HI Folks, watchlog send me this report and its concerned me a lot how to secure more my centos 6.5 and how to decrease these attacks any help is appreciated Code: ################### Logwatch 7.3.6 (05/19/07) #################### Processing Initiated: Tue Feb 18 03:26:03 2014 Date Range Processed: yesterday ( 2014-Feb-17 ) Period is day. Detail Level of Output: 0 Type of Output: unformatted Logfiles for Host: mail.domain.com ################################################################## --------------------- Dovecot Begin ------------------------ Dovecot disconnects: Logged out: 510 Time(s) no auth attempts: 17 Time(s) no reason: 8 Time(s) ---------------------- Dovecot End ------------------------- --------------------- httpd Begin ------------------------ A total of 4 sites probed the server 112.209.216.194 213.100.98.237 24.207.137.245 24.4.12.213 A total of 1 possible successful probes were detected (the following URLs contain strings that match one or more of a listing of strings that indicate a possible exploit): null HTTP Response 200 Requests with error response codes 403 Forbidden /a2/: 1 Time(s) 404 Not Found /HNAP1/: 5 Time(s) /cgi-bin/php-cgi?%2D%64+%61%6C%6C%6F%77%5F ... 76%3D%30+%2D%6E: 1 Time(s) /cgi-bin/php.cgi?%2D%64+%61%6C%6C%6F%77%5F ... 76%3D%30+%2D%6E: 1 Time(s) /cgi-bin/php4?%2D%64+%61%6C%6C%6F%77%5F%75 ... 76%3D%30+%2D%6E: 1 Time(s) /cgi-bin/php5?%2D%64+%61%6C%6C%6F%77%5F%75 ... 76%3D%30+%2D%6E: 1 Time(s) /cgi-bin/php?%2D%64+%61%6C%6C%6F%77%5F%75% ... 76%3D%30+%2D%6E: 1 Time(s) /cgi-bin/rtpd.cgi?/bin/busybox: 1 Time(s) /images/gallery/6.jpg: 1 Time(s) /images/slide4.jpg: 1 Time(s) /login.php: 2 Time(s) /myadmin/scripts/setup.php: 6 Time(s) /phpMyAdmin/scripts/setup.php: 6 Time(s) /phpTest/zologize/axa.php: 6 Time(s) /pma/scripts/setup.php: 6 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ remote: Authentication Failures: unknown (190.147.33.102): 27 Time(s) unknown (catv-176-63-171-125.catv.broadband.hu): 27 Time(s) root (190.147.33.102): 24 Time(s) root (catv-176-63-171-125.catv.broadband.hu): 24 Time(s) Invalid Users: Unknown Account: 54 Time(s) sshd: Authentication Failures: unknown (212.118.226.133): 3195 Time(s) root (212.118.226.133): 503 Time(s) root (119.10.116.156): 27 Time(s) unknown (119.10.116.156): 27 Time(s) root (193.219.98.9): 18 Time(s) unknown (58.221.114.3): 14 Time(s) apache (212.118.226.133): 3 Time(s) bin (119.10.116.156): 3 Time(s) ftp (212.118.226.133): 3 Time(s) games (212.118.226.133): 3 Time(s) mail (212.118.226.133): 3 Time(s) mysql (212.118.226.133): 3 Time(s) operator (212.118.226.133): 3 Time(s) postmaster (212.118.226.133): 3 Time(s) sarah (212.118.226.133): 3 Time(s) service (212.118.226.133): 3 Time(s) squid (212.118.226.133): 3 Time(s) sshd (119.10.116.156): 3 Time(s) unknown (103.5.126.201): 3 Time(s) john (212.118.226.133): 2 Time(s) sync (212.118.226.133): 2 Time(s) unknown (193.219.98.9): 2 Time(s) sshd (212.118.226.133): 1 Time(s) Invalid Users: Unknown Account: 3276 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 4 *Warning: Pre-queue content-filter connection overload 14 Miscellaneous warnings 16.195K Bytes accepted 16,584 16.195K Bytes delivered 16,584 ======== ================================================ 3 Accepted 30.00% 7 Rejected 70.00% -------- ------------------------------------------------ 10 Total 100.00% ======== ================================================ 7 Reject relay denied 100.00% -------- ------------------------------------------------ 7 Total Rejects 100.00% ======== ================================================ 13 Connections made 13 Disconnections 3 Removed from queue 2 Delivered 1 Sent via SMTP 1 Deferred 6 Deferrals 1 Connection failure (outbound) ---------------------- Postfix End ------------------------- --------------------- Connections (secure-log) Begin ------------------------ New Users: ericwebster (516) New Groups: ericwebster (516) Failed logins: User admin: 190.147.33.102: 21 Time(s) catv-176-63-171-125.catv.broadband.hu: 21 Time(s) User cusadmin: 190.147.33.102: 6 Time(s) catv-176-63-171-125.catv.broadband.hu: 6 Time(s) User root: 190.147.33.102: 24 Time(s) catv-176-63-171-125.catv.broadband.hu: 24 Time(s) **Unmatched Entries** login: FAILED LOGIN SESSION FROM 190.147.33.102 FOR (null), Error in service module: 1 Time(s) login: pam_securetty(remote:auth): access denied: tty 'pts/0' is not secure !: 34 Time(s) login: pam_securetty(remote:auth): access denied: tty 'pts/1' is not secure !: 34 Time(s) login: pam_securetty(remote:auth): access denied: tty 'pts/2' is not secure !: 34 Time(s) login: pam_securetty(remote:auth): cannot determine username: 3 Time(s) login: pam_succeed_if(remote:auth): error retrieving user name: Conversation error: 3 Time(s) ---------------------- Connections (secure-log) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: admin : 7 Time(s) Failed logins from: 119.10.116.156: 33 times 193.219.98.9: 18 times 212.118.226.133: 538 times Illegal users from: 58.221.114.3: 56 times 103.5.126.201: 3 times 119.10.116.156: 27 times 193.219.98.9: 2 times 212.118.226.133: 3195 times Users logging in through sshd: x: 41.137.74.142: 3 times 41.137.68.200: 2 times 41.137.74.34: 1 time Received disconnect: 11: Bye Bye : 3807 Time(s) SFTP subsystem requests: 2 Time(s) **Unmatched Entries** PAM service(sshd) ignoring max retries; 5 > 3 : 7 time(s) PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.221.114.3 : 7 time(s) PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.221.114.3 : 7 time(s) ---------------------- SSHD End ------------------------- --------------------- Sudo (secure-log) Begin ------------------------ ============================================================================== user => root -------------- /bin/bash - 4 Times. /etc/init.d/squid - 6 Times. ---------------------- Sudo (secure-log) End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/vda1 5.0G 1.8G 3.0G 37% / ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################