Attaque sur mon serveur?Fermé

Question

Bonjour, 

suite a une coupure d'apache apres un enorme ralentissement sur mon serveur centos, j'ai lu mes logs et je trouve enormement de lignes etranges.
Je suis debutant dans la gestion d'un serveur dédié donc je me retrouve sur ce forum pour demander de l'aide.
Voici les lignes en question (il y en a comme ca au moins 250 avec different user):
Aug 15 11:51:57 s15379412 postfix/smtpd[27920]: sql_sqlite3 plugin: no result found
Aug 15 11:51:57 s15379412 postfix/smtpd[27920]: sql_sqlite3 plugin prepare SQL statement for query 'SELECT 'cmusaslsecretCRAM-MD5' FROM domains d, users u WHERE u.name='manager' and d.name='s15379412.onlineh$
Aug 15 11:51:58 s15379412 postfix/smtpd[27920]: sql_sqlite3 plugin: no result found
Aug 15 11:51:58 s15379412 postfix/smtpd[27920]: sql_sqlite3 plugin prepare SQL statement for query 'SELECT 'cmusaslsecretCRAM-MD5' FROM domains d, users u WHERE u.name='manager' and d.name='s15379412.onlineh$
Aug 15 11:52:02 s15379412 postfix/smtpd[27920]: sql_sqlite3 plugin: no result found
Aug 15 11:52:02 s15379412 postfix/smtpd[27920]: sql_sqlite3 plugin prepare SQL statement for query 'SELECT 'cmusaslsecretCRAM-MD5' FROM domains d, users u WHERE u.name='manager' and d.name='s15379412.onlineh$
Aug 15 11:52:07 s15379412 postfix/smtpd[27920]: sql_sqlite3 plugin: no result found
Aug 15 11:52:07 s15379412 postfix/smtpd[27920]: sql_sqlite3 plugin prepare SQL statement for query 'SELECT 'cmusaslsecretCRAM-MD5' FROM domains d, users u WHERE u.name='manager' and d.name='s15379412.onlineh$
Aug 15 11:52:12 s15379412 postfix/smtpd[27920]: sql_sqlite3 plugin: no result found
Aug 15 11:52:12 s15379412 postfix/smtpd[27920]: sql_sqlite3 plugin prepare SQL statement for query 'SELECT 'cmusaslsecretCRAM-MD5' FROM domains d, users u WHERE u.name='manager' and d.name='s15379412.onlineh$
Aug 15 11:52:17 s15379412 postfix/smtpd[27920]: sql_sqlite3 plugin: no result found
Aug 15 11:52:17 s15379412 postfix/smtpd[27920]: sql_sqlite3 plugin prepare SQL statement for query 'SELECT 'cmusaslsecretCRAM-MD5' FROM domains d, users u WHERE u.name='manager' and d.name='s15379412.onlineh$
Aug 15 11:52:22 s15379412 postfix/smtpd[27920]: sql_sqlite3 plugin: no result found
Aug 15 11:52:22 s15379412 postfix/smtpd[27920]: sql_sqlite3 plugin prepare SQL statement for query 'SELECT 'cmusaslsecretCRAM-MD5' FROM domains d, users u WHERE u.name='manager' and d.name='s15379412.onlineh$
Aug 15 11:52:27 s15379412 postfix/smtpd[27920]: sql_sqlite3 plugin: no result found
Aug 15 11:52:27 s15379412 postfix/smtpd[27920]: sql_sqlite3 plugin prepare SQL statement for query 'SELECT 'cmusaslsecretCRAM-MD5' FROM domains d, users u WHERE u.name='manager' and d.name='s15379412.onlineh$
Aug 15 11:52:32 s15379412 postfix/smtpd[27920]: sql_sqlite3 plugin: no result found
Aug 15 11:52:32 s15379412 postfix/smtpd[27920]: sql_sqlite3 plugin prepare SQL statement for query 'SELECT 'cmusaslsecretCRAM-MD5' FROM domains d, users u WHERE u.name='manager' and d.name='s15379412.onlineh$
Aug 15 11:52:36 s15379412 postfix/smtpd[27920]: sql_sqlite3 plugin: no result found
Aug 15 11:52:36 s15379412 postfix/smtpd[27920]: sql_sqlite3 plugin prepare SQL statement for query 'SELECT 'cmusaslsecretCRAM-MD5' FROM domains d, users u WHERE u.name='manager' and d.name='s15379412.onlineh$
Aug 15 11:52:41 s15379412 postfix/smtpd[27920]: sql_sqlite3 plugin: no result found
Aug 15 11:52:41 s15379412 postfix/smtpd[27920]: sql_sqlite3 plugin prepare SQL statement for query 'SELECT 'cmusaslsecretCRAM-MD5' FROM domains d, users u WHERE u.name='manager' and d.name='s15379412.onlineh$
Aug 15 11:52:46 s15379412 postfix/smtpd[27920]: sql_sqlite3 plugin: no result found
Aug 15 11:52:46 s15379412 postfix/smtpd[27920]: sql_sqlite3 plugin prepare SQL statement for query 'SELECT 'cmusaslsecretCRAM-MD5' FROM domains d, users u WHERE u.name='manager' and d.name='s15379412.onlineh$
Aug 15 11:52:51 s15379412 postfix/smtpd[28177]: sql_sqlite3 plugin: no result found
Aug 15 11:52:51 s15379412 postfix/smtpd[28177]: sql_sqlite3 plugin prepare SQL statement for query 'SELECT 'cmusaslsecretCRAM-MD5' FROM domains d, users u WHERE u.name='manager' and d.name='s15379412.onlineh$
Aug 15 11:52:52 s15379412 postfix/smtpd[28177]: sql_sqlite3 plugin: no result found
Aug 15 11:52:52 s15379412 postfix/smtpd[28177]: sql_sqlite3 plugin prepare SQL statement for query 'SELECT 'cmusaslsecretCRAM-MD5' FROM domains d, users u WHERE u.name='manager' and d.name='s15379412.onlineh$
Aug 15 11:52:54 s15379412 postfix/smtpd[28177]: sql_sqlite3 plugin: no result found
Aug 15 11:52:54 s15379412 postfix/smtpd[28177]: sql_sqlite3 plugin prepare SQL statement for query 'SELECT 'cmusaslsecretCRAM-MD5' FROM domains d, users u WHERE u.name='manager' and d.name='s15379412.onlineh$
Aug 15 11:52:56 s15379412 postfix/smtpd[28177]: sql_sqlite3 plugin: no result found
Aug 15 11:52:56 s15379412 postfix/smtpd[28177]: sql_sqlite3 plugin prepare SQL statement for query 'SELECT 'cmusaslsecretCRAM-MD5' FROM domains d, users u WHERE u.name='manager' and d.name='s15379412.onlineh$
Aug 15 11:52:58 s15379412 postfix/smtpd[28177]: sql_sqlite3 plugin: no result found
Aug 15 11:52:58 s15379412 postfix/smtpd[28177]: sql_sqlite3 plugin prepare SQL statement for query 'SELECT 'cmusaslsecretCRAM-MD5' FROM domains d, users u WHERE u.name='manager' and d.name='s15379412.onlineh$
Aug 15 11:53:00 s15379412 postfix/smtpd[28177]: sql_sqlite3 plugin: no result found
Aug 15 11:53:00 s15379412 postfix/smtpd[28177]: sql_sqlite3 plugin prepare SQL statement for query 'SELECT 'cmusaslsecretCRAM-MD5' FROM domains d, users u WHERE u.name='manager' and d.name='s15379412.onlineh$
Aug 15 11:53:02 s15379412 postfix/smtpd[28177]: sql_sqlite3 plugin: no result found
Aug 15 11:53:02 s15379412 postfix/smtpd[28177]: sql_sqlite3 plugin prepare SQL statement for query 'SELECT 'cmusaslsecretCRAM-MD5' FROM domains d, users u WHERE u.name='manager' and d.name='s15379412.onlineh$
Aug 15 11:53:04 s15379412 postfix/smtpd[28177]: sql_sqlite3 plugin: no result found
Aug 15 11:53:04 s15379412 postfix/smtpd[28177]: sql_sqlite3 plugin prepare SQL statement for query 'SELECT 'cmusaslsecretCRAM-MD5' FROM domains d, users u WHERE u.name='manager' and d.name='s15379412.onlineh$
Aug 15 11:53:05 s15379412 postfix/smtpd[28177]: sql_sqlite3 plugin: no result found
Aug 15 11:53:05 s15379412 postfix/smtpd[28177]: sql_sqlite3 plugin prepare SQL statement for query 'SELECT 'cmusaslsecretCRAM-MD5' FROM domains d, users u WHERE u.name='alex' and d.name='s15379412.onlinehome$
Aug 15 11:53:07 s15379412 postfix/smtpd[28177]: sql_sqlite3 plugin: no result found
Aug 15 11:53:07 s15379412 postfix/smtpd[28177]: sql_sqlite3 plugin prepare SQL statement for query 'SELECT 'cmusaslsecretCRAM-MD5' FROM domains d, users u WHERE u.name='alex' and d.name='s15379412.onlinehome$
Aug 15 11:53:11 s15379412 postfix/smtpd[28177]: sql_sqlite3 plugin: no result found
Aug 15 11:53:11 s15379412 postfix/smtpd[28177]: sql_sqlite3 plugin prepare SQL statement for query 'SELECT 'cmusaslsecretCRAM-MD5' FROM domains d, users u WHERE u.name='alex' and d.name='s15379412.onlinehome$
Aug 15 11:53:16 s15379412 postfix/smtpd[28177]: sql_sqlite3 plugin: no result found
Aug 15 11:53:16 s15379412 postfix/smtpd[28177]: sql_sqlite3 plugin prepare SQL statement for query 'SELECT 'cmusaslsecretCRAM-MD5' FROM domains d, users u WHERE u.name='alex' and d.name='s15379412.onlinehome$
Aug 15 11:53:21 s15379412 postfix/smtpd[28177]: sql_sqlite3 plugin: no result found
Aug 15 11:53:21 s15379412 postfix/smtpd[28177]: sql_sqlite3 plugin prepare SQL statement for query 'SELECT 'cmusaslsecretCRAM-MD5' FROM domains d, users u WHERE u.name='alex' and d.name='s15379412.onlinehome$
Aug 15 11:53:26 s15379412 postfix/smtpd[28177]: sql_sqlite3 plugin: no result found
Aug 15 11:53:26 s15379412 postfix/smtpd[28177]: sql_sqlite3 plugin prepare SQL statement for query 'SELECT 'cmusaslsecretCRAM-MD5' FROM domains d, users u WHERE u.name='alex' and d.name='s15379412.onlinehome$
Aug 15 11:53:31 s15379412 postfix/smtpd[28177]: sql_sqlite3 plugin: no result found
Aug 15 11:53:31 s15379412 postfix/smtpd[28177]: sql_sqlite3 plugin prepare SQL statement for query 'SELECT 'cmusaslsecretCRAM-MD5' FROM domains d, users u WHERE u.name='alex' and d.name='s15379412.onlinehome$
Aug 15 11:53:36 s15379412 postfix/smtpd[28177]: sql_sqlite3 plugin: no result found
Aug 15 11:53:36 s15379412 postfix/smtpd[28177]: sql_sqlite3 plugin prepare SQL statement for query 'SELECT 'cmusaslsecretCRAM-MD5' FROM domains d, users u WHERE u.name='alex' and d.name='s15379412.onlinehome$
Aug 15 11:53:40 s15379412 postfix/smtpd[28177]: sql_sqlite3 plugin: no result found

Configuration: Windows Vista / Internet Explorer 8.0

nicolas · Answer

j'ai oublié de préciser une chose qui m'inquiète encore plus:
certaine ligne le plugin retourne un resultat et la comme par hasard j'ai une connection ftp de 0sec juste apres :


Aug 15 14:03:44 s15379412 postfix/smtpd[28177]: sql_sqlite3 plugin prepare SQL statement for query 'SELECT 'cmusaslsecretCRAM-MD5' FROM domains d, users u WHERE u.name='power' and d.name='s15379412.onlinehom$
Aug 15 10:03:47 s15379412 xinetd[3599]: START: ftp pid=932 from=95.xxx.xx.xxx
Aug 15 10:03:47 s15379412 proftpd[932]: s15379412.onlinehome-server.info (95.xxx.xx.xxx[95.xxx.xx.xxx]) - FTP session opened.
Aug 15 10:03:47 s15379412 proftpd[932]: s15379412.onlinehome-server.info (95.xxx.xx.xxx[95.xxx.xx.xxx]) - FTP session closed.
Aug 15 10:03:47 s15379412 xinetd[3599]: EXIT: ftp status=0 pid=932 duration=0(sec)

nicolas · Answer

je me permet un up

Attaque sur mon serveur?

2 réponses

Discussions similaires

Newsletters