grep -riE 'Mar[[:space:]]+4[[:space:]]+07:[34]' /var/log
/var/log/mail.info:Mar 4 07:32:35 hn imapd: LOGIN, user=
support@test.de, ip=[::ffff:188.194.69.160], port=[39009], protocol=IMAP
/var/log/mail.info:Mar 4 07:32:50 hn imapd: LOGIN, user=
support@test.de, ip=[::ffff:188.194.69.160], port=[39020], protocol=IMAP
/var/log/mail.info:Mar 4 07:32:50 hn imapd: LOGIN, user=
support@test.de, ip=[::ffff:188.194.69.160], port=[39021], protocol=IMAP
/var/log/mail.info:Mar 4 07:32:51 hn imapd: LOGIN, user=
support@test.de, ip=[::ffff:188.194.69.160], port=[39022], protocol=IMAP
/var/log/mail.info:Mar 4 07:34:08 hn postfix/qmgr[2445]: 0080C1342FAF: from=<
fail2ban@example.com>, size=364, nrcpt=1 (queue active)
/var/log/mail.info:Mar 4 07:34:08 hn postfix/qmgr[2445]: DD5C01343021: from=<
fail2ban@test.de>, size=345, nrcpt=1 (queue active)
/var/log/mail.info:Mar 4 07:34:08 hn postfix/qmgr[2445]: 72EB8134309B: from=<
webmaster@tpom-club.15gb.de>, size=992, nrcpt=1 (queue active)
/var/log/mail.info:Mar 4 07:34:08 hn postfix/qmgr[2445]: 3A746134300B: from=<
fail2ban@test.de>, size=359, nrcpt=1 (queue active)
/var/log/mail.info:Mar 4 07:34:08 hn postfix/qmgr[2445]: 170F01342FE9: from=<
fail2ban@test.de>, size=366, nrcpt=1 (queue active)
/var/log/mail.info:Mar 4 07:34:08 hn postfix/qmgr[2445]: C09111342FD8: from=<
fail2ban@test.de>, size=428, nrcpt=1 (queue active)
/var/log/mail.info:Mar 4 07:34:08 hn postfix/qmgr[2445]: B37D8134301B: from=<
fail2ban@test.de>, size=355, nrcpt=1 (queue active)
/var/log/mail.info:Mar 4 07:34:08 hn postfix/qmgr[2445]: 914BB1340E21: from=<
fail2ban@test.de>, size=358, nrcpt=1 (queue active)
/var/log/mail.info:Mar 4 07:34:08 hn postfix/qmgr[2445]: 649281342FB1: from=<
fail2ban@test.de>, size=368, nrcpt=1 (queue active)
/var/log/mail.info:Mar 4 07:34:08 hn postfix/qmgr[2445]: 551711343001: from=<
fail2ban@test.de>, size=353, nrcpt=1 (queue active)
/var/log/mail.info:Mar 4 07:34:08 hn postfix/qmgr[2445]: 463AF1343015: from=<
fail2ban@example.com>, size=351, nrcpt=1 (queue active)
/var/log/mail.info:Mar 4 07:34:08 hn postfix/error[1122]: 3A746134300B: to=<
you@example.com>, relay=none, delay=63278, delays=63278/0.01/0/0.2, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to example.com[192.0.43.10]:25: Connection timed out)
/var/log/mail.info:Mar 4 07:34:08 hn postfix/error[1124]: 170F01342FE9: to=<
you@example.com>, relay=none, delay=63377, delays=63377/0.01/0/0.2, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to example.com[192.0.43.10]:25: Connection timed out)
/var/log/mail.info:Mar 4 07:34:08 hn postfix/error[1110]: 0080C1342FAF: to=<
you@example.com>, relay=none, delay=63378, delays=63378/0.01/0/0.2, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to example.com[192.0.43.10]:25: Connection timed out)
/var/log/mail.info:Mar 4 07:34:08 hn postfix/error[1112]: DD5C01343021: to=<
you@example.com>, relay=none, delay=63275, delays=63274/0.01/0/0.2, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to example.com[192.0.43.10]:25: Connection timed out)
/var/log/mail.info:Mar 4 07:34:08 hn postfix/error[1126]: C09111342FD8: to=<
you@example.com>, relay=none, delay=63378, delays=63377/0.01/0/0.27, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to example.com[192.0.43.10]:25: Connection timed out)
/var/log/mail.info:Mar 4 07:34:08 hn postfix/error[1112]: 551711343001: to=<
you@example.com>, relay=none, delay=63278, delays=63278/0.2/0/0.16, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to example.com[192.0.43.10]:25: Connection timed out)
/var/log/mail.info:Mar 4 07:34:08 hn postfix/error[1110]: 649281342FB1: to=<
you@example.com>, relay=none, delay=63378, delays=63378/0.2/0/0.16, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to example.com[192.0.43.10]:25: Connection timed out)
/var/log/mail.info:Mar 4 07:34:08 hn postfix/error[1122]: B37D8134301B: to=<
you@example.com>, relay=none, delay=63276, delays=63276/0.2/0/0.16, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to example.com[192.0.43.10]:25: Connection timed out)
/var/log/mail.info:Mar 4 07:34:08 hn postfix/error[1124]: 914BB1340E21: to=<
you@example.com>, relay=none, delay=63378, delays=63378/0.2/0/0.16, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to example.com[192.0.43.10]:25: Connection timed out)
/var/log/mail.info:Mar 4 07:34:08 hn postfix/error[1129]: 463AF1343015: to=<
you@example.com>, relay=none, delay=63277, delays=63277/0.21/0/0.16, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to example.com[192.0.43.10]:25: Connection timed out)
/var/log/mail.info:Mar 4 07:34:08 hn postfix/smtp[1111]: 72EB8134309B: to=<
evokeopj@gmail.com>, relay=gmail-smtp-in.l.google.com[173.194.70.26]:25, delay=34003, delays=34003/0/0.04/0.42, dsn=2.0.0, status=sent (250 2.0.0 OK 1362378849 b4si14882535eep.10 - gsmtp)
/var/log/mail.info:Mar 4 07:34:08 hn postfix/qmgr[2445]: 72EB8134309B: removed
/var/log/mail.info:Mar 4 07:34:26 hn postfix/smtpd[1139]: connect from unknown[212.227.15.19]
/var/log/mail.info:Mar 4 07:34:26 hn postfix/smtpd[1139]: 75D8D134309B: client=unknown[212.227.15.19]
/var/log/mail.info:Mar 4 07:34:26 hn postfix/cleanup[1141]: 75D8D134309B: message-id=<
5134406F.7050506@gmx.de>
/var/log/mail.info:Mar 4 07:34:26 hn postfix/qmgr[2445]: 75D8D134309B: from=<
andreas-stoltze@gmx.de>, size=1089, nrcpt=1 (queue active)
/var/log/mail.info:Mar 4 07:34:26 hn postfix/smtpd[1139]: disconnect from unknown[212.227.15.19]
/var/log/mail.info:Mar 4 07:34:26 hn postfix/virtual[1143]: 75D8D134309B: to=<
support@test.de>, relay=virtual, delay=0.27, delays=0.19/0/0/0.07, dsn=2.0.0, status=sent (delivered to maildir)
/var/log/mail.info:Mar 4 07:34:26 hn postfix/qmgr[2445]: 75D8D134309B: removed
/var/log/mail.info:Mar 4 07:34:29 hn postfix/pickup[869]: E6EA21343136: uid=0 from=<fail2ban>
/var/log/mail.info:Mar 4 07:34:29 hn postfix/cleanup[1141]: E6EA21343136: message-id=<
20130304063429.E6EA21343136@test.de>
/var/log/mail.info:Mar 4 07:34:30 hn postfix/qmgr[2445]: E6EA21343136: from=<
fail2ban@test.de>, size=471, nrcpt=1 (queue active)
/var/log/mail.info:Mar 4 07:34:30 hn postfix/pickup[869]: 13CF9134309B: uid=0 from=<fail2ban>
/var/log/mail.info:Mar 4 07:34:30 hn postfix/cleanup[1141]: 13CF9134309B: message-id=<
20130304063430.13CF9134309B@test.de>
/var/log/mail.info:Mar 4 07:34:30 hn postfix/error[1126]: E6EA21343136: to=<
you@example.com>, relay=none, delay=0.45, delays=0.29/0/0/0.17, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to example.com[192.0.43.10]:25: Connection timed out)
/var/log/mail.info:Mar 4 07:34:30 hn postfix/qmgr[2445]: 13CF9134309B: from=<
fail2ban@test.de>, size=481, nrcpt=1 (queue active)
/var/log/mail.info:Mar 4 07:34:30 hn postfix/error[1110]: 13CF9134309B: to=<
you@example.com>, relay=none, delay=0.34, delays=0.29/0/0/0.05, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to example.com[192.0.43.10]:25: Connection timed out)
/var/log/mail.info:Mar 4 07:34:55 hn postfix/smtpd[1139]: connect from unknown[88.198.18.48]
/var/log/mail.info:Mar 4 07:34:55 hn postfix/smtpd[1139]: lost connection after CONNECT from unknown[88.198.18.48]
/var/log/mail.info:Mar 4 07:34:55 hn postfix/smtpd[1139]: disconnect from unknown[88.198.18.48]
/var/log/mail.info:Mar 4 07:34:55 hn spamd[1064]: spamd: connection from test.de.local [127.0.0.1] at port 56495
/var/log/mail.info:Mar 4 07:34:55 hn spamd[1064]: spamd: bad protocol: header error: (closed before headers)
/var/log/mail.info:Mar 4 07:34:56 hn spamd[952]: prefork: child states: II
/var/log/mail.info:Mar 4 07:34:57 hn postfix/pickup[869]: AF0A3134313E: uid=0 from=<
fail2ban@example.com>
/var/log/mail.info:Mar 4 07:34:57 hn postfix/cleanup[1141]: AF0A3134313E: message-id=<
20130304063457.AF0A3134313E@test.de>
/var/log/mail.info:Mar 4 07:34:57 hn postfix/qmgr[2445]: AF0A3134313E: from=<
fail2ban@example.com>, size=477, nrcpt=1 (queue active)
/var/log/mail.info:Mar 4 07:35:27 hn postfix/smtp[1111]: connect to example.com[192.0.43.10]:25: Connection timed out
/var/log/mail.info:Mar 4 07:35:29 hn postfix/smtp[1111]: AF0A3134313E: to=<
you@example.com>, relay=none, delay=30, delays=0.32/0/30/0, dsn=4.4.1, status=deferred (connect to example.com[192.0.43.10]:25: Connection timed out)
/var/log/mail.info:Mar 4 07:37:48 hn postfix/smtpd[1424]: connect from unknown[188.194.69.160]
/var/log/mail.info:Mar 4 07:37:48 hn postfix/smtpd[1424]: 741EF1343169: client=unknown[188.194.69.160], sasl_method=CRAM-MD5, sasl_username=
support@test.de
/var/log/mail.info:Mar 4 07:37:48 hn postfix/cleanup[1426]: 741EF1343169: message-id=<
5134413A.3010407@test.de>
/var/log/mail.info:Mar 4 07:37:48 hn postfix/qmgr[2445]: 741EF1343169: from=<
support@test.de>, size=715, nrcpt=1 (queue active)
/var/log/mail.info:Mar 4 07:37:48 hn postfix/smtpd[1424]: disconnect from unknown[188.194.69.160]
/var/log/mail.info:Mar 4 07:37:48 hn imapd: DISCONNECTED, user=
support@test.de, ip=[::ffff:188.194.69.160], headers=0, body=0, rcvd=683, sent=1236, time=298
/var/log/mail.info:Mar 4 07:37:49 hn postfix/smtp[1427]: 741EF1343169: to=<
andreas-stoltze@gmx.de>, relay=mx00.gmx.net[213.165.67.114]:25, delay=1.2, delays=0.23/0/0.05/0.96, dsn=2.0.0, status=sent (250 Requested mail action okay, completed: id=0MKtSS-1UCP1x2A7s-0003AQ)
/var/log/mail.info:Mar 4 07:37:49 hn postfix/qmgr[2445]: 741EF1343169: removed
/var/log/mail.info:Mar 4 07:38:02 hn imapd: LOGIN, user=
support@test.de, ip=[::ffff:188.194.69.160], port=[39200], protocol=IMAP
/var/log/mail.info:Mar 4 07:38:29 hn clamd[1659]: SelfCheck: Database status OK.
/var/log/mail.info:Mar 4 07:42:12 hn postfix/qmgr[2445]: 0309A1340D73: from=<
fail2ban@test.de>, size=353, nrcpt=1 (queue active)
/var/log/mail.info:Mar 4 07:43:24 hn postfix/qmgr[2445]: DF9351340F4B: from=<
fail2ban@test.de>, size=366, nrcpt=1 (queue active)
/var/log/mail.info:Mar 4 07:43:44 hn postfix/qmgr[2445]: DDDD21340430: from=<
fail2ban@test.de>, size=368, nrcpt=1 (queue active)
/var/log/mail.info:Mar 4 07:43:45 hn postfix/qmgr[2445]: EFF68134045A: from=<
fail2ban@test.de>, size=428, nrcpt=1 (queue active)
/var/log/mail.info:Mar 4 07:43:46 hn postfix/qmgr[2445]: E7AF413401EC: from=<
fail2ban@test.de>, size=366, nrcpt=1 (queue active)
/var/log/mail.info:Mar 4 07:43:46 hn postfix/qmgr[2445]: 38BB31340F76: from=<
fail2ban@test.de>, size=358, nrcpt=1 (queue active)
/var/log/mail.info:Mar 4 07:43:47 hn postfix/qmgr[2445]: 177F51340456: from=<
fail2ban@example.com>, size=364, nrcpt=1 (queue active)
/var/log/mail.info:Mar 4 07:43:47 hn postfix/smtp[1681]: connect to example.com[192.0.43.10]:25: Connection refused
/var/log/mail.info:Mar 4 07:43:47 hn postfix/smtp[1427]: connect to example.com[192.0.43.10]:25: Connection timed out
/var/log/mail.info:Mar 4 07:43:47 hn postfix/smtp[1683]: connect to example.com[192.0.43.10]:25: Connection timed out
/var/log/mail.info:Mar 4 07:43:47 hn postfix/smtp[1684]: connect to example.com[192.0.43.10]:25: Connection timed out
/var/log/mail.info:Mar 4 07:43:47 hn postfix/smtp[1685]: connect to example.com[192.0.43.10]:25: Connection timed out
/var/log/mail.info:Mar 4 07:43:47 hn postfix/qmgr[2445]: CB1DC13402AD: from=<
fail2ban@test.de>, size=345, nrcpt=1 (queue active)
/var/log/mail.info:Mar 4 07:43:47 hn postfix/anvil[1140]: statistics: max connection rate 1/60s for (smtp:212.227.15.19) at Mar 4 07:34:26
/var/log/mail.info:Mar 4 07:43:47 hn postfix/smtp[1681]: DF9351340F4B: to=<
you@example.com>, relay=none, delay=55059, delays=54949/1.6/109/0, dsn=4.4.1, status=deferred (connect to example.com[192.0.43.10]:25: Connection refused)
/var/log/mail.info:Mar 4 07:43:47 hn postfix/smtp[1427]: 0309A1340D73: to=<
you@example.com>, relay=none, delay=35712, delays=35586/0.51/126/0, dsn=4.4.1, status=deferred (connect to example.com[192.0.43.10]:25: Connection timed out)
/var/log/mail.info:Mar 4 07:43:47 hn postfix/smtp[1683]: DDDD21340430: to=<
you@example.com>, relay=none, delay=35612, delays=35483/0.87/128/0, dsn=4.4.1, status=deferred (connect to example.com[192.0.43.10]:25: Connection timed out)
/var/log/mail.info:Mar 4 07:43:47 hn postfix/smtp[1684]: EFF68134045A: to=<
you@example.com>, relay=none, delay=35621, delays=35484/0.31/136/0, dsn=4.4.1, status=deferred (connect to example.com[192.0.43.10]:25: Connection timed out)
/var/log/mail.info:Mar 4 07:43:47 hn postfix/smtp[1685]: E7AF413401EC: to=<
you@example.com>, relay=none, delay=35666, delays=35486/0.27/180/0, dsn=4.4.1, status=deferred (connect to example.com[192.0.43.10]:25: Connection timed out)
/var/log/mail.info:Mar 4 07:43:47 hn postfix/anvil[1140]: statistics: max connection count 1 for (smtp:212.227.15.19) at Mar 4 07:34:26
/var/log/mail.info:Mar 4 07:43:47 hn postfix/anvil[1140]: statistics: max cache size 1 at Mar 4 07:34:26
/var/log/mail.info:Mar 4 07:43:58 hn postfix/qmgr[2445]: 6B9C91340F97: from=<
fail2ban@test.de>, size=428, nrcpt=1 (queue active)
/var/log/mail.info:Mar 4 07:44:03 hn postfix/qmgr[2445]: 4D9EC13401E2: from=<
fail2ban@test.de>, size=359, nrcpt=1 (queue active)
/var/log/mail.info:Mar 4 07:44:10 hn postfix/qmgr[2445]: A87F113401F7: from=<
fail2ban@test.de>, size=355, nrcpt=1 (queue active)
/var/log/mail.info:Mar 4 07:44:59 hn postfix/qmgr[2445]: A49D6134042B: from=<
fail2ban@example.com>, size=351, nrcpt=1 (queue active)
/var/log/mail.info:Mar 4 07:46:04 hn postfix/qmgr[2445]: AF0A3134313E: from=<
fail2ban@example.com>, size=477, nrcpt=1 (queue active)
/var/log/mail.info:Mar 4 07:46:25 hn postfix/qmgr[2445]: AABED1342FA5: from=<
fail2ban@test.de>, size=368, nrcpt=1 (queue active)
/var/log/mail.info:Mar 4 07:46:26 hn postfix/qmgr[2445]: A1E6B1340F6D: from=<
fail2ban@example.com>, size=364, nrcpt=1 (queue active)
/var/log/mail.info:Mar 4 07:46:29 hn postfix/error[1935]: 38BB31340F76: to=<
you@example.com>, relay=none, delay=55230, delays=54952/277/0/1.3, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to example.com[192.0.43.10]:25: Connection refused)
/var/log/mail.info:Mar 4 07:46:31 hn postfix/error[1938]: 177F51340456: to=<
you@example.com>, relay=none, delay=35769, delays=35497/271/0/2.1, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to example.com[192.0.43.10]:25: Connection refused)
/var/log/mail.info:Mar 4 07:46:33 hn postfix/error[1941]: 6B9C91340F97: to=<
you@example.com>, relay=none, delay=55231, delays=55227/1.4/0/2.1, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to example.com[192.0.43.10]:25: Connection refused)
/var/log/mail.info:Mar 4 07:46:36 hn postfix/error[1939]: CB1DC13402AD: to=<
you@example.com>, relay=none, delay=35865, delays=35631/232/0/2.1, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to example.com[192.0.43.10]:25: Connection refused)
/var/log/mail.info:Mar 4 07:46:36 hn postfix/error[1935]: A87F113401F7: to=<
you@example.com>, relay=none, delay=35866, delays=35863/2.3/0/0.77, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to example.com[192.0.43.10]:25: Connection refused)
/var/log/mail.info:Mar 4 07:46:36 hn postfix/error[1942]: 4D9EC13401E2: to=<
you@example.com>, relay=none, delay=35866, delays=35863/1/0/2.1, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to example.com[192.0.43.10]:25: Connection refused)
/var/log/mail.info:Mar 4 07:46:36 hn postfix/error[1957]: A49D6134042B: to=<
you@example.com>, relay=none, delay=35867, delays=35864/2.2/0/0.77, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to example.com[192.0.43.10]:25: Connection refused)
/var/log/mail.info:Mar 4 07:46:37 hn postfix/error[1939]: AABED1342FA5: to=<
you@example.com>, relay=none, delay=55232, delays=55228/3.1/0/0.79, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to example.com[192.0.43.10]:25: Connection refused)
/var/log/mail.info:Mar 4 07:46:37 hn postfix/error[1941]: A1E6B1340F6D: to=<
you@example.com>, relay=none, delay=55233, delays=55229/3.1/0/0.79, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to example.com[192.0.43.10]:25: Connection refused)
/var/log/mail.info:Mar 4 07:46:38 hn postfix/error[1938]: AF0A3134313E: to=<
you@example.com>, relay=none, delay=536, delays=532/3.1/0/0.79, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to example.com[192.0.43.10]:25: Connection refused)
/var/log/mail.info:Mar 4 07:46:59 hn postfix/qmgr[2445]: E6EA21343136: from=<
fail2ban@test.de>, size=471, nrcpt=1 (queue active)
/var/log/mail.info:Mar 4 07:47:10 hn postfix/pickup[869]: 532271343035: uid=0 from=<root>
/var/log/mail.info:Mar 4 07:48:28 hn postfix/cleanup[2129]: 532271343035: message-id=<
20130304064421.532271343035@test.de>
/var/log/warn:Mar 4 07:34:55 hn spamd[1064]: spamd: bad protocol: header error: (closed before headers)
/var/log/messages:Mar 4 07:30:01 hn /USR/SBIN/CRON[336]: (root) CMD (umask 027; /srv/www/ispcp/engine/traffic/ispcp-vrl-traff &>/var/log/ispcp/ispcp-vrl-traff.log)
/var/log/messages:Mar 4 07:30:01 hn /USR/SBIN/CRON[339]: (root) CMD (/srv/www/ispcp/engine/tools/ispcp-del-phptemp.sh >/dev/null 2>&1)
/var/log/messages:Mar 4 07:30:02 hn /USR/SBIN/CRON[372]: (root) CMD (umask 027; /srv/www/ispcp/engine/traffic/ispcp-srv-traff &>/var/log/ispcp/ispcp-srv-traff.log)
/var/log/messages:Mar 4 07:30:02 hn /USR/SBIN/CRON[548]: (root) CMD (sh /srv/www/coll.sh)
/var/log/messages:Mar 4 07:30:44 hn proftpd[874]: 88.198.18.48 (213.133.113.84[213.133.113.84]) - FTP session opened.
/var/log/messages:Mar 4 07:30:44 hn proftpd[874]: 88.198.18.48 (213.133.113.84[213.133.113.84]) - Preparing to chroot to directory '/srv/www/vhosts/test.test.de'
/var/log/messages:Mar 4 07:30:44 hn proftpd[874]: 88.198.18.48 (213.133.113.84[213.133.113.84]) - USER andy-test.test.de: Login successful.
/var/log/messages:Mar 4 07:30:44 hn proftpd[874]: 88.198.18.48 (213.133.113.84[213.133.113.84]) - FTP session closed.
/var/log/messages:Mar 4 07:31:01 hn /USR/SBIN/CRON[880]: (root) CMD (sh /srv/www/coll.sh)
/var/log/messages:Mar 4 07:32:01 hn /USR/SBIN/CRON[943]: (root) CMD (sh /srv/www/coll.sh)
/var/log/messages:Mar 4 07:33:01 hn /USR/SBIN/CRON[997]: (root) CMD (sh /srv/www/coll.sh)
/var/log/messages:Mar 4 07:34:01 hn /USR/SBIN/CRON[1062]: (root) CMD (sh /srv/www/coll.sh)
/var/log/messages:Mar 4 07:34:22 hn sshd[1133]: reverse mapping checking getaddrinfo for xinnet-179.global-mail.cn [114.112.52.179] failed - POSSIBLE BREAK-IN ATTEMPT!
/var/log/messages:Mar 4 07:34:22 hn sshd[1133]: Invalid user ftpuser from 114.112.52.179
/var/log/messages:Mar 4 07:34:22 hn sshd[1133]: input_userauth_request: invalid user ftpuser [preauth]
/var/log/messages:Mar 4 07:34:23 hn sshd[1133]: Received disconnect from 114.112.52.179: 11: Bye Bye [preauth]
/var/log/messages:Mar 4 07:34:25 hn sshd[1135]: reverse mapping checking getaddrinfo for xinnet-179.global-mail.cn [114.112.52.179] failed - POSSIBLE BREAK-IN ATTEMPT!
/var/log/messages:Mar 4 07:34:25 hn sshd[1135]: Invalid user ftpuser from 114.112.52.179
/var/log/messages:Mar 4 07:34:25 hn sshd[1135]: input_userauth_request: invalid user ftpuser [preauth]
/var/log/messages:Mar 4 07:34:26 hn sshd[1135]: Received disconnect from 114.112.52.179: 11: Bye Bye [preauth]
/var/log/messages:Mar 4 07:34:26 hn named[1491]: error (network unreachable) resolving 'gmx.de/MX/IN': 2001:8d8:fe:53:0:d9a0:52c7:100#53
/var/log/messages:Mar 4 07:34:26 hn named[1491]: error (network unreachable) resolving 'gmx.de/MX/IN': 2001:8d8:fe:53:0:d9a0:51c7:100#53
/var/log/messages:Mar 4 07:34:26 hn named[1491]: error (network unreachable) resolving 'gmx.de/MX/IN': 2001:8d8:fe:53:0:d9a0:50c7:100#53
/var/log/messages:Mar 4 07:34:28 hn sshd[1142]: reverse mapping checking getaddrinfo for xinnet-179.global-mail.cn [114.112.52.179] failed - POSSIBLE BREAK-IN ATTEMPT!
/var/log/messages:Mar 4 07:34:28 hn sshd[1142]: Invalid user ftpuser from 114.112.52.179
/var/log/messages:Mar 4 07:34:28 hn sshd[1142]: input_userauth_request: invalid user ftpuser [preauth]
/var/log/messages:Mar 4 07:34:29 hn sshd[1142]: Received disconnect from 114.112.52.179: 11: Bye Bye [preauth]
/var/log/messages:Mar 4 07:34:32 hn sshd[1145]: reverse mapping checking getaddrinfo for xinnet-179.global-mail.cn [114.112.52.179] failed - POSSIBLE BREAK-IN ATTEMPT!
/var/log/messages:Mar 4 07:34:32 hn sshd[1145]: Invalid user ftpuser001 from 114.112.52.179
/var/log/messages:Mar 4 07:34:32 hn sshd[1145]: input_userauth_request: invalid user ftpuser001 [preauth]
/var/log/messages:Mar 4 07:34:32 hn sshd[1145]: Received disconnect from 114.112.52.179: 11: Bye Bye [preauth]
/var/log/messages:Mar 4 07:34:32 hn sshd[1173]: refused connect from 114.112.52.179 (114.112.52.179)
/var/log/messages:Mar 4 07:34:55 hn ispcp_daemon[1193]: child 1193 started!
/var/log/messages:Mar 4 07:34:55 hn ispcp_daemon[1193]: Aeee! SIG_PIPE was received! Will we survive?
/var/log/messages:Mar 4 07:34:55 hn ispcp_daemon[1193]: send_line(): socket write error: Broken pipe
/var/log/messages:Mar 4 07:34:55 hn ispcp_daemon[1193]: read_line(): socket EOF! other end closed the connection!
/var/log/messages:Mar 4 07:34:55 hn ispcp_daemon[1458]: EINTR was received! continue;
/var/log/messages:Mar 4 07:34:55 hn proftpd[1194]: 88.198.18.48 (88.198.18.48[88.198.18.48]) - FTP session opened.
/var/log/messages:Mar 4 07:34:55 hn proftpd[1194]: 88.198.18.48 (88.198.18.48[88.198.18.48]) - FTP session closed.
/var/log/messages:Mar 4 07:34:55 hn sshd[1198]: Did not receive identification string from 88.198.18.48
/var/log/messages:Mar 4 07:35:01 hn /USR/SBIN/CRON[1221]: (root) CMD (sh /srv/www/coll.sh)
/var/log/messages:Mar 4 07:36:01 hn /USR/SBIN/CRON[1280]: (root) CMD (sh /srv/www/coll.sh)
/var/log/messages:Mar 4 07:36:19 hn proftpd[1336]: 88.198.18.48 (213.133.113.83[213.133.113.83]) - FTP session opened.
/var/log/messages:Mar 4 07:36:19 hn proftpd[1336]: 88.198.18.48 (213.133.113.83[213.133.113.83]) - Preparing to chroot to directory '/srv/www/vhosts/test.test.de'
/var/log/messages:Mar 4 07:36:19 hn proftpd[1336]: 88.198.18.48 (213.133.113.83[213.133.113.83]) - USER andy-test.test.de: Login successful.
/var/log/messages:Mar 4 07:36:20 hn proftpd[1336]: 88.198.18.48 (213.133.113.83[213.133.113.83]) - FTP session closed.
/var/log/messages:Mar 4 07:37:01 hn /USR/SBIN/CRON[1373]: (root) CMD (sh /srv/www/coll.sh)
/var/log/messages:Mar 4 07:38:01 hn /USR/SBIN/CRON[1430]: (root) CMD (sh /srv/www/coll.sh)
/var/log/messages:Mar 4 07:39:17 hn sshd[1497]: Accepted keyboard-interactive/pam for root from 188.194.69.160 port 38080 ssh2
/var/log/messages:Mar 4 07:39:56 hn sshd[1497]: Received disconnect from 188.194.69.160: 11: disconnected by user
/var/log/messages:Mar 4 07:41:00 hn sshd[1557]: Accepted keyboard-interactive/pam for root from 188.194.69.160 port 38081 ssh2
/var/log/messages:Mar 4 07:41:15 hn sshd[1627]: Accepted keyboard-interactive/pam for root from 188.194.69.160 port 38083 ssh2
/var/log/messages:Mar 4 07:41:20 hn /USR/SBIN/CRON[1667]: (root) CMD (sh /srv/www/coll.sh)
/var/log/messages:Mar 4 07:41:28 hn sshd[1557]: Received disconnect from 188.194.69.160: 11: disconnected by user
/var/log/messages:Mar 4 07:43:47 hn sshd[1716]: Accepted keyboard-interactive/pam for root from 188.194.69.160 port 38089 ssh2
/var/log/messages:Mar 4 07:43:47 hn sshd[1627]: Received disconnect from 188.194.69.160: 11: disconnected by user
/var/log/messages:Mar 4 07:43:47 hn sshd[1733]: Accepted keyboard-interactive/pam for root from 188.194.69.160 port 38090 ssh2
/var/log/messages:Mar 4 07:43:47 hn sshd[1737]: Accepted keyboard-interactive/pam for root from 188.194.69.160 port 38091 ssh2
/var/log/messages:Mar 4 07:43:47 hn sshd[1749]: Accepted keyboard-interactive/pam for root from 188.194.69.160 port 38093 ssh2
/var/log/messages:Mar 4 07:43:47 hn /USR/SBIN/CRON[1787]: (root) CMD (sh /srv/www/coll.sh)
/var/log/messages:Mar 4 07:43:47 hn sshd[1803]: Accepted keyboard-interactive/pam for root from 188.194.69.160 port 38097 ssh2
/var/log/messages:Mar 4 07:43:47 hn /USR/SBIN/CRON[1815]: (root) CMD (sh /srv/www/coll.sh)
/var/log/messages:Mar 4 07:43:47 hn proftpd[1820]: 88.198.18.48 (213.133.113.84[213.133.113.84]) - FTP session opened.
/var/log/messages:Mar 4 07:43:47 hn /USR/SBIN/CRON[1830]: (root) CMD (sh /srv/www/coll.sh)
/var/log/messages:Mar 4 07:43:47 hn proftpd[1843]: 88.198.18.48 (213.133.113.84[213.133.113.84]) - FTP session opened.
/var/log/messages:Mar 4 07:43:47 hn /USR/SBIN/CRON[1862]: (root) CMD (sh /srv/www/coll.sh)
/var/log/messages:Mar 4 07:43:47 hn systemd-logind[515]: New session 940 of user root.
/var/log/messages:Mar 4 07:43:47 hn systemd-logind[515]: Removed session 940.
/var/log/messages:Mar 4 07:43:47 hn systemd-logind[515]: New session 941 of user root.
/var/log/messages:Mar 4 07:43:47 hn systemd-logind[515]: New session 942 of user root.
/var/log/messages:Mar 4 07:43:47 hn systemd-logind[515]: Removed session 941.
/var/log/messages:Mar 4 07:43:47 hn systemd-logind[515]: Removed session 942.
/var/log/messages:Mar 4 07:43:47 hn sshd[1927]: Accepted keyboard-interactive/pam for root from 188.194.69.160 port 38115 ssh2
/var/log/messages:Mar 4 07:43:47 hn proftpd[1820]: 88.198.18.48 (213.133.113.84[213.133.113.84]) - FTP session closed.
/var/log/messages:Mar 4 07:43:47 hn proftpd[1843]: 88.198.18.48 (213.133.113.84[213.133.113.84]) - FTP session closed.
/var/log/messages:Mar 4 07:43:48 hn systemd-logind[515]: New session 948 of user root.
/var/log/messages:Mar 4 07:46:51 hn /USR/SBIN/CRON[2063]: (root) CMD (sh /srv/www/coll.sh)
/var/log/messages:Mar 4 07:47:30 hn /USR/SBIN/CRON[2166]: (root) CMD (sh /srv/www/coll.sh)
/var/log/messages:Mar 4 07:47:37 hn /USR/SBIN/CRON[2225]: (root) CMD (sh /srv/www/coll.sh)
Übereinstimmungen in Binärdatei /var/log/journal/590a05ae44da001f586ff6dd0000021d/system.journal.
/var/log/mail.warn:Mar 4 07:34:55 hn spamd[1064]: spamd: bad protocol: header error: (closed before headers)
