Server hängt sich aus nicht findbaren Gründen auf
Posted: 2013-03-04 08:34
Einen wunderschönen guten Morgen,
als ich mich heut morgen auf meinem Server anmelden wollte (fish) und ssh ging auf einmal load und memory hoch.
ein login war nicht mehr möglich! Ich habe den Server (bei Hetzner) dann per Robot restartet und danach ging alles wieder ganz normal.
In den logfiles finde ich auch nichts neues.
Der CRON der durchläuft, erstellt die collectd Grafiken.
Der Root der sich anmeldet bin ich (allerdings eigendlich nur einmal und nicht 5 mal pro sec wie um 07:43:47)
Hat jeman von euch ne Idee?
System: openSUSE 12.2
/var/log/messages
Andy
als ich mich heut morgen auf meinem Server anmelden wollte (fish) und ssh ging auf einmal load und memory hoch.
ein login war nicht mehr möglich! Ich habe den Server (bei Hetzner) dann per Robot restartet und danach ging alles wieder ganz normal.
In den logfiles finde ich auch nichts neues.
Der CRON der durchläuft, erstellt die collectd Grafiken.
Der Root der sich anmeldet bin ich (allerdings eigendlich nur einmal und nicht 5 mal pro sec wie um 07:43:47)
Hat jeman von euch ne Idee?
System: openSUSE 12.2
/var/log/messages
beste Dank im vorausMar 4 07:30:44 hn proftpd[874]: 88.198.18.48 (213.133.113.84[213.133.113.84]) - FTP session opened.
Mar 4 07:30:44 hn proftpd[874]: 88.198.18.48 (213.133.113.84[213.133.113.84]) - Preparing to chroot to directory '/srv/www/vhosts/test.hn.vc'
Mar 4 07:30:44 hn proftpd[874]: 88.198.18.48 (213.133.113.84[213.133.113.84]) - USER andy-test.hn.vc: Login successful.
Mar 4 07:30:44 hn proftpd[874]: 88.198.18.48 (213.133.113.84[213.133.113.84]) - FTP session closed.
Mar 4 07:31:01 hn /USR/SBIN/CRON[880]: (root) CMD (sh /srv/www/coll.sh)
Mar 4 07:32:01 hn /USR/SBIN/CRON[943]: (root) CMD (sh /srv/www/coll.sh)
Mar 4 07:33:01 hn /USR/SBIN/CRON[997]: (root) CMD (sh /srv/www/coll.sh)
Mar 4 07:34:01 hn /USR/SBIN/CRON[1062]: (root) CMD (sh /srv/www/coll.sh)
Mar 4 07:34:22 hn sshd[1133]: reverse mapping checking getaddrinfo for xinnet-179.global-mail.cn [114.112.52.179] failed - POSSIBLE BREAK-IN ATTEMPT!
Mar 4 07:34:22 hn sshd[1133]: Invalid user ftpuser from 114.112.52.179
Mar 4 07:34:22 hn sshd[1133]: input_userauth_request: invalid user ftpuser [preauth]
Mar 4 07:34:23 hn sshd[1133]: Received disconnect from 114.112.52.179: 11: Bye Bye [preauth]
Mar 4 07:34:25 hn sshd[1135]: reverse mapping checking getaddrinfo for xinnet-179.global-mail.cn [114.112.52.179] failed - POSSIBLE BREAK-IN ATTEMPT!
Mar 4 07:34:25 hn sshd[1135]: Invalid user ftpuser from 114.112.52.179
Mar 4 07:34:25 hn sshd[1135]: input_userauth_request: invalid user ftpuser [preauth]
Mar 4 07:34:26 hn sshd[1135]: Received disconnect from 114.112.52.179: 11: Bye Bye [preauth]
Mar 4 07:34:26 hn named[1491]: error (network unreachable) resolving 'gmx.de/MX/IN': 2001:8d8:fe:53:0:d9a0:52c7:100#53
Mar 4 07:34:26 hn named[1491]: error (network unreachable) resolving 'gmx.de/MX/IN': 2001:8d8:fe:53:0:d9a0:51c7:100#53
Mar 4 07:34:26 hn named[1491]: error (network unreachable) resolving 'gmx.de/MX/IN': 2001:8d8:fe:53:0:d9a0:50c7:100#53
Mar 4 07:34:28 hn sshd[1142]: reverse mapping checking getaddrinfo for xinnet-179.global-mail.cn [114.112.52.179] failed - POSSIBLE BREAK-IN ATTEMPT!
Mar 4 07:34:28 hn sshd[1142]: Invalid user ftpuser from 114.112.52.179
Mar 4 07:34:28 hn sshd[1142]: input_userauth_request: invalid user ftpuser [preauth]
Mar 4 07:34:29 hn sshd[1142]: Received disconnect from 114.112.52.179: 11: Bye Bye [preauth]
Mar 4 07:34:32 hn sshd[1145]: reverse mapping checking getaddrinfo for xinnet-179.global-mail.cn [114.112.52.179] failed - POSSIBLE BREAK-IN ATTEMPT!
Mar 4 07:34:32 hn sshd[1145]: Invalid user ftpuser001 from 114.112.52.179
Mar 4 07:34:32 hn sshd[1145]: input_userauth_request: invalid user ftpuser001 [preauth]
Mar 4 07:34:32 hn sshd[1145]: Received disconnect from 114.112.52.179: 11: Bye Bye [preauth]
Mar 4 07:34:32 hn sshd[1173]: refused connect from 114.112.52.179 (114.112.52.179)
Mar 4 07:34:55 hn ispcp_daemon[1193]: child 1193 started!
Mar 4 07:34:55 hn ispcp_daemon[1193]: Aeee! SIG_PIPE was received! Will we survive?
Mar 4 07:34:55 hn ispcp_daemon[1193]: send_line(): socket write error: Broken pipe
Mar 4 07:34:55 hn ispcp_daemon[1193]: read_line(): socket EOF! other end closed the connection!
Mar 4 07:34:55 hn ispcp_daemon[1458]: EINTR was received! continue;
Mar 4 07:34:55 hn proftpd[1194]: 88.198.18.48 (88.198.18.48[88.198.18.48]) - FTP session opened.
Mar 4 07:34:55 hn proftpd[1194]: 88.198.18.48 (88.198.18.48[88.198.18.48]) - FTP session closed.
Mar 4 07:34:55 hn sshd[1198]: Did not receive identification string from 88.198.18.48
Mar 4 07:35:01 hn /USR/SBIN/CRON[1221]: (root) CMD (sh /srv/www/coll.sh)
Mar 4 07:36:01 hn /USR/SBIN/CRON[1280]: (root) CMD (sh /srv/www/coll.sh)
Mar 4 07:36:19 hn proftpd[1336]: 88.198.18.48 (213.133.113.83[213.133.113.83]) - FTP session opened.
Mar 4 07:36:19 hn proftpd[1336]: 88.198.18.48 (213.133.113.83[213.133.113.83]) - Preparing to chroot to directory '/srv/www/vhosts/test.hn.vc'
Mar 4 07:36:19 hn proftpd[1336]: 88.198.18.48 (213.133.113.83[213.133.113.83]) - USER andy-test.hn.vc: Login successful.
Mar 4 07:36:20 hn proftpd[1336]: 88.198.18.48 (213.133.113.83[213.133.113.83]) - FTP session closed.
Mar 4 07:37:01 hn /USR/SBIN/CRON[1373]: (root) CMD (sh /srv/www/coll.sh)
Mar 4 07:38:01 hn /USR/SBIN/CRON[1430]: (root) CMD (sh /srv/www/coll.sh)
Mar 4 07:39:17 hn sshd[1497]: Accepted keyboard-interactive/pam for root from 188.194.69.160 port 38080 ssh2
Mar 4 07:39:56 hn sshd[1497]: Received disconnect from 188.194.69.160: 11: disconnected by user
Mar 4 07:41:00 hn sshd[1557]: Accepted keyboard-interactive/pam for root from 188.194.69.160 port 38081 ssh2
Mar 4 07:41:15 hn sshd[1627]: Accepted keyboard-interactive/pam for root from 188.194.69.160 port 38083 ssh2
Mar 4 07:41:20 hn /USR/SBIN/CRON[1667]: (root) CMD (sh /srv/www/coll.sh)
Mar 4 07:41:28 hn sshd[1557]: Received disconnect from 188.194.69.160: 11: disconnected by user
Mar 4 07:43:47 hn sshd[1716]: Accepted keyboard-interactive/pam for root from 188.194.69.160 port 38089 ssh2
Mar 4 07:43:47 hn sshd[1627]: Received disconnect from 188.194.69.160: 11: disconnected by user
Mar 4 07:43:47 hn sshd[1733]: Accepted keyboard-interactive/pam for root from 188.194.69.160 port 38090 ssh2
Mar 4 07:43:47 hn sshd[1737]: Accepted keyboard-interactive/pam for root from 188.194.69.160 port 38091 ssh2
Mar 4 07:43:47 hn sshd[1749]: Accepted keyboard-interactive/pam for root from 188.194.69.160 port 38093 ssh2
Mar 4 07:43:47 hn /USR/SBIN/CRON[1787]: (root) CMD (sh /srv/www/coll.sh)
Mar 4 07:43:47 hn sshd[1803]: Accepted keyboard-interactive/pam for root from 188.194.69.160 port 38097 ssh2
Mar 4 07:43:47 hn /USR/SBIN/CRON[1815]: (root) CMD (sh /srv/www/coll.sh)
Mar 4 07:43:47 hn proftpd[1820]: 88.198.18.48 (213.133.113.84[213.133.113.84]) - FTP session opened.
Mar 4 07:43:47 hn /USR/SBIN/CRON[1830]: (root) CMD (sh /srv/www/coll.sh)
Mar 4 07:43:47 hn proftpd[1843]: 88.198.18.48 (213.133.113.84[213.133.113.84]) - FTP session opened.
Mar 4 07:43:47 hn /USR/SBIN/CRON[1862]: (root) CMD (sh /srv/www/coll.sh)
Mar 4 07:43:47 hn systemd-logind[515]: New session 940 of user root.
Mar 4 07:43:47 hn systemd-logind[515]: Removed session 940.
Mar 4 07:43:47 hn systemd-logind[515]: New session 941 of user root.
Mar 4 07:43:47 hn systemd-logind[515]: New session 942 of user root.
Mar 4 07:43:47 hn systemd-logind[515]: Removed session 941.
Mar 4 07:43:47 hn systemd-logind[515]: Removed session 942.
Mar 4 07:43:47 hn sshd[1927]: Accepted keyboard-interactive/pam for root from 188.194.69.160 port 38115 ssh2
Mar 4 07:43:47 hn proftpd[1820]: 88.198.18.48 (213.133.113.84[213.133.113.84]) - FTP session closed.
Mar 4 07:43:47 hn proftpd[1843]: 88.198.18.48 (213.133.113.84[213.133.113.84]) - FTP session closed.
Mar 4 07:43:48 hn systemd-logind[515]: New session 948 of user root.
Mar 4 07:46:51 hn /USR/SBIN/CRON[2063]: (root) CMD (sh /srv/www/coll.sh)
Mar 4 07:47:30 hn /USR/SBIN/CRON[2166]: (root) CMD (sh /srv/www/coll.sh)
Mar 4 07:47:37 hn /USR/SBIN/CRON[2225]: (root) CMD (sh /srv/www/coll.sh)
Andy