SrvReport

Täglicher Bericht vom 23.12.2004

Eintrag	Wert
Netzwerk Bericht	1.6G
Traffic via iptables	1.5G
CPU Auslastung	0.12
Web-Server	205.8M
FTP-Server	593.5K
FTP-Logs	35
Postfix	992.2K
Warnings	66
Überprüfung auf Rootkit	1
System information	-

Netzwerk Bericht


0	1	2	3	4	5	6	7	8	9	10	11	12	13	14	15	16	17	18	19	20	21	22	23

Stunde	In	Out	Summe
0	692.8K	5.9M	6.6M
1	40.4M	33.9M	74.3M
2	24.7M	21.8M	46.6M
3	40.3M	36.8M	77.1M
4	893.5K	5.5M	6.4M
5	342.5K	3.9M	4.2M
6	58.0M	715.9M	774.0M
7	21.5M	19.8M	41.4M
8	658.9K	9.1M	9.7M
9	45.7M	47.3M	93.0M
10	34.6M	45.0M	79.6M
11	729.6K	8.3M	9.1M

Stunde	In	Out	Summe
12	46.1M	43.6M	89.7M
13	25.1M	29.1M	54.2M
14	1014.8K	10.4M	11.4M
15	1.2M	24.6M	25.8M
16	39.3M	48.2M	87.5M
17	43.1M	42.5M	85.6M
18	1.9M	13.3M	15.2M
19	953.5K	10.1M	11.0M
20	976.6K	9.1M	10.1M
21	1.0M	7.6M	8.7M
22	30.3M	29.8M	60.1M
23	710.9K	3.2M	3.9M

Stunde	In	Out	Summe
Summe	460.1M	1.2G	1.6G

Traffic via iptables

Target	Bytes IN	Bytes OUT	Bytes Sum
www	10.6M	218.4M	229.1M
ftp	732.4K	182.3K	914.7K
ssh	213.6K	492.9K	706.4K
mail	1.4M	988.0K	2.3M
cvs	0	0	0
Andere	399.7M	943.7M	1.3G
Summe	412.6M	1.1G	1.5G

CPU Auslastung


0	1	2	3	4	5	6	7	8	9	10	11	12	13	14	15	16	17	18	19	20	21	22	23

Stunde	1. Quartal	2. Quartal	3. Quartal	4. Quartal	Durchschnitt
0	0.04	0.00	0.01	0.00	0.01
1	0.06	0.27	0.32	0.27	0.23
2	0.31	0.24	0.09	0.00	0.16
3	0.04	0.29	0.33	0.15	0.20
4	0.06	0.00	0.00	0.00	0.01
5	0.01	0.00	0.01	0.00	0.01
6	0.07	0.29	0.36	1.08	0.45
7	0.55	0.33	0.12	0.03	0.26
8	0.07	0.02	0.01	0.00	0.03
9	0.05	0.24	0.35	0.40	0.26
10	0.44	0.48	0.28	0.10	0.33
11	0.04	0.01	0.01	0.01	0.02
12	0.04	0.25	0.35	0.38	0.26
13	0.42	0.27	0.09	0.02	0.20
14	0.01	0.01	0.00	0.01	0.01
15	0.00	0.00	0.00	0.01	0.00
16	0.03	0.15	0.19	0.27	0.16
17	0.24	0.28	0.39	0.17	0.27
18	0.07	0.02	0.00	0.00	0.02
19	0.00	0.00	0.00	0.00	0.00
20	0.00	0.00	0.00	0.00	0.00
21	0.00	0.00	0.00	0.00	0.00
22	0.01	0.19	0.18	0.09	0.12
23	0.00	0.00	0.00	0.00	0.00

Web-Server


1	2	3	4	5	6	7	8	9	10	11	12	13	14	15	16	17	18	19	20	21	22	23	24	25	26	27	28	29	30	31	32	33	34	35	36	37	38	39	40	41

VHost	# bytes	# Anfragen	Status 2xx	Status 3xx	Status 4xx
1. www.domain1.de	32.4M	850	588	261	1
2. domain2.de	32.2M	4994	3663	1216	115
3. www.domain3.de	32.2M	729	594	75	60
4. www.domain4.de	22.6M	1003	689	230	84
5. blog.domain24.de	21.8M	924	795	52	77
6. www.domain5.de	18.9M	712	683	21	8
7. www.domain6.org	14.5M	684	374	258	52
8. www.kbfeed.net	7.1M	580	308	25	247
9. www.domain7.de	3.9M	704	415	229	60
10. www.domain9.de	2.9M	290	289	0	1
11. www.domain8.de	2.6M	231	187	37	7
12. srvreport.domain24.de	2.5M	175	147	3	25
13. www.domain24.de	2.2M	399	378	1	20
14. forum.domain10	1.8M	85	73	6	6
15. domain1.de	1.8M	104	71	30	3
16. www.domain11.de	1.0M	255	88	98	69
17. domain11.de	1.0M	140	71	60	9
18. www.domain12.de	915.8K	99	74	22	3
19. www.domain13.de	582.2K	101	71	27	3
20. jeremy.domain9.de	543.7K	41	18	4	19
21. www.domain14.de	524.6K	79	73	0	6
22. www.domain15.de	414.9K	59	19	37	3
23. domain5.de	336.0K	92	91	0	1
24. domain24.de	316.2K	80	80	0	0
25. www.domain16.de	297.8K	62	52	4	6
26. test.domain9.de	146.8K	22	20	0	2
27. www.uoe.domain10	100.1K	29	29	0	0
28. domain17.de	72.1K	15	14	0	1
29. www.jeremy.domain9.de	42.4K	19	18	0	1
30. domain6.org	38.1K	18	17	0	1
31. test2.domain10	35.2K	14	8	0	6
32. www.goi.domain7.de	32.8K	48	14	24	10
33. www.domain17.de	19.2K	13	5	3	5
34. www.domain18.de	12.2K	8	6	0	2
35. goi.domain7.de	10.8K	2	1	0	1
36. www.domain19.com	9.5K	4	3	0	1
37. www.domain20.org	7.3K	1	1	0	0
38. www.domain21.de	4.7K	23	22	0	1
39. www.domain22.de	2.9K	3	2	0	1
40. www.web21.domain9.de	2.0K	7	0	0	7
41. Andere (5)	2.7K	6	3	3	0
Summe	205.8M	13704	10054	2726	924

FTP-Server


1	2	3

VHost	# bytes	# Anfragen
1. web28	539.2K	8
2. web24	46.2K	8
3. web48	8.1K	19
Summe	593.5K	35

FTP-Logs

Thu Dec 23 17:54:55 2004 1 85.74.32.150 374 /html/ver.php b _ i r web48 ftp 0 * c
Thu Dec 23 17:56:07 2004 1 85.74.32.150 375 /html/ver.php b _ i r web48 ftp 0 * c
Thu Dec 23 17:56:41 2004 1 85.74.32.150 375 /html/ver.php b _ i r web48 ftp 0 * c
Thu Dec 23 17:57:01 2004 1 85.74.32.150 375 /html/ver.php b _ o r web48 ftp 0 * c
Thu Dec 23 17:57:43 2004 1 85.74.32.150 375 /html/ver.php b _ o r web48 ftp 0 * c
Thu Dec 23 17:57:58 2004 1 85.74.32.150 374 /html/ver.php b _ i r web48 ftp 0 * c
Thu Dec 23 18:02:14 2004 1 85.74.32.150 386 /html/ver.php b _ i r web48 ftp 0 * c
Thu Dec 23 18:05:54 2004 1 85.74.32.150 465 /html/ver.php b _ i r web48 ftp 0 * c
Thu Dec 23 18:07:50 2004 1 85.74.32.150 467 /html/ver.php b _ i r web48 ftp 0 * c
Thu Dec 23 18:09:30 2004 2 62.246.85.147 13052 /html/ec/EC-KV/Ortschaften/Angelbachtal/angelbachtal.htm b _ i r web24 ftp 0 * c
Thu Dec 23 18:09:32 2004 2 62.246.85.147 10574 /html/ec/EC-KV/Ortschaften/Bruchsal/bruchsal.htm b _ i r web24 ftp 0 * c
Thu Dec 23 18:09:34 2004 2 62.246.85.147 9326 /html/ec/home.htm b _ i r web24 ftp 0 * c
Thu Dec 23 18:09:35 2004 1 62.246.85.147 764 /html/ec/index.htm b _ i r web24 ftp 0 * c
Thu Dec 23 18:09:36 2004 1 62.246.85.147 1167 /html/ec/online/guestbook/admin/newdatabase.html.inc b _ i r web24 ftp 0 * c
Thu Dec 23 18:09:38 2004 1 62.246.85.147 1165 /html/ec/online/guestbook/admin/rebuildindex.html.inc b _ i r web24 ftp 0 * c
Thu Dec 23 18:09:39 2004 1 62.246.85.147 1065 /html/ec/online/guestbook/admin/savecookie.html.inc b _ i r web24 ftp 0 * c
Thu Dec 23 18:09:41 2004 2 62.246.85.147 10198 /html/ec/online/guestbook/input.php b _ i r web24 ftp 0 * c
Thu Dec 23 18:10:03 2004 1 85.74.32.150 467 /html/ver.php b _ i r web48 ftp 0 * c
Thu Dec 23 18:10:23 2004 1 85.74.32.150 467 /html/ver.php b _ o r web48 ftp 0 * c
Thu Dec 23 18:11:12 2004 1 85.74.32.150 468 /html/ver.php b _ i r web48 ftp 0 * c
Thu Dec 23 18:24:42 2004 1 85.74.32.150 468 /html/ver.php b _ o r web48 ftp 0 * c
Thu Dec 23 18:24:48 2004 1 85.74.32.150 468 /html/ver.php b _ o r web48 ftp 0 * c
Thu Dec 23 18:24:58 2004 1 85.74.32.150 468 /html/ver.php b _ o r web48 ftp 0 * c
Thu Dec 23 18:25:19 2004 1 85.74.32.150 480 /html/ver.php b _ i r web48 ftp 0 * c
Thu Dec 23 18:26:04 2004 1 85.74.32.150 480 /html/ver.php b _ i r web48 ftp 0 * c
Thu Dec 23 18:26:51 2004 1 85.74.32.150 480 /html/ver.php b _ i r web48 ftp 0 * c
Thu Dec 23 18:27:23 2004 1 85.74.32.150 479 /html/ver.php b _ i r web48 ftp 0 * c
Thu Dec 23 18:33:17 2004 71 62.246.85.147 190887 /html/Aktuelles/Bilder/bilder2003/GFsombreros.jpg b _ i r web28 ftp 0 * c
Thu Dec 23 18:34:19 2004 62 62.246.85.147 156995 /html/Aktuelles/Bilder/bilder2003/juHAjeRA.jpg b _ i r web28 ftp 0 * c
Thu Dec 23 18:34:51 2004 31 62.246.85.147 88507 /html/Aktuelles/Bilder/bilder2003/rahel+judith-ponchos.jpg b _ i r web28 ftp 0 * c
Thu Dec 23 18:35:19 2004 27 62.246.85.147 82358 /html/Bezkass/2004-10.jpg b _ i r web28 ftp 0 * c
Thu Dec 23 18:35:20 2004 1 62.246.85.147 1475 /html/Bezkass/Bezkass.htm b _ i r web28 ftp 0 * c
Thu Dec 23 18:35:22 2004 1 62.246.85.147 7049 /html/home.htm b _ i r web28 ftp 0 * c
Thu Dec 23 18:35:23 2004 1 62.246.85.147 746 /html/index.htm b _ i r web28 ftp 0 * c
Thu Dec 23 18:35:27 2004 3 62.246.85.147 24140 /html/Termine/Termine.htm b _ i r web28 ftp 0 * c

Postfix

Overview
# IN	# OUT	# REJECTED	Bytes IN	Bytes OUT	# Sum	Bytes Sum
9	22	33	183.3K	808.8K	64	992.2K

Mails grouped by 'to'
Zu	Von	# bytes	Relay
webmaster@domain25.de(4x)	root@pXXXXXXXX.pureserver.info(4x)	256.2K	mx01.schlund.de[212.227.126.146], mx01.schlund.de[212.227.126.217], mx00.schlund.de[212.227.126.210], mx01.schlund.de[212.227.126.140]
web30p3@pXXXXXXXX.pureserver.info(9x) x.y@domain17.de(9x)	root@fuenf.scm-digital.net, news@newsletter.conrad.de, ewschloetterer@gmx.de, root@onetwomax.com, KSBB-Bayern@gmx.net, keineantwortadresse@web.de, enews-admin@arrow.willowcreek.org, KeineAntwortAdresse@web.de, bestellung@plattenladen.com	183.3K	local(9x)
Harm@lindenhof.com	x.y@domain17.de	169.0K	mail.lindenhof.com[213.133.104.12]
x.y@gmx.de(2x) friedy@domain11.de(2x)	x.y+netm@sms.de, bounce@free-letters.de	102.1K	mx0.gmx.de[213.165.64.100](2x)
x.y@web.de webmaster@domain11.de	magazine-bounces@more-of-god.de	92.6K	mx-ha01.web.de[217.72.192.149]
x.y@lgv-online.de(2x) x.y@domain5.de x.y@domain5.de	Hostmaster@t-online.de, x.y@BlueWin.ch	80.1K	mx00.schlund.de[212.227.15.186], mx01.schlund.de[212.227.126.215]
x.y@gmx.de x.y@domain17.de	x.y@foehl.de	35.1K	mx0.gmx.de[213.165.64.100]
domain14@t-online.de(5x) info@domain14.de martin@domain14.de(4x)	info@z-online.de, Alfred@testdom.com, Martin@testdom1.com, Carol@testdom2.com, Ted@testdom.com	29.6K	mailin01.sul.t-online.de[194.25.134.72], mailin05.sul.t-online.de[194.25.134.74], mailin02.sul.t-online.de[194.25.134.9], mailin03.sul.t-online.de[194.25.134.73], mailin06.sul.t-online.de[194.25.134.11]
xxxx@gmx.de infos@domain11.de	mynbame@sinotech-hk.com	24.9K	mx0.gmx.net[213.165.64.100]
x.y@lgv-online.de	x.y@domain17.de	12.8K	mx00.schlund.de[212.227.15.150]
x.y@yahoo.de	x.y@domain17.de	3.6K	mx2.mail.yahoo.com[64.156.215.8]
peter@knechtcity.de	x.y@domain17.de	2.0K	mx01.schlund.de[212.227.15.169]
fwd@domain25.de jochen@domain24.de	wwwrun@pXXXXXXXX.pureserver.info	725	mx01.schlund.de[212.227.126.146]
dahnilo1@domain11.de	Benutzer-Info@drk-ndk.de	0	ZURÜCKGEWIESEN
		0
DaVampire@domain11.de	Auto-Mail@web.de	0	ZURÜCKGEWIESEN
ochen@domain24.de(4x)	andrea.mati@tiscali.it(4x)	0	ZURÜCKGEWIESEN(4x)
asz@domain11.de	Benutzer-Info@hotmail.com	0	ZURÜCKGEWIESEN
Uhrpoststelle.FA-Frankfurt-Oder@domain11.de	Re-Mailer@gmx.de	0	ZURÜCKGEWIESEN
koccip@hanmail.net	i330009@hitel.net	0	ZURÜCKGEWIESEN
Motorradzentrale@domain11.de	Postmaster@cfl.rr.com	0	ZURÜCKGEWIESEN
patrick@domain11.de	Information@gmx.net	0	ZURÜCKGEWIESEN
x.y@domain5.de	Hostmaster@t-online.de	0	ZURÜCKGEWIESEN
x.y@domain17.de	franzi_kuntz@t-online.de	0	ZURÜCKGEWIESEN
x.y@domain17.de	pf@peterfaas.de	0	ZURÜCKGEWIESEN
deine@domain11.de	Hostmaster@gmx.de	0	ZURÜCKGEWIESEN
LIZENZ@domain11.de	Service@valvesoftware.com	0	ZURÜCKGEWIESEN
MacManInfi@domain11.de	Hilfe@aol.com	0	ZURÜCKGEWIESEN
martin@domain11.de(11x)	Lance.Engel@mail15.com, axcqcuugrdxq@canadasown.net, XFIDCSONPIW@centrum.cz, TZGKYZTERD@uolcat.com, craig@easypeasy.com, bigal@internet-ad.com, jtirhrwm@mailbox.gr, TZGNJQRAK@a4.no, stacie628@poms-r-us.com, CEGAKYXWCUA@advalvas.be, EsterpFaulkner@wickedmail.com	0	ZURÜCKGEWIESEN(11x)
info@domain23.net	owner-nolist-xinfoak-NET@WWW-GOTO.COM	0	ZURÜCKGEWIESEN
x.y@domain11.de	Postmaster@fa-pap.niedersachsen.de	0	ZURÜCKGEWIESEN
ron@domain11.de	Fehler_Mail@web.de	0	ZURÜCKGEWIESEN
Tabien@domain11.de	Info@clan00.de	0	ZURÜCKGEWIESEN
info@ad.net	owner-nolist-xinfoak-NET@WWW-GOTO.COM	0	ZURÜCKGEWIESEN
Summe		992.2K

Reject report
Zu	Von	Reject
MacManInfi@domain11.de	Hilfe@aol.com	RCPT from pD9530CE3.di p.t-dialin.net[217.83. 12.227]: 550 <MacManInfi @ec-altbulach.de>: User unknown in virtual alias table;
deine@domain11.de	Hostmaster@gmx.de	RCPT from pD9530CE3.di p.t-dialin.net[217.83. 12.227]: 550 <deine@ec- altbulach.de>: User unknown in virtual alias table;
martin@domain11.de	EsterpFaulkner@wickedmail.com	RCPT from CM-mapu2-229 -198.cm.vtr.net[200.86. 229.198]: 550 <martin@e c-altbulach.de>: User unknown in virtual alias table;
koccip@hanmail.net	i330009@hitel.net	RCPT from unknown[211 .223.188.13]: 554 <koccip@hanmail.net>: Relay access denied;
ochen@domain24.de	andrea.mati@tiscali.it	RCPT from host125-104. pool8173.interbusines s.it[81.73.104.125]: 550 <ochen@kalmbachnet .de>: User unknown in virtual alias table;
martin@domain11.de	Lance.Engel@mail15.com	RCPT from pool-68-162- 142-234.pitt.east.veri zon.net[68.162.142.234] : 550 <martin@ec-altbul ach.de>: User unknown in virtual alias table;
info@domain23.net	owner-nolist-xinfoak-NET@WWW-GOTO.COM	header To: from unknown[202.14.69.2];
x.y@domain5.de	Hostmaster@t-online.de	header Content-Type: application/octet-str eam; name=data_info.40 56.bat from pD9F92290.d ip.t-dialin.net[217.24 9.34.144];
info@ad.net	owner-nolist-xinfoak-NET@WWW-GOTO.COM	RCPT from unknown[202 .14.69.2]: 554 <info@ALL ESKLARO.NET>: Relay access denied;
x.y@domain11.de	Postmaster@fa-pap.niedersachsen.de	RCPT from pD9530CE3.di p.t-dialin.net[217.83. 12.227]: 550 <Angela.Ne ck@ec-altbulach.de>: User unknown in virtual alias table;
martin@domain11.de	craig@easypeasy.com	RCPT from unknown[222 .64.181.143]: 550 <martin@ec-altbulach.d e>: User unknown in virtual alias table;
martin@domain11.de	TZGKYZTERD@uolcat.com	RCPT from unknown[81. 208.97.108]: 550 <martin@ec-altbulach.d e>: User unknown in virtual alias table;
x.y@domain17.de	pf@peterfaas.de	header Content-Type: application/octet-str eam;??name="nothing.rt f.scr" from A8961.a.ppp ool.de[213.6.137.97];
asz@domain11.de	Benutzer-Info@hotmail.com	RCPT from pD9530CE3.di p.t-dialin.net[217.83. 12.227]: 550 <asz@ec-alt bulach.de>: User unknown in virtual alias table;
ron@domain11.de	Fehler_Mail@web.de	RCPT from pD9530CE3.di p.t-dialin.net[217.83. 12.227]: 550 <ron@ec-al tbulach.de>: User unknown in virtual alias table;
LIZENZ@domain11.de	Service@valvesoftware.com	RCPT from pD9530CE3.di p.t-dialin.net[217.83. 12.227]: 550 <LIZENZ@ec- altbulach.de>: User unknown in virtual alias table;
ochen@domain24.de	andrea.mati@tiscali.it	RCPT from host125-104. pool8173.interbusines s.it[81.73.104.125]: 550 <ochen@kalmbachnet .de>: User unknown in virtual alias table;
Tabien@domain11.de	Info@clan00.de	RCPT from pD9530CE3.di p.t-dialin.net[217.83. 12.227]: 550 <Tabien@ec- altbulach.de>: User unknown in virtual alias table;
ochen@domain24.de	andrea.mati@tiscali.it	RCPT from host125-104. pool8173.interbusines s.it[81.73.104.125]: 550 <ochen@kalmbachnet .de>: User unknown in virtual alias table;
ochen@domain24.de	andrea.mati@tiscali.it	RCPT from host125-104. pool8173.interbusines s.it[81.73.104.125]: 550 <ochen@kalmbachnet .de>: User unknown in virtual alias table;
martin@domain11.de	TZGNJQRAK@a4.no	RCPT from unknown[219 .145.195.87]: 550 <martin@ec-altbulach.d e>: User unknown in virtual alias table;
DaVampire@domain11.de	Auto-Mail@web.de	RCPT from pD9530CE3.di p.t-dialin.net[217.83. 12.227]: 550 <DaVampire @ec-altbulach.de>: User unknown in virtual alias table;
martin@domain11.de	jtirhrwm@mailbox.gr	RCPT from ppp-69-227-1 43-6.dsl.renocs.pacbel l.net[69.227.143.6]: 550 <martin@ec-altbula ch.de>: User unknown in virtual alias table;
x.y@domain17.de	franzi_kuntz@t-online.de	header Content-Type: application/octet-str eam;??name="paypal.htm .com" from A8961.a.pppo ol.de[213.6.137.97];
Uhrpoststelle.FA-Frankfurt-Oder@domain11.de	Re-Mailer@gmx.de	RCPT from pD9530CE3.di p.t-dialin.net[217.83. 12.227]: 550 <Uhrpostst elle.FA-Frankfurt-Oder @ec-altbulach.de>: User unknown in virtual alias table;
martin@domain11.de	axcqcuugrdxq@canadasown.net	RCPT from dhcp065-026- 181-234.indy.rr.com[65. 26.181.234]: 550 <martin@ec-altbulach.d e>: User unknown in virtual alias table;
martin@domain11.de	CEGAKYXWCUA@advalvas.be	RCPT from unknown[220 .120.248.189]: 550 <martin@ec-altbulach.d e>: User unknown in virtual alias table;
martin@domain11.de	bigal@internet-ad.com	RCPT from turbigo-6-82 -225-89-94.fbx.proxad.n et[82.225.89.94]: 550 <martin@ec-altbula ch.de>: User unknown in virtual alias table;
martin@domain11.de	XFIDCSONPIW@centrum.cz	RCPT from cpe-68-119-2 14-095.hky.nc.charter.c om[68.119.214.95]: 550 <martin@ec-altbula ch.de>: User unknown in virtual alias table;
patrick@domain11.de	Information@gmx.net	RCPT from pD9530CE3.di p.t-dialin.net[217.83. 12.227]: 550 <patrick@e c-altbulach.de>: User unknown in virtual alias table;
dahnilo1@domain11.de	Benutzer-Info@drk-ndk.de	RCPT from pD9530CE3.di p.t-dialin.net[217.83. 12.227]: 550 <dahnilo1@ ec-altbulach.de>: User unknown in virtual alias table;
Motorradzentrale@domain11.de	Postmaster@cfl.rr.com	RCPT from pD9530CE3.di p.t-dialin.net[217.83. 12.227]: 550 <Motorradz entrale@ec-altbulach.d e>: User unknown in virtual alias table;
martin@domain11.de	stacie628@poms-r-us.com	RCPT from unknown[222 .45.120.11]: 550 <martin@ec-altbulach.d e>: User unknown in virtual alias table;

Popper report
Benutzername	# Abfragen	Abfrage-Zeit
web14p1	6	08:22 10:33-10:35 (2x) 18:17 22:11 22:29
web1p1	225	11:30-11:51 (11x) 15:17-22:34 (214x)
web22p1	6	11:43 12:05 13:33 14:16 17:45 20:23
web24p1	4	09:38 10:40 16:12 23:15
web30p3	52	06:02-06:03 (2x) 08:03-08:05 (4x) 10:04 10:33 11:33-11:33 (3x) 12:28-12:30 (2x) 15:57-15:57 (2x) 16:04-16:05 (4x) 16:22-16:24 (5x) 17:45-17:48 (5x) 18:26 19:17-19:17 (6x) 20:30-20:30 (5x) 20:39-20:39 (3x) 21:24-21:27 (5x) 23:00-23:03 (3x)
web7p1	225	11:29-11:51 (11x) 15:17-22:34 (214x)

Warnings

Dec 23 00:25:46 pXXXXXXXX vsftpd: PAM-listfile: Couldn't open /etc/ftpusers
Dec 23 00:26:32 pXXXXXXXX last message repeated 2 times
Dec 23 00:26:32 pXXXXXXXX vsftpd: PAM-listfile: Couldn't open /etc/ftpusers
Dec 23 11:47:09 pXXXXXXXX vsftpd: PAM-listfile: Couldn't open /etc/ftpusers
Dec 23 11:47:44 pXXXXXXXX vsftpd: PAM-listfile: Couldn't open /etc/ftpusers
Dec 23 12:32:17 pXXXXXXXX vsftpd: PAM-listfile: Couldn't open /etc/ftpusers
Dec 23 14:27:39 pXXXXXXXX vsftpd: PAM-listfile: Couldn't open /etc/ftpusers
Dec 23 14:28:36 pXXXXXXXX last message repeated 3 times
Dec 23 14:29:45 pXXXXXXXX last message repeated 3 times
Dec 23 14:32:03 pXXXXXXXX vsftpd: PAM-listfile: Couldn't open /etc/ftpusers
Dec 23 14:33:01 pXXXXXXXX vsftpd: PAM-listfile: Couldn't open /etc/ftpusers
Dec 23 14:35:08 pXXXXXXXX vsftpd: PAM-listfile: Couldn't open /etc/ftpusers
Dec 23 14:36:26 pXXXXXXXX vsftpd: PAM-listfile: Couldn't open /etc/ftpusers
Dec 23 14:37:42 pXXXXXXXX vsftpd: PAM-listfile: Couldn't open /etc/ftpusers
Dec 23 14:43:21 pXXXXXXXX vsftpd: PAM-listfile: Couldn't open /etc/ftpusers
Dec 23 14:45:17 pXXXXXXXX vsftpd: PAM-listfile: Couldn't open /etc/ftpusers
Dec 23 14:48:45 pXXXXXXXX vsftpd: PAM-listfile: Couldn't open /etc/ftpusers
Dec 23 14:52:08 pXXXXXXXX vsftpd: PAM-listfile: Couldn't open /etc/ftpusers
Dec 23 14:52:47 pXXXXXXXX vsftpd: PAM-listfile: Couldn't open /etc/ftpusers
Dec 23 14:54:03 pXXXXXXXX vsftpd: PAM-listfile: Couldn't open /etc/ftpusers
Dec 23 14:55:03 pXXXXXXXX vsftpd: PAM-listfile: Couldn't open /etc/ftpusers
Dec 23 14:58:38 pXXXXXXXX vsftpd: PAM-listfile: Couldn't open /etc/ftpusers
Dec 23 15:01:53 pXXXXXXXX vsftpd: PAM-listfile: Couldn't open /etc/ftpusers
Dec 23 15:03:33 pXXXXXXXX vsftpd: PAM-listfile: Couldn't open /etc/ftpusers
Dec 23 15:05:29 pXXXXXXXX vsftpd: PAM-listfile: Couldn't open /etc/ftpusers
Dec 23 15:06:54 pXXXXXXXX vsftpd: PAM-listfile: Couldn't open /etc/ftpusers
Dec 23 15:07:06 pXXXXXXXX vsftpd: PAM-listfile: Couldn't open /etc/ftpusers
Dec 23 15:08:48 pXXXXXXXX vsftpd: PAM-listfile: Couldn't open /etc/ftpusers
Dec 23 15:10:39 pXXXXXXXX vsftpd: PAM-listfile: Couldn't open /etc/ftpusers
Dec 23 15:11:42 pXXXXXXXX vsftpd: PAM-listfile: Couldn't open /etc/ftpusers
Dec 23 15:56:16 pXXXXXXXX vsftpd: PAM-listfile: Couldn't open /etc/ftpusers
Dec 23 16:00:18 pXXXXXXXX vsftpd: PAM-listfile: Couldn't open /etc/ftpusers
Dec 23 16:02:27 pXXXXXXXX vsftpd: PAM-listfile: Couldn't open /etc/ftpusers
Dec 23 17:07:03 pXXXXXXXX vsftpd: PAM-listfile: Couldn't open /etc/ftpusers
Dec 23 17:10:38 pXXXXXXXX vsftpd: PAM-listfile: Couldn't open /etc/ftpusers
Dec 23 17:57:08 pXXXXXXXX vsftpd: PAM-listfile: Couldn't open /etc/ftpusers
Dec 23 17:58:06 pXXXXXXXX last message repeated 3 times
Dec 23 17:59:13 pXXXXXXXX vsftpd: PAM-listfile: Couldn't open /etc/ftpusers
Dec 23 18:03:25 pXXXXXXXX vsftpd: PAM-listfile: Couldn't open /etc/ftpusers
Dec 23 18:09:29 pXXXXXXXX vsftpd: PAM-listfile: Couldn't open /etc/ftpusers
Dec 23 18:31:50 pXXXXXXXX vsftpd: PAM-listfile: Couldn't open /etc/ftpusers
Dec 23 23:59:04 pXXXXXXXX postfix/smtpd[1627]: warning: 200.161.16.150: hostname 200-161-16-150.speedyterra.com.br verification failed: Host not found
Dec 23 01:30:47 pXXXXXXXX postfix/smtpd[4938]: warning: 82.158.23.79: hostname 79.red-82-158-23.user.auna.net verification failed: Host not found
Dec 23 05:11:59 pXXXXXXXX postfix/smtpd[8254]: warning: 206.81.84.101: hostname 206-81-84-101.testdom.com verification failed: Host not found
Dec 23 07:20:45 pXXXXXXXX postfix/smtpd[9549]: warning: 206.81.84.104: hostname 206-81-84-104.testdom.com verification failed: Host not found
Dec 23 08:51:41 pXXXXXXXX postfix/smtpd[10406]: warning: 206.81.84.105: hostname 206-81-84-105.testdom.com verification failed: Host not found
Dec 23 12:19:07 pXXXXXXXX postfix/smtpd[12516]: warning: 201.135.28.68: hostname dsl-201-135-28-68.prod-infinitum.com.mx verification failed: Host not found
Dec 23 17:54:39 pXXXXXXXX vsftpd: PAM-listfile: Couldn't open /etc/ftpusers
Dec 23 17:54:58 pXXXXXXXX last message repeated 4 times
Dec 23 17:56:09 pXXXXXXXX vsftpd: PAM-listfile: Couldn't open /etc/ftpusers
Dec 23 17:57:02 pXXXXXXXX last message repeated 5 times
Dec 23 17:58:00 pXXXXXXXX vsftpd: PAM-listfile: Couldn't open /etc/ftpusers
Dec 23 18:02:15 pXXXXXXXX vsftpd: PAM-listfile: Couldn't open /etc/ftpusers
Dec 23 18:05:51 pXXXXXXXX vsftpd: PAM-listfile: Couldn't open /etc/ftpusers
Dec 23 18:05:56 pXXXXXXXX vsftpd: PAM-listfile: Couldn't open /etc/ftpusers
Dec 23 18:07:52 pXXXXXXXX vsftpd: PAM-listfile: Couldn't open /etc/ftpusers
Dec 23 18:09:05 pXXXXXXXX vsftpd: PAM-listfile: Couldn't open /etc/ftpusers
Dec 23 18:10:04 pXXXXXXXX last message repeated 2 times
Dec 23 18:11:14 pXXXXXXXX vsftpd: PAM-listfile: Couldn't open /etc/ftpusers
Dec 23 18:24:42 pXXXXXXXX vsftpd: PAM-listfile: Couldn't open /etc/ftpusers
Dec 23 18:25:21 pXXXXXXXX last message repeated 4 times
Dec 23 18:26:53 pXXXXXXXX vsftpd: PAM-listfile: Couldn't open /etc/ftpusers
Dec 23 18:31:52 pXXXXXXXX vsftpd: PAM-listfile: Couldn't open /etc/ftpusers
Dec 23 18:31:58 pXXXXXXXX last message repeated 2 times
Dec 23 22:33:44 pXXXXXXXX postfix/smtpd[22193]: warning: 80.190.203.69: address not listed for hostname www.onetwomax.de
Dec 23 23:16:28 pXXXXXXXX postfix/smtpd[22602]: warning: 206.81.84.101: hostname 206-81-84-101.testdom.com verification failed: Host not found

Überprüfung auf Rootkit

Checking `bindshell'... INFECTED (PORTS: 465)

System information

Mounted Filesystems
Mount	Typ	Partition	Percent Capacity	Free	Used	Size
/	ext3	/dev/hda3	32%	23.4G	11.9G	37.2G
/boot	ext3	/dev/hda1	9%	210.8M	24.2M	248.0M
/dev/shm	shm	shmfs	0%	121.1M	0	121.1M
Summe			31%	23.7G	11.9G	37.6G

Memory usage
Typ	Percent Capacity	Free	Used	Size
Low	71%	69.1M	173.1M	242.2M
Mem	71%	69.1M	173.1M	242.2M
High	0%	0	0	0
Swap	10%	232.9M	25.9M	258.9M

SrvReport Version 0.70