/usr/src/csf
Dec 15 10:55:18 pegasus kernel: Firewall: *UDP_IN Blocked* IN=eth1 OUT= MAC=00:1a:4b:de:41:02:00:15:62:4a:39:80:08:00 SRC=7.6.5.4 DST=1.2.3.4 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=42240 DF PROTO=UDP SPT=3708 DPT=53 WINDOW=17520 RES=0x00 ACK URGP=0 Apr 30 16:41:23 worg sshd[31378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2001:0:5ef5:73ba:204a:1a20:a83d:337c user=root Apr 30 16:41:25 worg sshd[31378]: Failed password for root from 2604:a880:0800:0010:0000:0000:0970:a001 port 52182 ssh2 193.168.254.89 - webumake [08/11/2014:20:12:19 -0000] "POST /login/?login_only=1 HTTP/1.1" FAILED LOGIN cpaneld: access denied for root, reseller, and user password Jun 15 17:19:38 test sshd[1]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.201.78.12 user=test Dec 1 03:27:28 mx sshd[743]: Failed none for mxadmin from 151.99.255.8 port 4321 ssh2 Sep 15 02:00:30 sol sshd[16364]: Failed password for invalid user test from ::ffff:61.167.1.1 port 53382 ssh2 Oct 15 07:41:16 localhost sshd[15184]: Failed password for bob from 21.2.3.6 port 41501 ssh2 Nov 4 18:40:28 localhost sshd[17588]: Failed password for illegal user admin from 210.127.243.85 May 11 22:08:34 salle sshd[5543]: Failed keyboard-interactive/pam for invalid user abdukrahman from 62.206.22.124 port 50525 ssh2 May 11 22:08:34 salle sshd[5543]: Failed keyboard-interactive for abdukrahman from 62.206.22.124 port 50525 ssh2 Jan 27 04:02:48 localhost sshd[23914]: Invalid user jordan from 67.15.40.2 Nov 4 18:40:28 localhost sshd[12424]: User root from 2607:f0d0:1002:81::2 not allowed because not listed in AllowUsers Nov 4 18:40:28 localhost sshd[12424]: User root from 1.2.3.4 not allowed because not listed in AllowUsers Nov 4 18:40:28 localhost sshd[17588]: Illegal user admin from 210.127.243.86 Nov 4 18:40:28 localhost sshd[17588]: Illegal user admin from 210.127.243.87 Nov 4 18:40:28 localhost sshd[17588]: Illegal user admin from 210.127.243.88 Nov 4 18:40:28 localhost sshd[17588]: Illegal user admin from 210.127.243.89 Nov 4 18:40:28 localhost sshd[17588]: Illegal user admin from 210.127.243.80 Jul 6 14:57:00 tux sshd[19136]: error: PAM: Authentication failure for andrew from 1.2.3.4 Apr 23 21:57:40 dns2 pop3d: LOGIN FAILED, user=info@mydomain.com, ip=[::ffff:99.2.33.4] Apr 23 21:57:40 dns2 imapd: LOGIN FAILED, user=info@mydomain.eu, ip=[::ffff:18.22.3.4] Nov 25 17:12:15 webmail ipop3d[4920]: Login failed user=mailuser auth=mailuser host=ntserver.domain.com [192.168.0.3] Nov 25 17:12:15 webmail imapd[4920]: Login failed user=mailuser auth=mailuser host=ntserver.domain.com [192.168.0.3] Jan 17 10:45:40 elct dovecot: pop3-login: Aborted login: user=<ismail>, method=PLAIN, rip=1.2.3.4, lip=127.0.0.1, secured Jan 17 10:45:40 elct dovecot: imap-login: Aborted login: user=<ismail>, method=PLAIN, rip=1.2.3.4, lip=127.0.0.1, secured Nov 01 06:43:09 pop3-login: Info: Aborted login (auth failed, 1 attempts): user=<administrator>, method=PLAIN, rip=110.234.127.52, lip=x.x.y.z Nov 01 06:43:09 imap-login: Info: Aborted login (auth failed, 1 attempts): user=<administrator>, method=PLAIN, rip=110.234.127.52, lip=x.x.y.z [04/Dec/2008 10:55:09] POP3: Invalid password for user joel<_a.t_>company.com. Attempt from IP address 76.235.150.55 [04/Dec/2008 10:59:36] POP3: User company\joel<_a.t_>kerio.company.com doesn't exist. Attempt from IP address 10.17.28.50 [04/Dec/2008 10:55:09] IMAP: Invalid password for user joel<_a.t_>company.com. Attempt from IP address 76.235.150.55 [04/Dec/2008 10:59:36] IMAP: User company\joel<_a.t_>kerio.company.com doesn't exist. Attempt from IP address 10.17.28.50 May 1 10:31:48 worg pure-ftpd: (?@2001_0_5ef5_73ba_204a_1a20_a83d_337c) [WARNING] Authentication failed for user [bob] Mar 28 09:06:31 homer pure-ftpd: (?@1.2.3.4) [WARNING] Authentication failed for user [bosshelp] May 31 10:53:14 mail proftpd[15302]: xxxxxxxxxx (2607:f0d0:1002:81::2[2607:f0d0:1002:81::2]) - no such user 'alpha' May 31 10:53:14 mail proftpd[15302]: xxxxxxxxxx (::ffff:192.168.0.213[::ffff:192.168.0.213]) - no such user 'alpha' May 31 10:53:14 mail proftpd[15302]: xxxxxxxxxx (::ffff:192.168.0.213[::ffff:192.168.0.213]) - USER alpha: no such user found from ::ffff:192.168.0.213 [::ffff:192.168.0.213] to ::ffff:192.168.0.210:21 May 31 10:53:14 mail proftpd[15302]: xxxxxxxxxx (::ffff:192.168.0.213[::ffff:192.168.0.213]) - SECURITY VIOLATION May 31 10:52:54 mail proftpd[15302]: xxxxxxxxxx (::ffff:192.168.0.213[::ffff:192.168.0.213]) - USER lee (Login failed): Incorrect password. Apr 28 17:21:52 server1.local proftpd[53084] server1.local (118.244.187.123[118.244.187.123]): USER kitchenstewardship: no such user found from 118.244.187.123 [118.244.187.123] to 107.1.17.5:21 May 1 12:43:17 vps vsftpd(pam_unix)[11377]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=72.232.10.66 user=mysql [Sun Apr 25 17:51:52 2014] [error] [client 2607:f0d0:1002:81::2] user lowrian not found: /admin/file_manager.php [Mon Sep 24 17:48:41 2007] [error] [client 87.113.94.100] user lowrian not found: /admin/file_manager.php [Thu Feb 03 13:04:23 2005] [error] [client 12.34.56.78] user firstuser: authentication failure for "/svn/!svn/act/74436339-4e10-0930-acb9-a38e2fadb293": Password Mismatch [Tue Feb 25 15:51:13.383454 2014] [auth_basic:error] [pid 604443] [client 192.168.254.10:16381] AH01618: user bob not found: /pwd/ [Tue Feb 25 08:54:26.294882 2014] [access_compat:error] [pid 12873] [client 188.143.234.4:3177] AH01797: client denied by server configuration: /home/conblog/public_html/wp-content/plugins/islidex [Tue Feb 25 16:27:36.533596 2014] [:error] [pid 6024] [client 24.238.73.15:35271] File does not exist: /home/webumake/public_html/external.php 2010/09/09 19:46:46 [error] 5596#560: *3 user "aaa": password mismatch, client: 9.183.126.52, server: myserver, request: "GET /shortlog/d6b56cc4c6d1 HTTP/1.1", host: "myhost" 2012/08/25 10:07:01 [error] 5866#0: *1 no user/password was provided for basic authentication, client: 196.5.5.6, server: localhost, request: "GET /pma HTTP/1.1", host: "localhost:81" 2012/08/25 10:07:04 [error] 5866#0: *1 user "ajfkla" was not found in "/etc/nginx/htpasswd", client: 127.0.0.1, server: localhost, request: "GET /pma HTTP/1.1", host: "localhost:81" 2011/08/31 13:01:19 [error] 6541#0: *5 user "bob" was not found in "/etc/nginx/htpasswd", client: 196.5.5.5, server: myserver, request: "GET / HTTP/1.1", host: "myhost" [Sat May 01 10:52:46 2014] [error] [client 94.41.178.204] ModSecurity: Access denied with code 403 (phase 2). Pattern match "indy library" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/conf/modsec/20_asl_useragents.conf"] [line "174"] [id "330036"] [rev "1"] [msg "Atomicorp.com - FREE UNSUPPORTED DELAYED FEED - WAF Rules: Suspicious User agent detected"] [severity "CRITICAL"] [hostname "forum.configserver.com"] [uri "/register.php"] [unique_id "S9v57lUNw@sAAFHNRgAAAAAE"] [Wed Feb 29 08:25:19 2014] [error] [client 178.137.167.112] ModSecurity: Access denied with code 406 (phase 2). File "/tmp/20140229-082519-T03g71UNwkgAAEH7pVAAAAAO-file-fnVKf3" rejected by the approver script "/etc/cxs/cxscgi.sh": 0 [file "/usr/local/apache/conf/modsec2.user.conf"] [line "6"] [id "1010101"] [severity "CRITICAL"] [hostname "www.kalyr.com"] [uri "/weblog//wp-content/plugins/1-flash-gallery/upload.php"] [unique_id "T03g71UNwkgAAEH7pVAAAAAO"] [Tue Jul 23 10:40:41.122319 2014] [:error] [pid 7199] [client 199.168.254.10] ModSecurity: Access denied with code 406 (phase 2). File "/tmp/20140723-104034-Ue5PksCo-jwAABwfei0AAAAA-file-v3XRcU" rejected by the approver script "/etc/cxs/cxscgi.sh": 0 [file "/usr/local/apache/conf/modsec2.user.conf"] [line "4"] [id "1010101"] [severity "CRITICAL"] [hostname "www.webumake.net"] [uri "/uptest/test.php"] [unique_id "Ue5PksCo-jwAABwfei0AAAAA"] [Wed Feb 29 09:13:30 2014] [error] [client 216.129.118.139] mod_qos(045): access denied, invalid request line: can't parse uri, c=216.129.118.139, id=T03sOlUNwkgAAFzhznAAAAAK May 23 17:26:43 dnsonly webmin[2317]: Invalid login as root from 199.168.254.10 May 23 17:26:51 dnsonly webmin[2319]: Successful login as root from 199.168.254.10 DA: 2014:07:07-11:08:13: '6.6.6.6' 2 failed login attempts. Account 'admin' 2014:05:08-01:40:09: '198.168.0.1' 15 failed login attempt on account 'test' Apr 30 13:34:12 server named[3100]: client 2607:f0d0:1002:81::2#3147: update 'configserver.org/IN' denied Apr 30 13:34:12 server named[3100]: client 66.98.212.33#3147: update 'configserver.org/IN' denied 2009-03-25 15:59:33 fixed_login authenticator failed for localhost (domain.com) [1.2.3.4]: 535 Incorrect authentication data (set_id=user@domain.com) May 1 11:25:57 server pop3d-ssl: LOGIN, user=sales@waytotheweb.com, ip=[::ffff:82.10.53.229], port=[64420] May 1 11:25:57 server pop3d-ssl: LOGIN, user=sales@waytotheweb.com, ip=[2607:f0d0:1002:81::10], port=[64420] May 1 15:12:59 homer dovecot: pop3-login: Login: user=<sales@webumake.net>, method=PLAIN, rip=196.168.254.40, lip=196.168.254.71 May 1 15:24:35 homer sshd[7155]: Accepted publickey for root from 192.168.254.4 port 57306 ssh2 May 1 15:26:09 worg sshd[27196]: Accepted publickey for root from 2001:0:5ef5:73ba:204a:1a20:a83d:337c port 57415 ssh2 Apr 14 05:40:32 worg kernel: Firewall: *TCP_IN Blocked* IN=eth1 OUT= MAC=00:30:48:5b:41:6f:00:1a:30:38:90:00:08:00 SRC=60.50.78.146 DST=75.126.194.219 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=13875 DF PROTO=TCP SPT=4345 DPT=23 WINDOW=5808 RES=0x00 SYN URGP=0 Apr 30 16:00:20 worg kernel: Firewall: *TCP6_IN Blocked* IN=eth1 OUT= MAC=00:30:48:5b:41:6f:00:1a:30:38:90:00:86:dd SRC=2001:0000:5ef5:73ba:204a:1a20:a83d:337c DST=2607:f0d0:1002:0081:0000:0000:0000:0002 LEN=72 TC=0 HOPLIMIT=122 FLOWLBL=0 PROTO=TCP SPT=51117 DPT=8822 WINDOW=8192 RES=0x00 SYN URGP=0 Apr 21 16:48:33 homer pure-ftpd: (?@196.168.254.4) [INFO] webumake@webumake.net is now logged in Apr 21 16:16:29 da proftpd[2817]: da.webumake.net (::ffff:196.168.254.4[::ffff:192.168.254.4]) - USER webumake: Login successful. Sep 11 09:11:47 homer kernel: Knock: *587_IN* IN=eth0 OUT= MAC=08:00:27:c7:3b:e5:00:26:18:ef:37:2e:08:00 SRC=192.168.254.4 DST=192.168.254.71 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=28467 DF PROTO=TCP SPT=50756 DPT=587 WINDOW=8192 RES=0x00 SYN URGP=0 [Mon Mar 18 11:27:02 2014] [error] [client 5.79.3.49] Caught race condition abuser. attacker: 506, victim: 0 open file owner: 0, open file: /home/config/public_html/build/configserver [Tue Feb 25 11:17:19.971626 2014] [core:error] [pid 28127] [client 217.40.166.113:34338] Caught race condition abuser. attacker: 542, victim: 0 open file owner: 0, open file: /usr/local/cpanel/img-sys/bg.jpg 2014-05-24 17:11:09 cwd=/home/webumake/public_html/has space 3 args: /usr/sbin/sendmail -t -i 2014-05-15 10:54:19 1Ucfu7-0007IT-3b H=localhost (starfish.arvixe.com) [127.0.0.1]:48531 Warning: Mail From: 8mm\342\230\272 Network <support@8mmsmile.com> System user: guruayy This message was sent via script. The details are as follows: SCRIPT_FILENAME=/home/guruayy/public_html/live/index.php REQUEST_URI=/index.php?do=/admincp/user/browse/view_pending/page_0/ PWD=/home/guruayy/public_html/live REMOTE_ADDR=70.215.67.177 2014-09-12 03:06:40 SMTP call from (zhuyuan.cn) [222.185.244.195]:59693 dropped: too many syntax or protocol errors (last command was " by 222.222.222.2 with ESMTP") Courier IMAP Mar 10 09:19:32 web3 courier-imapd: LOGIN FAILED, user=user@example.com, ip=[::ffff:68.148.104.146] Mar 10 11:49:19 web3 courier-pop3d: LOGIN FAILED, user=user@example.com, ip=[::ffff:72.172.109.25] Qmail SMTP AUTH Mar 10 14:17:40 web1 smtp_auth: FAILED: user@example.com - password incorrect from host81-138-18-4.in-addr.btopenworld.com [81.138.18.4] Postfix SMTP_AUTH Mar 11 04:11:24 plesk115 postfix/smtpd[2520]: warning: unknown[192.168.1.113]: SASL PLAIN authentication failed: authentication failure Mar 11 04:11:24 plesk115 postfix/smtpd[2520]: warning: unknown[192.168.1.113]: SASL LOGIN authentication failed: authentication failure Sep 21 23:52:03 server01 postfix/smtpd[26732]: warning: dslb-088-073-067-2.pools.arcor-ip.net[88.73.67.12]: SASL LOGIN authentication failed Feb 11 12:11:34 hostname postfix/smtpd[113557]: warning: trusted[1.2.3.4]: SASL PLAIN authentication failed: authentication failure [18-Sep-2023 11:01:56 +0000]: IMAP Error: Login failed for martynas from 78.62.57.226. AUTHENTICATE PLAIN: Authentication failed. in /var/www/html/roundcubemail-1.0.2/program/lib/Roundcube/rcube_imap.php on line 184 (POST /roundcube/?_task=login?_task=login&_action=login) [18-Sep-2023 11:02:11 +0000]: IMAP Error: Login failed for jonathan@configserver.com from 78.62.57.226. AUTHENTICATE PLAIN: Authentication failed. in /var/www/html/roundcubemail-1.0.2/program/lib/Roundcube/rcube_imap.php on line 184 (POST /roundcube/?_task=login?_task=login&_action=login) 09/18/2014 11:03:08 [LOGIN_ERROR] jonathan@configserver.com (martynas.it) from 78.62.57.226: Unknown user or password incorrect. Sep 18 11:03:58:: pma auth user='jonathan_whmcs' status='mysql-denied' ip='78.62.57.226' 2014-06-04 17:05:35 dovecot_login authenticator failed for chirpy.configserver.com ([192.168.254.4]) [87.194.204.131]:63622: 535 Incorrect authentication data (set_id=sales@waytotheweb.com) 2014-06-04 17:07:08 [16223] dovecot_plain authenticator failed for chirpy.configserver.com ([192.168.254.4]) [87.194.204.131]:63708 I=[85.13.195.235]:465: 535 Incorrect authentication data (set_id=sales@waytotheweb.com)
.
Edit
..
Edit
.gitattributes
Edit
ConfigServer
Edit
Crypt
Edit
HTTP
Edit
JSON
Edit
Module
Edit
Net
Edit
accounttracking.txt
Edit
alert.txt
Edit
apache.http.txt
Edit
apache.https.txt
Edit
apache.main.txt
Edit
apf_stub.pl
Edit
auto.cwp.pl
Edit
auto.cyberpanel.pl
Edit
auto.directadmin.pl
Edit
auto.generic.pl
Edit
auto.interworx.pl
Edit
auto.pl
Edit
auto.vesta.pl
Edit
changelog.txt
Edit
connectiontracking.txt
Edit
consolealert.txt
Edit
cpanel
Edit
cpanel.allow
Edit
cpanel.comodo.allow
Edit
cpanel.comodo.ignore
Edit
cpanel.ignore
Edit
cpanelalert.txt
Edit
csf
Edit
csf.1.txt
Edit
csf.allow
Edit
csf.blocklists
Edit
csf.c
Edit
csf.cloudflare
Edit
csf.conf
Edit
csf.cwp.allow
Edit
csf.cwp.conf
Edit
csf.cwp.ignore
Edit
csf.cwp.pignore
Edit
csf.cyberpanel.allow
Edit
csf.cyberpanel.conf
Edit
csf.cyberpanel.ignore
Edit
csf.cyberpanel.pignore
Edit
csf.deny
Edit
csf.directadmin.allow
Edit
csf.directadmin.conf
Edit
csf.directadmin.ignore
Edit
csf.directadmin.pignore
Edit
csf.dirwatch
Edit
csf.div
Edit
csf.dyndns
Edit
csf.fignore
Edit
csf.generic.allow
Edit
csf.generic.conf
Edit
csf.generic.ignore
Edit
csf.generic.pignore
Edit
csf.help
Edit
csf.ignore
Edit
csf.interworx.allow
Edit
csf.interworx.conf
Edit
csf.interworx.ignore
Edit
csf.interworx.pignore
Edit
csf.logfiles
Edit
csf.logignore
Edit
csf.mignore
Edit
csf.pignore
Edit
csf.pl
Edit
csf.rblconf
Edit
csf.rbls
Edit
csf.redirect
Edit
csf.resellers
Edit
csf.rignore
Edit
csf.service
Edit
csf.sh
Edit
csf.signore
Edit
csf.sips
Edit
csf.smtpauth
Edit
csf.suignore
Edit
csf.syslogs
Edit
csf.syslogusers
Edit
csf.uidignore
Edit
csf.vesta.allow
Edit
csf.vesta.conf
Edit
csf.vesta.ignore
Edit
csf.vesta.pignore
Edit
csfajaxtail.js
Edit
csfcron.sh
Edit
csftest.pl
Edit
csget.pl
Edit
cwp
Edit
cyberpanel
Edit
da
Edit
downloadservers
Edit
exploitalert.txt
Edit
filealert.txt
Edit
forkbombalert.txt
Edit
install.cpanel.sh
Edit
install.cwp.sh
Edit
install.cyberpanel.sh
Edit
install.directadmin.sh
Edit
install.generic.sh
Edit
install.interworx.sh
Edit
install.sh
Edit
install.txt
Edit
install.vesta.sh
Edit
integrityalert.txt
Edit
interworx
Edit
lfd.logrotate
Edit
lfd.pl
Edit
lfd.service
Edit
lfd.sh
Edit
lfdcron.directadmin.sh
Edit
lfdcron.sh
Edit
license.txt
Edit
litespeed.http.txt
Edit
litespeed.https.txt
Edit
litespeed.main.txt
Edit
loadalert.txt
Edit
logalert.txt
Edit
logfloodalert.txt
Edit
messenger
Edit
migratedata.sh
Edit
modsecipdbalert.txt
Edit
netblock.txt
Edit
os.pl
Edit
perf.sh
Edit
permblock.txt
Edit
portknocking.txt
Edit
portscan.txt
Edit
processtracking.txt
Edit
profiles
Edit
pt_deleted_action.pl
Edit
queuealert.txt
Edit
readme.txt
Edit
recaptcha.txt
Edit
regex.custom.pm
Edit
regex.txt
Edit
relayalert.txt
Edit
remove_apf_bfd.sh
Edit
resalert.txt
Edit
reselleralert.txt
Edit
restricted.txt
Edit
sanity.txt
Edit
scriptalert.txt
Edit
sshalert.txt
Edit
sualert.txt
Edit
sudoalert.txt
Edit
syslogalert.txt
Edit
tracking.txt
Edit
ui
Edit
uialert.txt
Edit
uidscan.txt
Edit
uninstall.cwp.sh
Edit
uninstall.cyberpanel.sh
Edit
uninstall.directadmin.sh
Edit
uninstall.generic.sh
Edit
uninstall.interworx.sh
Edit
uninstall.sh
Edit
uninstall.vesta.sh
Edit
upgrade.txt
Edit
usertracking.txt
Edit
version
Edit
version.txt
Edit
vestacp
Edit
watchalert.txt
Edit
webmin
Edit
webminalert.txt
Edit
x-arf.txt
Edit