfully spawned child process, pid 4468 Jun 15 08:54:46 ks354764 spamd[4201]: prefork: child states: II Jun 15 08:54:48 ks354764 authdaemond: modules="authmysql", daemons=5 Jun 15 08:54:48 ks354764 authdaemond: Installing libauthmysql Jun 15 08:54:48 ks354764 authdaemond: Installation complete: authmysql Jun 15 08:54:50 ks354764 postfix/master[4693]: daemon started -- version 2.5.5, configuration /etc/postfix Jun 15 08:55:02 ks354764 imapd: Connection, ip=[::ffff:127.0.0.1] Jun 15 08:55:02 ks354764 pop3d: Connection, ip=[::ffff:127.0.0.1] Jun 15 08:55:02 ks354764 pop3d: Disconnected, ip=[::ffff:127.0.0.1] Jun 15 08:55:02 ks354764 imapd: Disconnected, ip=[::ffff:127.0.0.1], time=0 Jun 15 08:55:03 ks354764 postfix/smtpd[4967]: connect from localhost.localdomain[127.0.0.1] Jun 15 08:55:03 ks354764 postfix/smtpd[4967]: lost connection after CONNECT from localhost.localdomain[127.0.0.1] Jun 15 08:55:03 ks354764 postfix/smtpd[4967]: disconnect from localhost.localdomain[127.0.0.1] Jun 15 09:00:02 ks354764 pop3d: Connection, ip=[::ffff:127.0.0.1] Jun 15 09:00:02 ks354764 pop3d: Disconnected, ip=[::ffff:127.0.0.1] Jun 15 09:00:02 ks354764 imapd: Connection, ip=[::ffff:127.0.0.1] Jun 15 09:00:02 ks354764 imapd: Disconnected, ip=[::ffff:127.0.0.1], time=0 Jun 15 09:00:02 ks354764 postfix/smtpd[5324]: connect from localhost.localdomain[127.0.0.1] Jun 15 09:00:02 ks354764 postfix/smtpd[5324]: lost connection after CONNECT from localhost.localdomain[127.0.0.1] Jun 15 09:00:02 ks354764 postfix/smtpd[5324]: disconnect from localhost.localdomain[127.0.0.1] Jun 15 09:03:37 ks354764 postfix/smtpd[21616]: connect from unknown[190.254.240.79] Jun 15 09:03:38 ks354764 postfix/smtpd[21616]: 6A7BE84C28D: client=unknown[190.254.240.79] Jun 15 09:03:41 ks354764 postfix/cleanup[21626]: 6A7BE84C28D: message-id=<000d01c9ed87$646eca40$6400a8c0@shtickqaya167> Jun 15 09:03:41 ks354764 postfix/qmgr[4706]: 6A7BE84C28D: from=, size=1098, nrcpt=1 (queue active) Jun 15 09:03:42 ks354764 postfix/smtpd[21616]: disconnect from unknown[190.254.240.79] Jun 15 09:03:43 ks354764 postfix/smtpd[21631]: connect from localhost.localdomain[127.0.0.1] Jun 15 09:03:43 ks354764 postfix/smtpd[21631]: 8D5D584C298: client=localhost.localdomain[127.0.0.1] Jun 15 09:03:43 ks354764 postfix/cleanup[21626]: 8D5D584C298: message-id=<000d01c9ed87$646eca40$6400a8c0@shtickqaya167> Jun 15 09:03:43 ks354764 postfix/qmgr[4706]: 8D5D584C298: from=, size=1565, nrcpt=1 (queue active) Jun 15 09:03:43 ks354764 amavis[4300]: (04300-01) Passed CLEAN, [190.254.240.79] [190.254.240.79] -> , Message-ID: <000d01c9ed87$646eca40$6400a8c0@shtickqaya167>, mail_id: tmducoDf5Qx2, Hits: 17.284, size: 1098, queued_as: 8D5D584C298, 1897 ms Jun 15 09:03:43 ks354764 postfix/smtp[21627]: 6A7BE84C28D: to=, relay=127.0.0.1[127.0.0.1]:10024, delay=5.2, delays=3.3/0.04/0.02/1.9, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=04300-01, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 8D5D584C298) Jun 15 09:03:43 ks354764 postfix/qmgr[4706]: 6A7BE84C28D: removed Jun 15 09:03:43 ks354764 postfix/pipe[21633]: 8D5D584C298: to=, orig_to=, relay=maildrop, delay=0.24, delays=0.03/0.03/0/0.18, dsn=2.0.0, status=sent (delivered via maildrop service) Jun 15 09:03:43 ks354764 postfix/qmgr[4706]: 8D5D584C298: removed Jun 15 09:05:02 ks354764 postfix/smtpd[21616]: connect from localhost.localdomain[127.0.0.1] Jun 15 09:05:02 ks354764 postfix/smtpd[21616]: lost connection after CONNECT from localhost.localdomain[127.0.0.1] Jun 15 09:05:02 ks354764 postfix/smtpd[21616]: disconnect from localhost.localdomain[127.0.0.1] Jun 15 09:05:02 ks354764 pop3d: Connection, ip=[::ffff:127.0.0.1] Jun 15 09:05:02 ks354764 pop3d: Disconnected, ip=[::ffff:127.0.0.1] Jun 15 09:05:02 ks354764 imapd: Connection, ip=[::ffff:127.0.0.1] Jun 15 09:05:02 ks354764 imapd: Disconnected, ip=[::ffff:127.0.0.1], time=0 Jun 15 09:06:05 ks354764 postfix/smtpd[21616]: warning: 88.241.161.227: hostname dsl88.241-41443.ttnet.net.tr verification failed: Name or service not known Jun 15 09:06:05 ks354764 postfix/smtpd[21616]: connect from unknown[88.241.161.227] Jun 15 09:06:06 ks354764 postfix/smtpd[21616]: 9910984C28D: client=unknown[88.241.161.227] Jun 15 09:06:06 ks354764 postfix/cleanup[21885]: 9910984C28D: message-id= Jun 15 09:06:07 ks354764 postfix/qmgr[4706]: 9910984C28D: from=, size=5764, nrcpt=1 (queue active) Jun 15 09:06:07 ks354764 postfix/smtpd[21616]: disconnect from unknown[88.241.161.227] Jun 15 09:06:08 ks354764 postfix/smtpd[21890]: connect from localhost.localdomain[127.0.0.1] Jun 15 09:06:08 ks354764 postfix/smtpd[21890]: 7399D84C298: client=localhost.localdomain[127.0.0.1] Jun 15 09:06:08 ks354764 postfix/cleanup[21885]: 7399D84C298: message-id= Jun 15 09:06:08 ks354764 postfix/qmgr[4706]: 7399D84C298: from=, size=6259, nrcpt=1 (queue active) Jun 15 09:06:08 ks354764 postfix/pipe[21892]: 7399D84C298: to=, orig_to=, relay=maildrop, delay=0.08, delays=0.02/0.02/0/0.03, dsn=2.0.0, status=sent (delivered via maildrop service) Jun 15 09:06:08 ks354764 postfix/qmgr[4706]: 7399D84C298: removed Jun 15 09:06:08 ks354764 amavis[4302]: (04302-01) Passed CLEAN, [88.241.161.227] [88.241.161.227] -> , Message-ID: , mail_id: KGbJbt6we-2h, Hits: 9.574, size: 5755, queued_as: 7399D84C298, 1446 ms Jun 15 09:06:08 ks354764 postfix/smtp[21886]: 9910984C28D: to=, relay=127.0.0.1[127.0.0.1]:10024, delay=2.3, delays=0.85/0.01/0.01/1.4, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=04302-01, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 7399D84C298) Jun 15 09:06:08 ks354764 postfix/qmgr[4706]: 9910984C28D: removed Jun 15 09:08:43 ks354764 postfix/smtpd[21631]: timeout after END-OF-MESSAGE from localhost.localdomain[127.0.0.1] Jun 15 09:08:43 ks354764 postfix/smtpd[21631]: disconnect from localhost.localdomain[127.0.0.1] Jun 15 09:09:27 ks354764 postfix/anvil[21618]: statistics: max connection rate 1/60s for (smtp:190.254.240.79) at Jun 15 09:03:37 Jun 15 09:09:27 ks354764 postfix/anvil[21618]: statistics: max connection count 1 for (smtp:190.254.240.79) at Jun 15 09:03:37 Jun 15 09:09:27 ks354764 postfix/anvil[21618]: statistics: max cache size 1 at Jun 15 09:03:37 Jun 15 09:10:01 ks354764 pop3d: Connection, ip=[::ffff:127.0.0.1] Jun 15 09:10:01 ks354764 pop3d: Disconnected, ip=[::ffff:127.0.0.1] Jun 15 09:10:01 ks354764 imapd: Connection, ip=[::ffff:127.0.0.1] Jun 15 09:10:01 ks354764 imapd: Disconnected, ip=[::ffff:127.0.0.1], time=0 Jun 15 09:10:02 ks354764 postfix/smtpd[22111]: connect from localhost.localdomain[127.0.0.1] Jun 15 09:10:02 ks354764 postfix/smtpd[22111]: lost connection after CONNECT from localhost.localdomain[127.0.0.1] Jun 15 09:10:02 ks354764 postfix/smtpd[22111]: disconnect from localhost.localdomain[127.0.0.1] Jun 15 09:11:08 ks354764 postfix/smtpd[21890]: timeout after END-OF-MESSAGE from localhost.localdomain[127.0.0.1] Jun 15 09:11:08 ks354764 postfix/smtpd[21890]: disconnect from localhost.localdomain[127.0.0.1] Jun 15 09:11:26 ks354764 postfix/smtpd[22111]: connect from unknown[77.235.37.205] Jun 15 09:11:26 ks354764 postfix/smtpd[22111]: lost connection after CONNECT from unknown[77.235.37.205] Jun 15 09:11:26 ks354764 postfix/smtpd[22111]: disconnect from unknown[77.235.37.205] Jun 15 09:14:46 ks354764 postfix/anvil[22178]: statistics: max connection rate 1/60s for (smtp:77.235.37.205) at Jun 15 09:11:26 Jun 15 09:14:46 ks354764 postfix/anvil[22178]: statistics: max connection count 1 for (smtp:77.235.37.205) at Jun 15 09:11:26 Jun 15 09:14:46 ks354764 postfix/anvil[22178]: statistics: max cache size 1 at Jun 15 09:11:26 Jun 15 09:15:01 ks354764 pop3d: Connection, ip=[::ffff:127.0.0.1] Jun 15 09:15:01 ks354764 pop3d: Disconnected, ip=[::ffff:127.0.0.1] Jun 15 09:15:01 ks354764 imapd: Connection, ip=[::ffff:127.0.0.1] Jun 15 09:15:01 ks354764 imapd: Disconnected, ip=[::ffff:127.0.0.1], time=0 System-log Jun 15 08:54:31 ks354764 kernel: usb usb3: configuration #1 chosen from 1 choice Jun 15 08:54:31 ks354764 kernel: hub 3-0:1.0: USB hub found Jun 15 08:54:31 ks354764 kernel: hub 3-0:1.0: 3 ports detected Jun 15 08:54:31 ks354764 kernel: ohci_hcd 0000:00:03.2: enabling device (0100 -> 0102) Jun 15 08:54:31 ks354764 kernel: ohci_hcd 0000:00:03.2: PCI INT C -> GSI 22 (level, low) -> IRQ 22 Jun 15 08:54:31 ks354764 kernel: ohci_hcd 0000:00:03.2: OHCI Host Controller Jun 15 08:54:31 ks354764 kernel: ohci_hcd 0000:00:03.2: new USB bus registered, assigned bus number 4 Jun 15 08:54:31 ks354764 kernel: ohci_hcd 0000:00:03.2: irq 22, io mem 0x4a102000 Jun 15 08:54:31 ks354764 kernel: usb usb4: configuration #1 chosen from 1 choice Jun 15 08:54:31 ks354764 kernel: hub 4-0:1.0: USB hub found Jun 15 08:54:31 ks354764 kernel: hub 4-0:1.0: 2 ports detected Jun 15 08:54:31 ks354764 kernel: USB Universal Host Controller Interface driver v3.0 Jun 15 08:54:31 ks354764 kernel: Initializing USB Mass Storage driver... Jun 15 08:54:31 ks354764 kernel: usbcore: registered new interface driver usb-storage Jun 15 08:54:31 ks354764 kernel: USB Mass Storage support registered. Jun 15 08:54:31 ks354764 kernel: usbcore: registered new interface driver libusual Jun 15 08:54:31 ks354764 kernel: PNP: No PS/2 controller found. Probing ports directly. Jun 15 08:54:31 ks354764 kernel: serio: i8042 KBD port at 0x60,0x64 irq 1 Jun 15 08:54:31 ks354764 kernel: serio: i8042 AUX port at 0x60,0x64 irq 12 Jun 15 08:54:31 ks354764 kernel: mice: PS/2 mouse device common for all mice Jun 15 08:54:31 ks354764 kernel: rtc_cmos 00:02: rtc core: registered rtc_cmos as rtc0 Jun 15 08:54:31 ks354764 kernel: rtc0: alarms up to one month Jun 15 08:54:31 ks354764 kernel: coretemp coretemp.0: Using relative temperature scale! Jun 15 08:54:31 ks354764 kernel: w83627ehf: Found W83627DHG chip at 0x290 Jun 15 08:54:31 ks354764 kernel: Software Watchdog Timer: 0.07 initialized. soft_noboot=0 soft_margin=60 sec (nowayout= 0) Jun 15 08:54:31 ks354764 kernel: md: linear personality registered for level -1 Jun 15 08:54:31 ks354764 kernel: md: raid0 personality registered for level 0 Jun 15 08:54:31 ks354764 kernel: md: raid1 personality registered for level 1 Jun 15 08:54:31 ks354764 kernel: md: raid10 personality registered for level 10 Jun 15 08:54:31 ks354764 kernel: raid6: int64x1 1104 MB/s Jun 15 08:54:31 ks354764 kernel: raid6: int64x2 1515 MB/s Jun 15 08:54:31 ks354764 kernel: raid6: int64x4 1410 MB/s Jun 15 08:54:31 ks354764 kernel: raid6: int64x8 1075 MB/s Jun 15 08:54:31 ks354764 kernel: raid6: sse2x1 2027 MB/s Jun 15 08:54:31 ks354764 kernel: raid6: sse2x2 2282 MB/s Jun 15 08:54:31 ks354764 kernel: raid6: sse2x4 3468 MB/s Jun 15 08:54:31 ks354764 kernel: raid6: using algorithm sse2x4 (3468 MB/s) Jun 15 08:54:31 ks354764 kernel: md: raid6 personality registered for level 6 Jun 15 08:54:31 ks354764 kernel: md: raid5 personality registered for level 5 Jun 15 08:54:31 ks354764 kernel: md: raid4 personality registered for level 4 Jun 15 08:54:31 ks354764 kernel: md: multipath personality registered for level -4 Jun 15 08:54:31 ks354764 kernel: md: faulty personality registered for level -5 Jun 15 08:54:31 ks354764 kernel: device-mapper: ioctl: 4.14.0-ioctl (2008-04-23) initialised: [email protected] Jun 15 08:54:31 ks354764 kernel: device-mapper: multipath: version 1.0.5 loaded Jun 15 08:54:31 ks354764 kernel: device-mapper: multipath round-robin: version 1.0.0 loaded Jun 15 08:54:31 ks354764 kernel: No iBFT detected. Jun 15 08:54:31 ks354764 kernel: usbcore: registered new interface driver usbkbd Jun 15 08:54:31 ks354764 kernel: usbkbd: :USB HID Boot Protocol keyboard driver Jun 15 08:54:31 ks354764 kernel: usbcore: registered new interface driver usbmouse Jun 15 08:54:31 ks354764 kernel: usbmouse: v1.6:USB HID Boot Protocol mouse driver Jun 15 08:54:31 ks354764 kernel: Netfilter messages via NETLINK v0.30. Jun 15 08:54:31 ks354764 kernel: nf_conntrack version 0.5.0 (8192 buckets, 32768 max) Jun 15 08:54:31 ks354764 kernel: CONFIG_NF_CT_ACCT is deprecated and will be removed soon. Plase use Jun 15 08:54:31 ks354764 kernel: nf_conntrack.acct=1 kernel paramater, acct=1 nf_conntrack module option or Jun 15 08:54:31 ks354764 kernel: sysctl net.netfilter.nf_conntrack_acct=1 to enable it. Jun 15 08:54:31 ks354764 kernel: ctnetlink v0.93: registering with nfnetlink. Jun 15 08:54:31 ks354764 kernel: IPv4 over IPv4 tunneling driver Jun 15 08:54:31 ks354764 kernel: GRE over IPv4 tunneling driver Jun 15 08:54:31 ks354764 kernel: ip_tables: (C) 2000-2006 Netfilter Core Team Jun 15 08:54:31 ks354764 kernel: ClusterIP Version 0.8 loaded successfully Jun 15 08:54:31 ks354764 kernel: TCP cubic registered Jun 15 08:54:31 ks354764 kernel: Initializing XFRM netlink socket Jun 15 08:54:31 ks354764 kernel: NET: Registered protocol family 17 Jun 15 08:54:31 ks354764 kernel: NET: Registered protocol family 15 Jun 15 08:54:31 ks354764 kernel: RPC: Registered udp transport module. Jun 15 08:54:31 ks354764 kernel: RPC: Registered tcp transport module. Jun 15 08:54:31 ks354764 kernel: 802.1Q VLAN Support v1.8 Ben Greear Jun 15 08:54:31 ks354764 kernel: All bugs added by David S. Miller Jun 15 08:54:31 ks354764 kernel: SCTP: Hash tables configured (established 65536 bind 65536) Jun 15 08:54:31 ks354764 kernel: rtc_cmos 00:02: setting system clock to 2009-06-15 06:52:18 UTC (1245048738) Jun 15 08:54:31 ks354764 kernel: md: Autodetecting RAID arrays. Jun 15 08:54:31 ks354764 kernel: md: Scanned 0 and added 0 devices. Jun 15 08:54:31 ks354764 kernel: md: autorun ... Jun 15 08:54:31 ks354764 kernel: md: ... autorun DONE. Jun 15 08:54:31 ks354764 kernel: EXT3-fs: INFO: recovery required on readonly filesystem. Jun 15 08:54:31 ks354764 kernel: EXT3-fs: write access will be enabled during recovery. Jun 15 08:54:31 ks354764 kernel: kjournald starting. Commit interval 5 seconds Jun 15 08:54:31 ks354764 kernel: EXT3-fs: sda1: orphan cleanup on readonly fs Jun 15 08:54:31 ks354764 kernel: EXT3-fs: sda1: 8 orphan inodes deleted Jun 15 08:54:31 ks354764 kernel: EXT3-fs: recovery complete. Jun 15 08:54:31 ks354764 kernel: EXT3-fs: mounted filesystem with ordered data mode. Jun 15 08:54:31 ks354764 kernel: VFS: Mounted root (ext3 filesystem) readonly. Jun 15 08:54:31 ks354764 kernel: Freeing unused kernel memory: 360k freed Jun 15 08:54:31 ks354764 kernel: Adding 522104k swap on /dev/sda2. Priority:-1 extents:1 across:522104k Jun 15 08:54:31 ks354764 kernel: EXT3 FS on sda1, internal journal Jun 15 08:54:31 ks354764 kernel: eth0: Media Link On 100mbps full-duplex Jun 15 08:54:31 ks354764 rsyslogd: [origin software="rsyslogd" swVersion="3.18.6" x-pid="3966" x-info="http://www.rsyslog.com"] restart Jun 15 08:54:50 ks354764 kernel: warning: `pure-ftpd-mysql' uses 32-bit capabilities (legacy support in use) Jun 15 08:55:02 ks354764 pure-ftpd: ([email protected]) [INFO] New connection from localhost.localdomain Jun 15 08:55:02 ks354764 pure-ftpd: ([email protected]) [INFO] Logout. Jun 15 09:00:02 ks354764 pure-ftpd: ([email protected]) [INFO] New connection from localhost.localdomain Jun 15 09:00:02 ks354764 pure-ftpd: ([email protected]) [INFO] Logout. Jun 15 09:05:02 ks354764 pure-ftpd: ([email protected]) [INFO] New connection from localhost.localdomain Jun 15 09:05:02 ks354764 pure-ftpd: ([email protected]) [INFO] Logout. Jun 15 09:10:01 ks354764 pure-ftpd: ([email protected]) [INFO] New connection from localhost.localdomain Jun 15 09:10:01 ks354764 pure-ftpd: ([email protected]) [INFO] Logout. Jun 15 09:15:01 ks354764 pure-ftpd: ([email protected]) [INFO] New connection from localhost.localdomain Jun 15 09:15:01 ks354764 pure-ftpd: ([email protected]) [INFO] Logout. Jun 15 09:20:01 ks354764 pure-ftpd: ([email protected]) [INFO] New connection from localhost.localdomain Jun 15 09:20:01 ks354764 pure-ftpd: ([email protected]) [INFO] Logout. fail2ban-log : 2009-06-14 06:25:42,344 fail2ban.server : INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.3 2009-06-14 06:25:42,346 fail2ban.jail : INFO Creating new jail 'ssh' 2009-06-14 06:25:42,346 fail2ban.jail : INFO Jail 'ssh' uses poller 2009-06-14 06:25:42,349 fail2ban.filter : INFO Added logfile = /var/log/auth.log 2009-06-14 06:25:42,351 fail2ban.filter : INFO Set maxRetry = 6 2009-06-14 06:25:42,355 fail2ban.filter : INFO Set findtime = 600 2009-06-14 06:25:42,356 fail2ban.actions: INFO Set banTime = 600 2009-06-14 06:25:42,524 fail2ban.jail : INFO Jail 'ssh' started 2009-06-14 06:25:52,945 fail2ban.filter : INFO Log rotation detected for /var/log/auth.log 2009-06-14 06:26:01,945 fail2ban.filter : INFO Log rotation detected for /var/log/auth.log 2009-06-14 08:21:13,709 fail2ban.actions: WARNING [ssh] Ban 69.64.38.17 2009-06-14 08:31:13,721 fail2ban.actions: WARNING [ssh] Unban 69.64.38.17 2009-06-14 11:00:34,909 fail2ban.actions: WARNING [ssh] Ban 200.181.118.120 2009-06-14 11:10:34,933 fail2ban.actions: WARNING [ssh] Unban 200.181.118.120 2009-06-14 12:03:10,005 fail2ban.actions: WARNING [ssh] Ban 190.196.68.162 2009-06-14 12:13:10,021 fail2ban.actions: WARNING [ssh] Unban 190.196.68.162 2009-06-15 00:08:46,501 fail2ban.actions: WARNING [ssh] Ban 190.196.68.162 2009-06-15 00:18:46,521 fail2ban.actions: WARNING [ssh] Unban 190.196.68.162 2009-06-15 04:22:55,653 fail2ban.actions: WARNING [ssh] Ban 91.199.22.117 2009-06-15 04:32:55,665 fail2ban.actions: WARNING [ssh] Unban 91.199.22.117 2009-06-15 04:41:01,677 fail2ban.actions: WARNING [ssh] Ban 216.146.46.93 2009-06-15 04:51:01,689 fail2ban.actions: WARNING [ssh] Unban 216.146.46.93 2009-06-15 05:00:39,725 fail2ban.actions: WARNING [ssh] Ban 216.146.46.93 2009-06-15 05:03:43,773 fail2ban.actions: WARNING [ssh] Ban 91.199.22.117 2009-06-15 05:10:39,785 fail2ban.actions: WARNING [ssh] Unban 216.146.46.93 2009-06-15 05:13:43,797 fail2ban.actions: WARNING [ssh] Unban 91.199.22.117 2009-06-15 08:54:54,505 fail2ban.server : INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.3 2009-06-15 08:54:54,514 fail2ban.jail : INFO Creating new jail 'ssh' 2009-06-15 08:54:54,514 fail2ban.jail : INFO Jail 'ssh' uses poller 2009-06-15 08:54:54,599 fail2ban.filter : INFO Added logfile = /var/log/auth.log 2009-06-15 08:54:54,601 fail2ban.filter : INFO Set maxRetry = 6 2009-06-15 08:54:54,604 fail2ban.filter : INFO Set findtime = 600 2009-06-15 08:54:54,606 fail2ban.actions: INFO Set banTime = 600 2009-06-15 08:54:54,980 fail2ban.jail : INFO Jail 'ssh' started RKHunter-log : [ Rootkit Hunter version 1.3.2 ] Checking rkhunter data files... Checking file mirrors.dat [ No update ] Checking file programs_bad.dat [ No update ] Checking file backdoorports.dat [ No update ] Checking file suspscan.dat [ No update ] Checking file i18n/cn [ No update ] Checking file i18n/en [ No update ] Checking file i18n/zh [ No update ] Checking file i18n/zh.utf8 [ No update ] Checking system commands... Performing 'strings' command checks Checking 'strings' command [ OK ] Performing 'shared libraries' checks Checking for preloading variables [ None found ] Checking for preload file [ Not found ] Checking LD_LIBRARY_PATH variable [ Not found ] Performing file properties checks Checking for prerequisites [ OK ] /bin/bash [ OK ] /bin/cat [ OK ] /bin/chmod [ OK ] /bin/chown [ OK ] /bin/cp [ OK ] /bin/date [ OK ] /bin/df [ OK ] /bin/dmesg [ OK ] /bin/echo [ OK ] /bin/ed [ OK ] /bin/egrep [ OK ] /bin/fgrep [ OK ] /bin/fuser [ OK ] /bin/grep [ OK ] /bin/ip [ OK ] /bin/kill [ OK ] /bin/login [ OK ] /bin/ls [ OK ] /bin/lsmod [ OK ] /bin/mktemp [ OK ] /bin/more [ OK ] /bin/mount [ OK ] /bin/mv [ OK ] /bin/netstat [ OK ] /bin/ps [ OK ] /bin/pwd [ OK ] /bin/readlink [ OK ] /bin/sed [ OK ] /bin/sh [ OK ] /bin/su [ OK ] /bin/touch [ OK ] /bin/uname [ OK ] /bin/which [ OK ] /usr/bin/awk [ Warning ] /usr/bin/basename [ OK ] /usr/bin/chattr [ OK ] /usr/bin/cut [ OK ] /usr/bin/diff [ OK ] /usr/bin/dirname [ OK ] /usr/bin/dpkg [ OK ] /usr/bin/dpkg-query [ OK ] /usr/bin/du [ OK ] /usr/bin/env [ OK ] /usr/bin/file [ OK ] /usr/bin/find [ OK ] /usr/bin/GET [ Warning ] /usr/bin/groups [ OK ] /usr/bin/head [ OK ] /usr/bin/id [ OK ] /usr/bin/killall [ OK ] /usr/bin/last [ OK ] /usr/bin/lastlog [ OK ] /usr/bin/ldd [ OK ] /usr/bin/less [ OK ] /usr/bin/locate [ OK ] /usr/bin/logger [ OK ] /usr/bin/lsattr [ OK ] /usr/bin/lsof [ OK ] /usr/bin/lynx [ OK ] /usr/bin/mail [ OK ] /usr/bin/md5sum [ OK ] /usr/bin/mlocate [ OK ] /usr/bin/newgrp [ OK ] /usr/bin/passwd [ OK ] /usr/bin/perl [ OK ] /usr/bin/pstree [ OK ] /usr/bin/rkhunter [ OK ] /usr/bin/runcon [ OK ] /usr/bin/sha1sum [ OK ] /usr/bin/size [ OK ] /usr/bin/sort [ OK ] /usr/bin/stat [ OK ] /usr/bin/strings [ OK ] /usr/bin/tail [ OK ] /usr/bin/test [ OK ] /usr/bin/top [ OK ] /usr/bin/touch [ OK ] /usr/bin/tr [ OK ] /usr/bin/uniq [ OK ] /usr/bin/users [ OK ] /usr/bin/vmstat [ OK ] /usr/bin/w [ OK ] /usr/bin/watch [ OK ] /usr/bin/wc [ OK ] /usr/bin/wget [ OK ] /usr/bin/whatis [ OK ] /usr/bin/whereis [ OK ] /usr/bin/which [ OK ] /usr/bin/who [ OK ] /usr/bin/whoami [ OK ] /usr/bin/gawk [ Warning ] /usr/bin/lwp-request [ Warning ] /usr/bin/lynx.cur [ OK ] /usr/bin/bsd-mailx [ OK ] /usr/bin/w.procps [ OK ] /sbin/depmod [ OK ] /sbin/ifconfig [ OK ] /sbin/ifdown [ OK ] /sbin/ifup [ OK ] /sbin/init [ OK ] /sbin/insmod [ OK ] /sbin/ip [ OK ] /sbin/lsmod [ OK ] /sbin/modinfo [ OK ] /sbin/modprobe [ OK ] /sbin/rmmod [ OK ] /sbin/runlevel [ OK ] /sbin/sulogin [ OK ] /sbin/sysctl [ OK ] /usr/sbin/adduser [ OK ] /usr/sbin/chroot [ OK ] /usr/sbin/cron [ OK ] /usr/sbin/groupadd [ OK ] /usr/sbin/groupdel [ OK ] /usr/sbin/groupmod [ OK ] /usr/sbin/grpck [ OK ] /usr/sbin/inetd [ OK ] /usr/sbin/nologin [ OK ] /usr/sbin/pwck [ OK ] /usr/sbin/rsyslogd [ OK ] /usr/sbin/tcpd [ OK ] /usr/sbin/unhide [ Warning ] /usr/sbin/useradd [ OK ] /usr/sbin/userdel [ OK ] /usr/sbin/usermod [ OK ] /usr/sbin/vipw [ OK ] /usr/sbin/unhide-linux26 [ Warning ] Checking for rootkits... Performing check of known rootkit files and directories 55808 Trojan - Variant A [ Not found ] ADM Worm [ Not found ] AjaKit Rootkit [ Not found ] aPa Kit [ Not found ] Apache Worm [ Not found ] Ambient (ark) Rootkit [ Not found ] Balaur Rootkit [ Not found ] BeastKit Rootkit [ Not found ] beX2 Rootkit [ Not found ] BOBKit Rootkit [ Not found ] CiNIK Worm (Slapper.B variant) [ Not found ] Danny-Boy's Abuse Kit [ Not found ] Devil RootKit [ Not found ] Dica-Kit Rootkit [ Not found ] Dreams Rootkit [ Not found ] Duarawkz Rootkit [ Not found ] Enye LKM [ Not found ] Flea Linux Rootkit [ Not found ] FreeBSD Rootkit [ Not found ] mess`it Rootkit [ Not found ] GasKit Rootkit [ Not found ] Heroin LKM [ Not found ] HjC Kit [ Not found ] ignoKit Rootkit [ Not found ] ImperalsS-FBRK Rootkit [ Not found ] Irix Rootkit [ Not found ] Kitko Rootkit [ Not found ] Knark Rootkit [ Not found ] Li0n Worm [ Not found ] Lockit / LJK2 Rootkit [ Not found ] Mood-NT Rootkit [ Not found ] MRK Rootkit [ Not found ] Ni0 Rootkit [ Not found ] Ohhara Rootkit [ Not found ] Optic Kit (Tux) Worm [ Not found ] Oz Rootkit [ Not found ] Phalanx Rootkit [ Not found ] Phalanx Rootkit (strings) [ Not found ] Portacelo Rootkit [ Not found ] R3dstorm Toolkit [ Not found ] RH-Sharpe's Rootkit [ Not found ] RSHA's Rootkit [ Not found ] Scalper Worm [ Not found ] Sebek LKM [ Not found ] Shutdown Rootkit [ Not found ] SHV4 Rootkit [ Not found ] SHV5 Rootkit [ Not found ] Sin Rootkit [ Not found ] Slapper Worm [ Not found ] Sneakin Rootkit [ Not found ] Suckit Rootkit [ Not found ] SunOS Rootkit [ Not found ] SunOS / NSDAP Rootkit [ Not found ] Superkit Rootkit [ Not found ] TBD (Telnet BackDoor) [ Not found ] TeLeKiT Rootkit [ Not found ] T0rn Rootkit [ Not found ] Trojanit Kit [ Not found ] Tuxtendo Rootkit [ Not found ] URK Rootkit [ Not found ] VcKit Rootkit [ Not found ] Volc Rootkit [ Not found ] X-Org SunOS Rootkit [ Not found ] zaRwT.KiT Rootkit [ Not found ] Performing additional rootkit checks Suckit Rookit additional checks [ OK ] Checking for possible rootkit files and directories [ None found ] Checking for possible rootkit strings [ None found ] Performing malware checks Checking running processes for suspicious files [ None found ] Checking for login backdoors [ None found ] Checking for suspicious directories [ None found ] Checking for sniffer log files [ None found ] Performing trojan specific checks Checking for enabled inetd services [ OK ] Checking for Apache backdoor [ Not found ] Performing Linux specific checks Checking kernel module commands [ Warning ] Checking kernel module names [ OK ] Checking the network... Performing checks on the network interfaces Checking for promiscuous interfaces [ None found ] Checking the local host... Performing system boot checks Checking for local host name [ Found ] Checking for local startup files [ Found ] Checking local startup files for malware [ None found ] Checking system startup files for malware [ None found ] Performing group and account checks Checking for passwd file [ Found ] Checking for root equivalent (UID 0) accounts [ None found ] Checking for passwordless accounts [ None found ] Checking for passwd file changes [ None found ] Checking for group file changes [ None found ] Checking root account shell history files [ OK ] Performing system configuration file checks Checking for SSH configuration file [ Found ] Checking if SSH root access is allowed [ Warning ] Checking if SSH protocol v1 is allowed [ Not allowed ] Checking for running syslog daemon [ Found ] Checking for syslog configuration file [ Found ] Checking if syslog remote logging is allowed [ Not allowed ] Performing filesystem checks Checking /dev for suspicious file types [ None found ] Checking for hidden files and directories [ None found ] Checking application versions... Checking version of GnuPG [ OK ] Checking version of Bind DNS [ OK ] Checking version of OpenSSL [ OK ] Checking version of PHP [ OK ] Checking version of OpenSSH [ OK ] System checks summary ===================== File properties checks... Files checked: 127 Suspect files: 6 Rootkit checks... Rootkits checked : 108 Possible rootkits: 0 Applications checks... Applications checked: 5 Suspect applications: 0 The system checks took: 1 minute and 27 seconds All results have been written to the logfile (/var/log/rkhunter.log) One or more warnings have been found while checking the system. Please check the log file (/var/log/rkhunter.log) Thanks in advance for your help.
Check the dns server of your domains which might be the dns server of your domain registry, the problem is not related to web mail or other daemons on your server.
ok but ok to check the dns server, but how can I do. I'm not an expert to setup a dns server. Thanks in advance.
