LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 06-25-2012, 11:10 AM   #16
plisken
Member
 
Registered: Dec 2001
Location: Scotland
Distribution: Slackware 9.1/13.37/14 RedHat 6.2/7/EL6.5 SuSE 8.2/11.1
Posts: 454

Original Poster
Rep: Reputation: 30

UPDATE;

I know its been a while, but thought problem had gone, had deleted my "suspect" cron job, but today, couldnt ssh in and when I got home, in from of the server, found the following:

https://www.dropbox.com/s/y39qqyhqbd...618_184337.jpg

https://www.dropbox.com/s/fjg3zlqcas...625_163728.jpg

https://www.dropbox.com/s/lws9ecpof0...625_163816.jpg

The 3rd one above, was after opening up a new console [alt+F*] and as soon as I hit the keyboard to enter a username, this appeared.


Now I'm not entirely sure if this is the same issue that I've been having but certinly, log files show a mess of strange chars and timestamps, I'll try and capture the sections of serure maillog and messages and post later.

Note, during this, there server still serves web pages apparently without issue, but I cant ssh in and in previous times (guesing this time would have been the same), the number of processes running was huge.

All comments appreciated and apologies if I should have started another thread.

Thanks
 
Old 06-25-2012, 11:37 AM   #17
pan64
Senior Member
 
Registered: Mar 2012
Location: Hungary
Distribution: debian i686 (solaris)
Posts: 4,478

Rep: Reputation: 1220Reputation: 1220Reputation: 1220Reputation: 1220Reputation: 1220Reputation: 1220Reputation: 1220Reputation: 1220Reputation: 1220
that looks like a damaged filesystem (or disk)
 
Old 06-25-2012, 11:45 AM   #18
plisken
Member
 
Registered: Dec 2001
Location: Scotland
Distribution: Slackware 9.1/13.37/14 RedHat 6.2/7/EL6.5 SuSE 8.2/11.1
Posts: 454

Original Poster
Rep: Reputation: 30
/var/log/secure
Code:
Jun 24 04:53:10 morpheus proftpd[19968]: connect from 122.161.208.102
Jun 24 04:56:23 morpheus in.comsat[19979]: connect from 127.0.0.1
Jun 24 04:58:59 morpheus in.comsat[19992]: connect from 127.0.0.1
Jun 24 05:00:44 morpheus popa3d[19995]: connect from 209.85.210.24
Jun 24 05:04:23 morpheus in.comsat[20004]: connect from 127.0.0.1
Jun 24 05:11:15 morpheus in.comsat[20017]: connect from 127.0.0.1
Jun 24 05:23:05 morpheus popa3d[20037]: connect from 74.125.82.8
Jun 24 05:24:13 morpheus popa3d[20040]: connect from 209.85.210.22
Jun 24 05:28:46 morpheus in.comsat[20065]: connect from 127.0.0.1
Jun 24 05:50:16 morpheus popa3d[20113]: connect from 209.85.160.15
Jun 24 05:51:00 morpheus in.comsat[20124]: connect from 127.0.0.1
Jun 24 06:02:57 morpheus in.comsat[20144]: connect from 127.0.0.1
Jun 24 06:11:20 morpheus in.comsat[20168]: connect from 127.0.0.1
Jun 24 06:13:29 morpheus in.comsat[20175]: connect from 127.0.0.1
Jun 24 06:19:10 morpheus in.comsat[20191]: connect from 127.0.0.1
Jun 24 06:19:13 morpheus popa3d[20185]: connect from 209.85.210.25
Jun 24 06:23:05 morpheus popa3d[20207]: connect from 74.125.82.164
Jun 24 06:23:16 morpheus in.comsat[20214]: connect from 127.0.0.1
Jun 24 06:27:06 morpheus proftpd[20229]: connect from 70.183.118.42
Jun 24 06:39:56 morpheus in.comsat[20267]: connect from 127.0.0.1
Jun 24 06:51:24 morpheus popa3d[20301]: connect from 209.85.160.1
Jun 24 06:52:41 morpheus in.comsat[20312]: connect from 127.0.0.1
Jun 24 07:13:52 morpheus in.comsat[20344]: connect from 127.0.0.1
Jun 24 07:18:34 morpheus in.comsat[20351]: connect from 127.0.0.1
Jun 24 07:20:21 morpheus popa3d[20355]: connect from 209.85.210.33
Jun 24 07:22:12 morpheus in.comsat[20368]: connect from 127.0.0.1
Jun 24 07:23:05 morpheus popa3d[20369]: connect from 209.85.212.149
Jun 24 07:33:38 morpheus in.comsat[20386]: connect from 127.0.0.1
Jun 24 07:49:20 morpheus in.comsat[20469]: connect from 127.0.0.1
Jun 24 07:52:30 morpheus popa3d[20476]: connect from 209.85.210.32
Jun 24 08:08:21 morpheus in.comsat[20507]: connect from 127.0.0.1
Jun 24 08:13:22 morpheus in.comsat[20522]: connect from 127.0.0.1
Jun 24 08:19:43 morpheus in.comsat[20543]: connect from 127.0.0.1
Jun 24 08:21:28 morpheus popa3d[20547]: connect from 209.85.210.35
Jun 24 08:23:06 morpheus popa3d[20550]: connect from 209.85.212.154
Jun 24 08:28:57 morpheus in.comsat[20566]: connect from 127.0.0.1
Jun 24 08:36:31 morpheus in.comsat[20584]: connect from 127.0.0.1
Jun 24 08:41:01 morpheus popa3d[20590]: connect from 95.145.192.0
Jun 24 08:42:39 morpheus in.comsat[20596]: connect from 127.0.0.1
Jun 24 08:47:31 morpheus popa3d[20626]: connect from 209.85.210.30
Jun 24 08:52:21 morpheus popa3d[20639]: connect from 95.145.192.0
Jun 24 09:09:03 morpheus in.comsat[20673]: connect from 127.0.0.1
Jun 24 09:14:45 morpheus in.comsat[20690]: connect from 127.0.0.1
Jun 24 09:16:27 morpheus popa3d[20691]: connect from 209.85.160.5
Jun 24 09:20:22 morpheus in.comsat[20703]: connect from 127.0.0.1
Jun 24 09:23:07 morpheus popa3d[20707]: connect from 209.85.212.152
Jun 24 09:24:05 morpheus in.comsat[20715]: connect from 127.0.0.1
Jun 24 09:39:28 morpheus in.comsat[20745]: connect from 127.0.0.1
Jun 24 09:41:48 morpheus in.comsat[20756]: connect from 127.0.0.1
Jun 24 09:42:29 morpheus popa3d[20763]: connect from 209.85.160.25
Jun 24 09:46:14 morpheus in.comsat[20777]: connect from 127.0.0.1
Jun 24 09:56:04 morpheus in.comsat[20829]: connect from 127.0.0.1
Jun 24 10:01:23 morpheus in.comsat[20846]: connect from 127.0.0.1
Jun 24 10:11:24 morpheus popa3d[20866]: connect from 209.85.210.16
Jun 24 10:23:07 morpheus popa3d[20892]: connect from 209.85.212.167
Jun 24 10:26:40 morpheus popa3d[20898]: connect from 1.212.188.69
Jun 24 10:26:51 morpheus popa3d[20901]: connect from 1.212.188.69
Jun 24 10:27:03 morpheus popa3d[20906]: connect from 1.212.188.69
Jun 24 10:27:14 morpheus popa3d[20909]: connect from 1.212.188.69
Jun 24 10:27:25 morpheus popa3d[20912]: connect from 1.212.188.69
Jun 24 10:27:37 morpheus popa3d[20915]: connect from 1.212.188.69
Jun 24 10:27:48 morpheus popa3d[20918]: connect from 1.212.188.69
Jun 24 10:28:00 morpheus popa3d[20921]: connect from 1.212.188.69
Jun 24 10:28:11 morpheus popa3d[20924]: connect from 1.212.188.69
Jun 24 10:28:23 morpheus popa3d[20927]: connect from 1.212.188.69
Jun 24 10:28:34 morpheus popa3d[20930]: connect from 1.212.188.69
Jun 24 10:28:45 morpheus popa3d[20933]: connect from 1.212.188.69
Jun 24 10:28:57 morpheus popa3d[20936]: connect from 1.212.188.69
Jun 24 10:29:08 morpheus popa3d[20940]: connect from 1.212.188.69
Jun 24 10:29:20 morpheus popa3d[20943]: connect from 1.212.188.69
Jun 24 10:29:31 morpheus popa3d[20946]: connect from 1.212.188.69
Jun 24 10:29:42 morpheus popa3d[20949]: connect from 1.212.188.69
Jun 24 10:29:54 morpheus popa3d[20952]: connect from 1.212.188.69
Jun 24 10:30:05 morpheus popa3d[20955]: connect from 1.212.188.69
Jun 24 10:30:17 morpheus popa3d[20958]: connect from 1.212.188.69
Jun 24 10:30:28 morpheus popa3d[20962]: connect from 1.212.188.69
Jun 24 10:30:40 morpheus popa3d[20965]: connect from 1.212.188.69
Jun 24 10:30:51 morpheus popa3d[20968]: connect from 1.212.188.69
Jun 24 10:31:02 morpheus popa3d[20971]: connect from 1.212.188.69
Jun 24 10:31:14 morpheus popa3d[20974]: connect from 1.212.188.69
Jun 24 10:31:25 morpheus popa3d[20977]: connect from 1.212.188.69
Jun 24 10:31:37 morpheus popa3d[20980]: connect from 1.212.188.69
Jun 24 10:31:48 morpheus popa3d[20983]: connect from 1.212.188.69
Jun 24 10:31:59 morpheus popa3d[20986]: connect from 1.212.188.69
Jun 24 10:32:11 morpheus popa3d[20990]: connect from 1.212.188.69
Jun 24 10:32:22 morpheus popa3d[20993]: connect from 1.212.188.69
Jun 24 10:32:34 morpheus popa3d[20996]: connect from 1.212.188.69
Jun 24 10:32:45 morpheus popa3d[21001]: connect from 1.212.188.69
Jun 24 10:32:56 morpheus popa3d[21004]: connect from 1.212.188.69
Jun 24 10:33:08 morpheus popa3d[21008]: connect from 1.212.188.69
Jun 24 10:33:19 morpheus popa3d[21011]: connect from 1.212.188.69
Jun 24 10:33:31 morpheus popa3d[21014]: connect from 1.212.188.69
Jun 24 10:33:42 morpheus popa3d[21019]: connect from 1.212.188.69
Jun 24 10:33:54 morpheus popa3d[21024]: connect from 1.212.188.69
Jun 24 10:34:05 morpheus popa3d[21027]: connect from 1.212.188.69
Jun 24 10:34:17 morpheus popa3d[21030]: connect from 1.212.188.69
Jun 24 10:34:28 morpheus popa3d[21033]: connect from 1.212.188.69
Jun 24 10:34:39 morpheus popa3d[21036]: connect from 1.212.188.69
Jun 24 10:34:51 morpheus popa3d[21039]: connect from 1.212.188.69
Jun 24 10:35:02 morpheus popa3d[21042]: connect from 1.212.188.69
Jun 24 10:35:14 morpheus popa3d[21045]: connect from 1.212.188.69
Jun 24 10:35:25 morpheus popa3d[21048]: connect from 1.212.188.69
Jun 24 10:35:36 morpheus popa3d[21051]: connect from 1.212.188.69
Jun 24 10:35:48 morpheus popa3d[21054]: connect from 1.212.188.69
Jun 24 10:35:59 morpheus popa3d[21058]: connect from 1.212.188.69
Jun 24 10:36:11 morpheus popa3d[21061]: connect from 1.212.188.69
Jun 24 10:36:22 morpheus popa3d[21064]: connect from 1.212.188.69
Jun 24 10:36:34 morpheus popa3d[21067]: connect from 1.212.188.69
Jun 24 10:36:45 morpheus popa3d[21071]: connect from 1.212.188.69
Jun 24 10:36:56 morpheus popa3d[21075]: connect from 1.212.188.69
Jun 24 10:37:08 morpheus popa3d[21079]: connect from 1.212.188.69
Jun 24 10:37:19 morpheus popa3d[21082]: connect from 1.212.188.69
Jun 24 10:37:25 morpheus popa3d[21083]: connect from 209.85.210.10
Jun 24 10:37:30 morpheus popa3d[21086]: connect from 1.212.188.69
Jun 24 10:37:49 morpheus popa3d[21091]: connect from 1.212.188.69
Jun 24 10:38:01 morpheus popa3d[21094]: connect from 1.212.188.69
Jun 24 10:38:12 morpheus popa3d[21097]: connect from 1.212.188.69
Jun 24 10:38:23 morpheus popa3d[21100]: connect from 1.212.188.69
Jun 24 10:38:35 morpheus popa3d[21103]: connect from 1.212.188.69
Jun 24 10:38:46 morpheus popa3d[21106]: connect from 1.212.188.69
Jun 24 10:38:57 morpheus popa3d[21110]: connect from 1.212.188.69
Jun 24 10:39:09 morpheus popa3d[21113]: connect from 1.212.188.69
Jun 24 10:39:20 morpheus popa3d[21117]: connect from 1.212.188.69
Jun 24 10:39:32 morpheus popa3d[21120]: connect from 1.212.188.69
Jun 24 10:39:43 morpheus popa3d[21123]: connect from 1.212.188.69
Jun 24 10:39:54 morpheus popa3d[21127]: connect from 1.212.188.69
Jun 24 10:40:01 morpheus in.comsat[21135]: connect from 127.0.0.1
Jun 24 10:40:06 morpheus popa3d[21134]: connect from 1.212.188.69
Jun 24 10:40:17 morpheus popa3d[21138]: connect from 1.212.188.69
Jun 24 10:40:29 morpheus popa3d[21141]: connect from 1.212.188.69
Jun 24 10:40:40 morpheus popa3d[21144]: connect from 1.212.188.69
Jun 24 10:40:51 morpheus popa3d[21147]: connect from 1.212.188.69
Jun 24 10:41:03 morpheus popa3d[21151]: connect from 1.212.188.69
Jun 24 10:41:14 morpheus popa3d[21154]: connect from 1.212.188.69
Jun 24 10:41:26 morpheus popa3d[21158]: connect from 1.212.188.69
Jun 24 10:41:37 morpheus popa3d[21161]: connect from 1.212.188.69
Jun 24 10:41:48 morpheus popa3d[21168]: connect from 1.212.188.69
Jun 24 10:42:00 morpheus popa3d[21171]: connect from 1.212.188.69
Jun 24 10:42:11 morpheus popa3d[21175]: connect from 1.212.188.69
Jun 24 10:42:23 morpheus popa3d[21178]: connect from 1.212.188.69
Jun 24 10:42:34 morpheus popa3d[21181]: connect from 1.212.188.69
Jun 24 10:42:46 morpheus popa3d[21184]: connect from 1.212.188.69
Jun 24 10:42:57 morpheus popa3d[21187]: connect from 1.212.188.69
Jun 24 10:43:08 morpheus popa3d[21190]: connect from 1.212.188.69
Jun 24 10:43:20 morpheus popa3d[21193]: connect from 1.212.188.69
Jun 24 10:43:31 morpheus popa3d[21196]: connect from 1.212.188.69
Jun 24 10:43:43 morpheus popa3d[21199]: connect from 1.212.188.69
Jun 24 10:43:54 morpheus popa3d[21202]: connect from 1.212.188.69
Jun 24 10:44:05 morpheus popa3d[21205]: connect from 1.212.188.69
Jun 24 10:44:17 morpheus popa3d[21208]: connect from 1.212.188.69
Jun 24 10:44:28 morpheus in.comsat[21217]: connect from 127.0.0.1
Jun 24 10:44:28 morpheus popa3d[21212]: connect from 1.212.188.69
Jun 24 10:44:40 morpheus popa3d[21220]: connect from 1.212.188.69
Jun 24 10:44:51 morpheus popa3d[21224]: connect from 1.212.188.69
Jun 24 10:46:46 morpheus in.comsat[21231]: connect from 127.0.0.1
Jun 24 11:01:04 morpheus in.comsat[21273]: connect from 127.0.0.1
Jun 24 11:06:20 morpheus popa3d[21278]: connect from 209.85.160.7
Jun 24 11:17:51 morpheus in.comsat[21304]: connect from 127.0.0.1
Jun 24 11:23:07 morpheus popa3d[21313]: connect from 74.125.82.5
Jun 24 11:31:12 morpheus in.comsat[21325]: connect from 127.0.0.1
Jun 24 11:32:20 morpheus popa3d[21327]: connect from 209.85.160.17
Jun 24 11:34:29 morpheus in.comsat[21337]: connect from 127.0.0.1
Jun 24 11:55:43 morpheus popa3d[21391]: connect from 209.85.210.24
Jun 24 11:55:53 morpheus in.comsat[21400]: connect from 127.0.0.1
Jun 24 12:03:13 morpheus in.comsat[21422]: connect from 127.0.0.1
Jun 24 12:05:36 morpheus in.comsat[21431]: connect from 127.0.0.1
Jun 24 12:08:24 morpheus in.comsat[21439]: connect from 127.0.0.1
Jun 24 12:18:56 morpheus in.comsat[21466]: connect from 127.0.0.1
Jun 24 12:21:44 morpheus popa3d[21471]: connect from 209.85.160.4
Jun 24 12:23:08 morpheus popa3d[21480]: connect from 209.85.212.157
Jun 24 12:31:17 morpheus in.comsat[21507]: connect from 127.0.0.1
Jun 24 12:41:35 morpheus in.comsat[21524]: connect from 127.0.0.1
Jun 24 12:45:07 morpheus popa3d[21536]: connect from 209.85.210.25
Jun 24 12:48:31 morpheus in.comsat[21568]: connect from 127.0.0.1
Jun 24 12:51:49 morpheus in.comsat[21579]: connect from 127.0.0.1
Jun 24 13:06:11 morpheus popa3d[21603]: connect from 209.85.160.31
Jun 24 13:13:20 morpheus in.comsat[21617]: connect from 127.0.0.1
Jun 24 13:21:58 morpheus in.comsat[21645]: connect from 127.0.0.1
Jun 24 13:23:08 morpheus popa3d[21649]: connect from 209.85.212.164
Jun 24 13:29:34 morpheus popa3d[21667]: connect from 209.85.160.19
Jun 24 13:35:24 morpheus in.comsat[21689]: connect from 127.0.0.1
Jun 24 13:39:30 morpheus in.comsat[21696]: connect from 127.0.0.1
Jun 24 13:43:10 morpheus in.comsat[21712]: connect from 127.0.0.1
Jun 24 13:47:31 morpheus in.comsat[21744]: connect from 127.0.0.1
Jun 24 13:50:36 morpheus popa3d[21773]: connect from 209.85.210.17
Jun 24 13:55:59 morpheus in.comsat[21823]: connect from 127.0.0.1
Jun 24 13:59:24 morpheus proftpd[21829]: connect from 175.161.219.70
Jun 24 14:09:30 morpheus popa3d[21840]: connect from 209.85.210.5
Jun 24 14:10:04 morpheus in.comsat[21848]: connect from 127.0.0.1
Jun 24 14:19:38 morpheus in.comsat[21865]: connect from 127.0.0.1
Jun 24 14:21:53 morpheus in.comsat[21878]: connect from 127.0.0.1
Jun 24 14:23:08 morpheus popa3d[21879]: connect from 74.125.82.10
Jun 24 14:30:32 morpheus popa3d[21891]: connect from 209.85.210.4
Jun 24 14:33:55 morpheus in.comsat[21902]: connect from 127.0.0.1
Jun 24 14:47:47 morpheus in.comsat[21968]: connect from 127.0.0.1
Jun 24 14:49:27 morpheus popa3d[21970]: connect from 209.85.160.39
Jun 24 14:53:58 morpheus in.comsat[21987]: connect from 127.0.0.1
Jun 24 14:59:56 morpheus in.comsat[22005]: connect from 127.0.0.1
Jun 24 15:02:34 morpheus in.comsat[22013]: connect from 127.0.0.1
Jun 24 15:06:24 morpheus in.comsat[22041]: connect from 127.0.0.1
Jun 24 15:10:28 morpheus popa3d[22048]: connect from 209.85.210.31
Jun 24 15:17:08 morpheus popa3d[22061]: connect from 74.125.82.144
Jun 24 15:18:04 morpheus in.comsat[22069]: connect from 127.0.0.1
Jun 24 15:22:43 morpheus in.comsat[22084]: connect from 127.0.0.1
Jun 24 15:26:41 morpheus in.comsat[22095]: connect from 127.0.0.1
Jun 24 15:33:50 morpheus popa3d[22126]: connect from 209.85.160.6
Jun 24 15:44:12 morpheus in.comsat[22144]: connect from 127.0.0.1
Jun 24 15:49:58 morpheus in.comsat[22176]: connect from 127.0.0.1
Jun 24 15:53:15 morpheus in.comsat[22189]: connect from 127.0.0.1
Jun 24 15:54:51 morpheus popa3d[22191]: connect from 209.85.160.22
Jun 24 16:01:51 morpheus proftpd[22216]: connect from 81.179.47.204
Jun 24 16:03:22 morpheus in.comsat[22226]: connect from 127.0.0.1
Jun 24 16:09:24 morpheus popa3d[22232]: connect from 95.145.192.0
Jun 24 16:17:08 morpheus popa3d[22272]: connect from 74.125.82.21
Jun 24 16:18:12 morpheus popa3d[22276]: connect from 209.85.160.8
Jun 24 16:35:22 morpheus in.comsat[22306]: connect from 127.0.0.1
Jun 24 16:39:56 morpheus proftpd[22309]: connect from 217.198.220.128
Jun 24 16:39:56 morpheus proftpd[22310]: connect from 217.198.220.128
Jun 24 16:44:09 morpheus popa3d[22319]: connect from 209.85.210.14
Jun 24 16:50:16 morpheus popa3d[22354]: connect from 90.211.182.166
Jun 24 16:52:53 morpheus in.comsat[22364]: connect from 127.0.0.1
Jun 24 17:05:10 morpheus in.comsat[22399]: connect from 127.0.0.1
Jun 24 17:12:57 morpheus popa3d[22415]: connect from 209.85.210.34
Jun 24 17:17:09 morpheus popa3d[22421]: connect from 209.85.212.159
Jun 24 17:19:59 morpheus in.comsat[22441]: connect from 127.0.0.1
Jun 24 17:28:00 morpheus in.comsat[22469]: connect from 127.0.0.1
Jun 24 17:31:23 morpheus in.comsat[22480]: connect from 127.0.0.1
Jun 24 17:35:03 morpheus in.comsat[22496]: connect from 127.0.0.1
Jun 24 17:37:47 morpheus in.comsat[22512]: connect from 127.0.0.1
Jun 24 17:38:51 morpheus popa3d[22515]: connect from 209.85.160.19
Jun 24 17:45:13 morpheus in.comsat[22532]: connect from 127.0.0.1
Jun 24 18:02:11 morpheus popa3d[22580]: connect from 209.85.160.12
Jun 24 18:13:22 morpheus in.comsat[22608]: connect from 127.0.0.1
Jun 24 18:17:08 morpheus popa3d[22615]: connect from 74.125.82.10
Jun 24 18:20:32 morpheus in.comsat[22627]: connect from 127.0.0.1
Jun 24 18:26:29 morpheus in.comsat[22642]: connect from 127.0.0.1
Jun 24 18:28:05 morpheus popa3d[22645]: connect from 209.85.160.24
Jun 24 18:30:13 morpheus popa3d[22653]: connect from 90.211.182.166
Jun 24 18:32:42 morpheus in.comsat[22664]: connect from 127.0.0.1
Jun 24 18:38:55 morpheus in.comsat[22678]: connect from 127.0.0.1
Jun 24 18:51:23 morpheus popa3d[22724]: connect from 209.85.160.32
Jun 24 18:54:30 morpheus in.comsat[22736]: connect from 127.0.0.1
Jun 24 18:57:17 morpheus in.comsat[22743]: connect from 127.0.0.1
Jun 24 18:57:36 morpheus popa3d[22744]: connect from 90.211.182.166
Jun 24 19:01:48 morpheus in.comsat[22770]: connect from 127.0.0.1
Jun 24 19:13:07 morpheus popa3d[22809]: connect from 90.211.182.166
Jun 24 19:17:09 morpheus popa3d[22822]: connect from 209.85.212.131
Jun 24 19:17:16 morpheus popa3d[22827]: connect from 209.85.210.39
Jun 24 19:17:20 morpheus in.comsat[22832]: connect from 127.0.0.1
Jun 24 19:20:42 morpheus in.comsat[22855]: connect from 127.0.0.1
Jun 24 19:22:40 morpheus popa3d[22856]: connect from 90.211.182.166
Jun 24 19:32:20 morpheus in.comsat[22870]: connect from 127.0.0.1
Jun 24 19:32:36 morpheus popa3d[22873]: connect from 90.211.182.166
Jun 24 19:40:33 morpheus popa3d[22882]: connect from 209.85.210.1
Jun 24 19:42:52 morpheus popa3d[22887]: connect from 90.211.182.166
Jun 24 19:49:34 morpheus popa3d[22918]: connect from 90.211.182.166
Jun 24 19:53:14 morpheus popa3d[22933]: connect from 90.211.182.166
Jun 24 19:58:51 morpheus in.comsat[22948]: connect from 127.0.0.1
Jun 24 20:01:30 morpheus popa3d[22951]: connect from 209.85.160.28
Jun 24 20:02:34 morpheus in.comsat[22962]: connect from 127.0.0.1
Jun 24 20:03:04 morpheus popa3d[22963]: connect from 90.211.182.166
Jun 24 20:12:52 morpheus in.comsat[23002]: connect from 127.0.0.1
Jun 24 20:12:58 morpheus popa3d[23001]: connect from 90.211.182.166
Jun 24 20:17:09 morpheus popa3d[23012]: connect from 74.125.82.134
Jun 24 20:20:05 morpheus in.comsat[23022]: connect from 127.0.0.1
Jun 24 20:22:25 morpheus in.comsat[23036]: connect from 127.0.0.1
Jun 24 20:23:28 morpheus popa3d[23037]: connect from 90.211.182.166
Jun 24 20:24:46 morpheus popa3d[23043]: connect from 209.85.210.17
Jun 24 20:26:27 morpheus popa3d[23047]: connect from 90.211.182.166
�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������[794]: connect from 61.135.207.195
May 27 13:07:50 morpheus popa3d[797]: connect from 61.135.207.195
May 27 13:08:02 morpheus popa3d[800]: connect from 61.135.207.195
May 27 13:08:16 morpheus popa3d[803]: connect from 61.135.207.195
May 27 13:08:22 morpheus popa3d[806]: connect from 61.135.207.195
May 27 13:08:34 morpheus popa3d[809]: connect from 61.135.207.195
May 27 13:08:45 morpheus popa3d[812]: connect from 61.135.207.195
May 27 13:08:57 morpheus popa3d[815]: connect from 61.135.207.195
May 27 13:09:14 morpheus in.comsat[822]: connect from 127.0.0.1
May 27 13:09:53 morpheus popa3d[824]: connect from 61.135.207.195
May 2Jun 25 16:40:43 morpheus in.comsat[432]: connect from 127.0.0.1
Jun 25 16:40:54 morpheus webmin[503]: Webmin starting 
Jun 25 16:43:14 morpheus login[524]: ROOT LOGIN  on `tty1'
Jun 25 16:47:48 morpheus in.comsat[708]: connect from 127.0.0.1
Jun 25 16:49:55 morpheus login[525]: ROOT LOGIN  on `tty2'
Jun 25 16:56:08 morpheus webmin[479]: Webmin starting 
Jun 25 16:56:55 morpheus in.comsat[530]: connect from 127.0.0.1
Jun 25 17:07:34 morpheus in.comsat[567]: connect from 127.0.0.1
Jun 25 17:08:28 morpheus su[597]: + pts/0 plisken-root
Jun 25 17:11:45 morpheus in.comsat[615]: connect from 127.0.0.1
 
Old 06-25-2012, 11:48 AM   #19
plisken
Member
 
Registered: Dec 2001
Location: Scotland
Distribution: Slackware 9.1/13.37/14 RedHat 6.2/7/EL6.5 SuSE 8.2/11.1
Posts: 454

Original Poster
Rep: Reputation: 30
/var/log/messages

Code:
Jun 24 20:12:58 morpheus popa3d[23001]: Authentication passed for thomas2
Jun 24 20:12:58 morpheus popa3d[23001]: 0 messages (0 bytes) loaded
Jun 24 20:12:58 morpheus popa3d[23001]: 0 (0) deleted, 0 (0) left
Jun 24 20:17:09 morpheus popa3d[23012]: Authentication passed for maggie
Jun 24 20:17:09 morpheus popa3d[23012]: 24 messages (1287945 bytes) loaded
Jun 24 20:17:10 morpheus popa3d[23012]: 1 (1726) deleted, 23 (1286219) left
Jun 24 20:23:28 morpheus popa3d[23037]: Authentication passed for thomas2
Jun 24 20:23:28 morpheus popa3d[23037]: 0 messages (0 bytes) loaded
Jun 24 20:23:28 morpheus popa3d[23037]: 0 (0) deleted, 0 (0) left
Jun 24 20:24:47 morpheus popa3d[23043]: Authentication passed for plisken
Jun 24 20:24:50 morpheus popa3d[23043]: 15479 messages (175635026 bytes) loaded
Jun 24 20:25:12 morpheus popa3d[23043]: 0 (0) deleted, 15479 (175635026) left
Jun 24 20:26:28 morpheus popa3d[23047]: Authentication passed for thomas2
Jun 24 20:26:28 morpheus popa3d[23047]: 0 messages (0 bytes) loaded
Jun 24 20:26:28 morpheus popa3d[23047]: 0 (0) deleted, 0 (0) left
������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������7 morpheus sm-mta[32585]: q4R9Pm6Q032584: to=<ian@whiteytech.com>, delay=00:00:07, xdelay=00:00:01, mailer=local, pri=30849, dsn=2.0.0, stat=Sent
May 27 10:26:09 morpheus spamd[25329]: prefork: child states: II 
May 27 10:26:50 morpheus sm-mta[32591]: q4R9Qn6Q032591: <modelsn@plumper.co.uk>... User unknown
May 27 10:26:50 morpheus sm-mta[32591]: q4R9Qn6Q032591: lost input channel from [59.11.52.160] to MTA after rcpt
May 27 10:26:50 morpheus sm-mta[32591]: q4R9Qn6Q032591: from=<modelsn@plumper.co.uk>, size=0, class=0, nrcpts=0, proto=SMTP, daemon=MTA, relay=[59.11.52.160]
May 27 10:41:07 morpheus sm-mta[32661]: q4R9f66Q032661: <monauralylq@whiteytech.com>... User unknown
May 27 10:41:08 morpheus sm-mta[32661]: q4R9f66Q032661: lost input channel from adsl-dynamic-pool-xxx.hcm.fpt.vn [118.68.53.133] (may be forged) to MTA after rcpt
May 27 10:41:08 morpheus sm-mta[32661]: q4R9f66Q032661: from=<monauralylq@whiteytech.com>, size=0, class=0, nrcpts=0, proto=SMTP, daemon=MTA, relay=adsl-dynamic-pool-xxx.hcm.fpt.vn [118.68.53.133] (may be forged)
May 27 10:46:02 morpheus sm-mta[32671]: q4R9k16Q032671: from=<info@SPUD.nl>, size=5908, class=0, nrcpts=1, msgid=<A38E1C25379141898F19B184401E8846@LocalHost>, proto=ESMTP, daemon=MTA, relay=[91.103.25.50]
May 27 10:46:03 morpheus spamd[25339]: spamd: connection from localhost [127.0.0.1] at port 38450 
May 27 10:46:03 morpheus spamd[25339]: spamd: setuid to plumper succeeded 
May 27 10:46:03 morpheus spamd[25339]: spamd: processing message <A38E1C25379141898F19B184401E8846@LocalHost> for plumper:1001 
May 27 10:46:17 morpheus spamd[25339]: spamd: identified spam (7.2/2.0) for plumper:1001 in 14.1 seconds, 6122 bytes. 
May 27 10:46:17 morpheus spamd[25339]: spamd: result: Y 7 - BAYES_99,DATE_IN_PAST_24_48,HTML_MESSAGE,NULL_IN_BODY,RDNS_NONE scantime=14.1,size=6122,user=plumper,uid=1001,required_score=2.0,rhost=localhost,raddr=127.0.0.1,rport=38450,mid=<A38E1C25379141898F19B184401E8846@LocalHost>,bayes=1.000000,autolearn=no 
May 27 10:46:17 morpheus sm-mta[32672]: q4R9k16Q032671: to=<webmaster@plumper.co.uk>, delay=00:00:15, xdelay=00:00:14, mailer=local, pri=36085, dsn=2.0.0, stat=Sent
May 27 10:46:19 morpheus spamd[25329]: prefork: child states: II 
May 27 10:52:17 morpheus sm-mta[32708]: q4R9qG6Q032708: ruleset=check_mail, arg1=<sojeviw@sportwinner.com.ua>, relay=93-87-224-5.dynamic.isp.telekom.rs [93.87.224.5] (may be forged), reject=553 5.1.8 <sojeviw@sportwinner.com.ua>... Domain of sender address sojeviw@sportwinner.com.ua does not exist
May 27 10:52:17 morpheus sm-mta[32708]: q4R9qG6Q032708: from=<sojeviw@sportwinner.com.ua>, size=0, class=0, nrcpts=0, proto=SMTP, daemon=MTA, relay=93-87-224-5.dynamic.isp.telekom.rs [93.87.224.5] (may be forged)
May 27 10:52:55 morpheus sm-mta[32710]: q4R9qj6Q032710: <evildoers@whiteytech.com>... User unknown
May 27 10:53:00 morpheus sm-mta[32710]: q4R9qj6Q032710: from=<cordovaeffie@jwp.com>, size=614, class=0, nrcpts=1, msgid=<23z27f59z21-58312145-377p8j99@vcqxdvjb>, proto=SMTP, daemon=MTA, relay=[59.103.197.107]
May 27 10:53:01 morpheus spamd[25339]: spamd: connection from localhost [127.0.0.1] at port 38457 
May 27 10:53:01 morpheus spamd[25339]: spamd: setuid to whitey succeeded 
May 27 10:53:01 morpheus spamd[25339]: spamd: processing message <23z27f59z21-58312145-377p8j99@vcqxdvjb> for whitey:1003 
May 27 10:53:01 morpheus spamd[25339]: spamd: identified spam (5.2/5.0) for whitey:1003 in 0.6 seconds, 867 bytes. 
May 27 10:53:01 morpheus spamd[25339]: spamd: result: Y 5 - BODY_ENHANCEMENT,BODY_ENHANCEMENT2,FRT_BIGGERMEM1,RDNS_NONE,SARE_ADLTSUB2,SARE_ADULT2,TW_VF scantime=0.6,size=867,user=whitey,uid=1003,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=38457,mid=<23z27f59z21-58312145-377p8j99@vcqxdvjb>,autolearn=no 
May 27 10:53:01 morpheus sm-mta[32711]: q4R9qj6Q032710: to=<ian@whiteytech.com>, delay=00:00:04, xdelay=00:00:00, mailer=local, pri=30787, dsn=2.0.0, stat=Sent
May 27 10:53:03 morpheus spamd[25329]: prefork: child states: II 
May 27 10:53:15 morpheus sm-mta[32719]: q4R9rE6Q032719: from=<hopefully174@rickywardda.com>, sizeom> for plumper:1001 
May 27 13:02:09 morpheus spamd[25339]: spamd: identified spam (13.0/2.0) for plumper:1001 in 1.3 seconds, 4661 bytes. 
May 27 13:02:09 morpheus spamd[25339]: spamd: result: Y 13 - AWL,BAYES_99,HTML_IMAGE_RATIO_04,HTML_MESSAGE,MIME_HTML_ONLY,SARE_SPEC_ROLEX,SARE_SPOOF_COM2COM,SARE_SPOOF_COM2OTH,SPOOF_COM2COM,SPOOF_COM2OTH,SUBJECT_NEEDS_ENCODING scantime=1.3,size=4661,user=plumper,uid=1001,required_score=2.0,rhost=localhost,raddr=127.0.0.1,rport=38537,mid=<201205271202.q4RC256Q000722@morpheus.david14.com>,bayes=1.000000,autolearn=no 
May 27 13:02:09 morpheus sm-mta[724]: q4RC256Q000722: to=<admind@top50.plumper.co.uk>, ctladdr=<admind@top50.plumper.co.uk> (1001/100), delay=00:00:02, xdelay=00:00:01, mailer=local, pri=34572, dsn=2.0.0, stat=Sent
May 27 13:02:11 morpheus spamd[25329]: prefork: child states: II 
May 27 13:02:19 morpheus sm-mta[723]: q4RC2J6Q000723: [91.214.199.73] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
May 27 13:02:33 morpheus sm-mta[728]: q4RC2X6Q000728: [91.214.199.73] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
May 27 13:02:38 morpheus sm-mta[729]: q4RC2c6Q000729: [91.214.199.73] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
May 27 13:06:25 morpheus sm-mta[755]: q4RC6P6Q000755: from=<kilogramsz68@randenvironmental.com>, size=2402, class=0, nrcpts=1, msgid=<167837625285146319994761826163292038693590505678457991273288739077068848809623888893615362.36475637, proto=ESMTP, daemon=MTA, relay=92-245-199-88.nr.satronet.sk [92.245.199.88] (may be forged)
May 27 13:06:26 morpheus spamd[25339]: spamd: connection from localhost [127.0.0.1] at port 38548 
May 27 13:06:26 morpheus spamd[25339]: spamd: setuid to plumper succeeded 
May 27 13:06:26 morpheus spamd[25339]: spamd: processing message <167837625285146319994761826163292038693590505678457991273288739077068848809623888893615362.36475637207.845@mta900.em.linkedin.com> for plumper:1001 
May 27 13:06:27 morpheus spamd[25339]: spamd: identified spam (12.8/2.0) for plumper:1001 in 1.3 seconds, 2763 bytes. 
May 27 13:06:27 morpheus spamd[25339]: spamd: result: Y 12 - BAYES_99,FH_HELO_EQ_D_D_D_D,FORGED_HOTMAIL_RCVD2,HELO_DYNAMIC_IPADDR2,HTML_MESSAGE,PLING_QUERY,RDNS_DYNAMIC,TVD_RCVD_IP scantime=1.3,size=2763,user=plumper,uid=1001,required_score=2.0,rhost=localhost,raddr=127.0.0.1,rport=38548,mid=<167837625285146319994761826163292038693590505678457991273288739077068848809623888893615362.36475637207.845@mta900.em.linkedin.com>,bayes=1.000000,autolearn=no 
May 27 13:06:27 morpheus sm-mta[765]: q4RC6P6Q000755: to=<fnme@top50.plumper.co.uk>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=32652, dsn=2.0.0, stat=Sent
May 27 13:06:29 morpheus spamd[25329]: prefork: child states: II 
May 27 13:09:12 morpheus sm-mta[817]: q4RC9C6Q000817: from=<debarsqk338@royalpackers.com>, size=2389, class=0, nrcpts=1, msgid=<676245530432427505575895410035778450875726884375389499831967138123890387315129674693786796.83151851, proto=ESMTP, daemon=MTA, relay=[46.217.39.202]
May 27 13:09:13 morpheus spamd[25339]: spamd: connection from localhost [127.0.0.1] at port 38561 
May 27 13:09:13 morpheus spamd[25339]: spamd: setuid to plumper succeeded 
May 27 13:09:13 morpheus spamd[25339]: spamd: processing message <676245530432427505575895410035778450875726884375389499831967138123890387315129674693786796.83151851596.345@mta900.em.linkedin.com> for plumper:1001 
May 27 13:09:14 morpheus spamd[25339]: spamd: identified spam (6.5/2.0) for plumper:1001 in 1.3 seconds, 2672 bytes. 
May 27 13:09:14 morpheus spamd[25339]: spamd: result: Y 6 - BAYES_99,FORGED_HOTMAIL_RCVD2,HTML_MESSAGE,RDNS_NONE,TVD_RCVD_SINGLE scantime=1.3,size=2672,user=plumper,uid=1001,required_score=2.0,rhost=localhost,raddr=127.0.0.1,rport=38561,mid=<676245530432427505575895410035778450875726884375389499831967138123890387315129674693786796.83151851596.345@mta900.em.linkedin.com>,bayes=1.000000,autolearn=no 
May 27 13:09:14 morpheus sm-mta[818]: q4RC9C6Q000817: to=<ddaw@top50.plumper.co.uk>, delay=00:00:02, xdelay=00:00:01, mailer=local, pri=32573, dsn=2.0.0, stat=Sent
 connection to MTA
May 28 02:45:50 morpheus sm-mta[4157]: q4S1jo6Q004157: 91x144x154x228.static-business.chelny.ertelecom.ru [91.144.154.228] (may be forged) did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
May 28 02:45:53 morpheus sm-mta[4161]: q4S1jq6Q004161: 91x144x154x228.static-business.chelny.ertelecom.ru [91.144.154.2Jun 25 16:40:31 morpheus syslogd 1.4.1: restart.
Jun 25 16:40:32 morpheus kernel: klogd 1.4.1, log source = /proc/kmsg started.
Jun 25 16:40:32 morpheus kernel: BIOS-provided physical RAM map:
Jun 25 16:40:32 morpheus kernel: 511MB LOWMEM available.
Jun 25 16:40:32 morpheus kernel: Initializing CPU#0
Jun 25 16:40:32 morpheus kernel: Memory: 514764k/524280k available (2193k kernel code, 9132k reserved, 652k data, 124k init, 0k highmem)
Jun 25 16:40:32 morpheus kernel: Dentry cache hash table entries: 65536 (order: 7, 524288 bytes)
Jun 25 16:40:32 morpheus kernel: Inode cache hash table entries: 32768 (order: 6, 262144 bytes)
Jun 25 16:40:32 morpheus kernel: Mount cache hash table entries: 512 (order: 0, 4096 bytes)
Jun 25 16:40:32 morpheus kernel: Buffer cache hash table entries: 32768 (order: 5, 131072 bytes)
Jun 25 16:40:32 morpheus kernel: CPU: L1 I cache: 16K, L1 D cache: 16K
Jun 25 16:40:32 morpheus kernel: CPU: L2 cache: 512K
Jun 25 16:40:32 morpheus kernel: Enabling fast FPU save and restore... done.
Jun 25 16:40:32 morpheus kernel: Checking 'hlt' instruction... OK.
Jun 25 16:40:32 morpheus kernel: CPU: L1 I cache: 16K, L1 D cache: 16K
Jun 25 16:40:32 morpheus kernel: CPU: L2 cache: 512K
Jun 25 16:40:32 morpheus kernel: Initializing CPU#1
Jun 25 16:40:32 morpheus kernel: CPU: L1 I cache: 16K, L1 D cache: 16K
Jun 25 16:40:32 morpheus kernel: CPU: L2 cache: 512K
Jun 25 16:40:32 morpheus kernel: Total of 2 processors activated (1587.60 BogoMIPS).
Jun 25 16:40:32 morpheus kernel: ...changing IO-APIC physical APIC ID to 2 ... ok.
Jun 25 16:40:32 morpheus kernel: ..TIMER: vector=0x31 pin1=2 pin2=0
Jun 25 16:40:32 morpheus kernel: testing the IO APIC.......................
Jun 25 16:40:32 morpheus kernel: .................................... done.
Jun 25 16:40:32 morpheus kernel: PCI: PCI BIOS revision 2.10 entry at 0xfcc0e, last bus=2
Jun 25 16:40:32 morpheus kernel: PCI: Using configuration type 1
Jun 25 16:40:32 morpheus kernel: PCI: Probing PCI hardware
Jun 25 16:40:32 morpheus kernel: PCI: Using IRQ router PIIX [8086/7110] at 00:07.0
Jun 25 16:40:32 morpheus kernel: PCI->APIC IRQ transform: (B0,I14,P0) -> 17
Jun 25 16:40:32 morpheus kernel: PCI->APIC IRQ transform: (B2,I4,P0) -> 16
Jun 25 16:40:32 morpheus kernel: PCI->APIC IRQ transform: (B2,I6,P0) -> 16
Jun 25 16:40:32 morpheus kernel: Limiting direct PCI/PCI transfers.
Jun 25 16:40:32 morpheus kernel: Linux NET4.0 for Linux 2.4
Jun 25 16:40:32 morpheus kernel: Based upon Swansea University Computer Society NET3.039
Jun 25 16:40:32 morpheus kernel: VFS: Disk quotas vdquot_6.5.1
Jun 25 16:40:32 morpheus kernel: Journalled Block Device driver loaded
Jun 25 16:40:32 morpheus kernel: vesafb: framebuffer at 0xfc000000, mapped to 0xe080d000, size 1536k
Jun 25 16:40:32 morpheus kernel: vesafb: mode is 1024x768x8, linelength=1024, pages=1
Jun 25 16:40:32 morpheus kernel: vesafb: protected mode interface info at c000:4c10
Jun 25 16:40:32 morpheus kernel: vesafb: scrolling: redraw
Jun 25 16:40:32 morpheus kernel: fb0: VESA VGA frame buffer device
Jun 25 16:40:32 morpheus kernel: Detected PS/2 Mouse Port.
Jun 25 16:40:32 morpheus kernel: Serial driver version 5.05c (2001-07-08) with HUB-6 MANY_PORTS MULTIPORT SHARE_IRQ SERIAL_PCI enabled
Jun 25 16:40:32 morpheus kernel: ttyS00 at 0x03f8 (irq = 4) is a 16550A
Jun 25 16:40:32 morpheus kernel: ttyS01 at 0x02f8 (irq = 3) is a 16550A
Jun 25 16:40:32 morpheus kernel: Real Time Clock Driver v1.10e
Jun 25 16:40:32 morpheus kernel: Floppy drive(s): fd0 is 1.44M
Jun 25 16:40:32 morpheus kernel: FDC 0 is a National Semiconductor PC87306
Jun 25 16:40:32 morpheus kernel: loop: loaded (max 8 devices)
Jun 25 16:40:32 morpheus kernel: Intel(R) PRO/100 Network Driver - version 2.3.18-k1
Jun 25 16:40:32 morpheus kernel: Copyright (c) 2003 Intel Corporation
Jun 25 16:40:32 morpheus kernel: 
Jun 25 16:40:32 morpheus kernel: e100: eth0: Intel(R) PRO/100 Network Connection
Jun 25 16:40:32 morpheus kernel: 
Jun 25 16:40:32 morpheus kernel: SCSI subsystem driver Revision: 1.00
Jun 25 16:40:32 morpheus kernel: Loading Adaptec I2O RAID: Version 2.4 Build 5
Jun 25 16:40:32 morpheus kernel: Detecting Adaptec I2O RAID controllers...
Jun 25 16:40:32 morpheus kernel: Red Hat/Adaptec aacraid driver (1.1.2 Dec  9 2004 08:19:09)
Jun 25 16:40:32 morpheus kernel: scsi1 : Adaptec AIC7XXX EISA/VLB/PCI SCSI HBA DRIVER, Rev 6.2.36
Jun 25 16:40:32 morpheus kernel: scsi2 : Adaptec AIC7XXX EISA/VLB/PCI SCSI HBA DRIVER, Rev 6.2.36
Jun 25 16:40:32 morpheus kernel: st: Version 20030406, bufsize 32768, max init. bufs 4, s/g segs 16
Jun 25 16:40:32 morpheus kernel: Partition check:
Jun 25 16:40:32 morpheus kernel:  sda: sda1 sda2
Jun 25 16:40:32 morpheus kernel:  sdb: sdb1
Jun 25 16:40:32 morpheus kernel:  sdc: sdc1 sdc2
Jun 25 16:40:32 morpheus kernel:  sdd: sdd1
Jun 25 16:40:32 morpheus kernel:  sde: sde1
Jun 25 16:40:32 morpheus kernel: Uniform CD-ROM driver Revision: 3.12
Jun 25 16:40:32 morpheus kernel: md: linear personality registered as nr 1
Jun 25 16:40:32 morpheus kernel: md: raid0 personality registered as nr 2
Jun 25 16:40:32 morpheus kernel: md: raid1 personality registered as nr 3
Jun 25 16:40:32 morpheus kernel: md: raid5 personality registered as nr 4
Jun 25 16:40:32 morpheus kernel: raid5: measuring checksumming speed
Jun 25 16:40:32 morpheus kernel: md: md driver 0.90.0 MAX_MD_DEVS=256, MD_SB_DISKS=27
Jun 25 16:40:32 morpheus kernel: md: Autodetecting RAID arrays.
Jun 25 16:40:32 morpheus kernel: md: autorun ...
Jun 25 16:40:32 morpheus kernel: md: ... autorun DONE.
Jun 25 16:40:32 morpheus kernel: LVM version 1.0.5+(22/07/2002)
Jun 25 16:40:32 morpheus kernel: Initializing Cryptographic API
Jun 25 16:40:32 morpheus kernel: NET4: Linux TCP/IP 1.0 for NET4.0
Jun 25 16:40:32 morpheus kernel: IP Protocols: ICMP, UDP, TCP
Jun 25 16:40:32 morpheus kernel: IP: routing cache hash table of 4096 buckets, 32Kbytes
Jun 25 16:40:32 morpheus kernel: TCP: Hash tables configured (established 32768 bind 32768)
Jun 25 16:40:32 morpheus kernel: NET4: Unix domain sockets 1.0/SMP for Linux NET4.0.
Jun 25 16:40:32 morpheus kernel: UMSDOS: msdos_read_super failed, mount aborted.
Jun 25 16:40:32 morpheus kernel: Freeing unused kernel memory: 124k freed
Jun 25 16:40:32 morpheus kernel: Adding Swap: 1951856k swap-space (priority -1)
Jun 25 16:40:32 morpheus kernel: Linux agpgart interface v0.99 (c) Jeff Hartmann
Jun 25 16:40:32 morpheus kernel: agpgart: Maximum main memory to use for agp memory: 439M
Jun 25 16:40:32 morpheus kernel: agpgart: Detected Intel 440BX chipset
Jun 25 16:40:32 morpheus kernel: agpgart: AGP aperture is 64M @ 0xf0000000
Jun 25 16:40:33 morpheus sshd[403]: Server listening on 0.0.0.0 port 22.
Jun 25 16:51:34 morpheus init: Switching to runlevel: 6
Jun 25 16:51:45 morpheus exiting on signal 15
Jun 25 16:55:46 morpheus syslogd 1.4.1: restart.
Jun 25 16:55:47 morpheus kernel: klogd 1.4.1, log source = /proc/kmsg started.
Jun 25 16:55:47 morpheus kernel: BIOS-provided physical RAM map:
Jun 25 16:55:47 morpheus kernel: 511MB LOWMEM available.
Jun 25 16:55:47 morpheus kernel: Initializing CPU#0
Jun 25 16:55:47 morpheus kernel: Memory: 514764k/524280k available (2193k kernel code, 9132k reserved, 652k data, 124k init, 0k highmem)
Jun 25 16:55:47 morpheus kernel: Dentry cache hash table entries: 65536 (order: 7, 524288 bytes)
Jun 25 16:55:47 morpheus kernel: Inode cache hash table entries: 32768 (order: 6, 262144 bytes)
Jun 25 16:55:47 morpheus kernel: Mount cache hash table entries: 512 (order: 0, 4096 bytes)
Jun 25 16:55:47 morpheus kernel: Buffer cache hash table entries: 32768 (order: 5, 131072 bytes)
Jun 25 16:55:47 morpheus kernel: CPU: L1 I cache: 16K, L1 D cache: 16K
Jun 25 16:55:47 morpheus kernel: CPU: L2 cache: 512K
Jun 25 16:55:47 morpheus kernel: Enabling fast FPU save and restore... done.
Jun 25 16:55:47 morpheus kernel: Checking 'hlt' instruction... OK.
Jun 25 16:55:47 morpheus kernel: CPU: L1 I cache: 16K, L1 D cache: 16K
Jun 25 16:55:47 morpheus kernel: CPU: L2 cache: 512K
Jun 25 16:55:47 morpheus kernel: Initializing CPU#1
Jun 25 16:55:47 morpheus kernel: CPU: L1 I cache: 16K, L1 D cache: 16K
Jun 25 16:55:47 morpheus kernel: CPU: L2 cache: 512K
Jun 25 16:55:47 morpheus kernel: Total of 2 processors activated (1585.97 BogoMIPS).
Jun 25 16:55:47 morpheus kernel: ...changing IO-APIC physical APIC ID to 2 ... ok.
Jun 25 16:55:47 morpheus kernel: ..TIMER: vector=0x31 pin1=2 pin2=0
Jun 25 16:55:47 morpheus kernel: testing the IO APIC.......................
Jun 25 16:55:47 morpheus kernel: .................................... done.
Jun 25 16:55:47 morpheus kernel: PCI: PCI BIOS revision 2.10 entry at 0xfcc0e, last bus=2
Jun 25 16:55:47 morpheus kernel: PCI: Using configuration type 1
Jun 25 16:55:47 morpheus kernel: PCI: Probing PCI hardware
Jun 25 16:55:47 morpheus kernel: PCI: Using IRQ router PIIX [8086/7110] at 00:07.0
Jun 25 16:55:47 morpheus kernel: PCI->APIC IRQ transform: (B0,I14,P0) -> 17
Jun 25 16:55:47 morpheus kernel: PCI->APIC IRQ transform: (B2,I4,P0) -> 16
Jun 25 16:55:47 morpheus kernel: PCI->APIC IRQ transform: (B2,I6,P0) -> 16
Jun 25 16:55:47 morpheus kernel: Limiting direct PCI/PCI transfers.
Jun 25 16:55:47 morpheus kernel: Linux NET4.0 for Linux 2.4
Jun 25 16:55:47 morpheus kernel: Based upon Swansea University Computer Society NET3.039
Jun 25 16:55:47 morpheus kernel: VFS: Disk quotas vdquot_6.5.1
Jun 25 16:55:47 morpheus kernel: Journalled Block Device driver loaded
Jun 25 16:55:47 morpheus kernel: vesafb: framebuffer at 0xfc000000, mapped to 0xe080d000, size 1536k
Jun 25 16:55:47 morpheus kernel: vesafb: mode is 1024x768x8, linelength=1024, pages=1
Jun 25 16:55:47 morpheus kernel: vesafb: protected mode interface info at c000:4c10
Jun 25 16:55:47 morpheus kernel: vesafb: scrolling: redraw
Jun 25 16:55:47 morpheus kernel: fb0: VESA VGA frame buffer device
Jun 25 16:55:47 morpheus kernel: Detected PS/2 Mouse Port.
Jun 25 16:55:47 morpheus kernel: Serial driver version 5.05c (2001-07-08) with HUB-6 MANY_PORTS MULTIPORT SHARE_IRQ SERIAL_PCI enabled
Jun 25 16:55:47 morpheus kernel: ttyS00 at 0x03f8 (irq = 4) is a 16550A
Jun 25 16:55:47 morpheus kernel: ttyS01 at 0x02f8 (irq = 3) is a 16550A
Jun 25 16:55:47 morpheus kernel: Real Time Clock Driver v1.10e
Jun 25 16:55:47 morpheus kernel: Floppy drive(s): fd0 is 1.44M
Jun 25 16:55:47 morpheus kernel: FDC 0 is a National Semiconductor PC87306
Jun 25 16:55:47 morpheus kernel: loop: loaded (max 8 devices)
Jun 25 16:55:47 morpheus kernel: Intel(R) PRO/100 Network Driver - version 2.3.18-k1
Jun 25 16:55:47 morpheus kernel: Copyright (c) 2003 Intel Corporation
Jun 25 16:55:47 morpheus kernel: 
Jun 25 16:55:47 morpheus kernel: e100: eth0: Intel(R) PRO/100 Network Connection
Jun 25 16:55:47 morpheus kernel: 
Jun 25 16:55:47 morpheus kernel: SCSI subsystem driver Revision: 1.00
Jun 25 16:55:47 morpheus kernel: Loading Adaptec I2O RAID: Version 2.4 Build 5
Jun 25 16:55:47 morpheus kernel: Detecting Adaptec I2O RAID controllers...
Jun 25 16:55:47 morpheus kernel: Red Hat/Adaptec aacraid driver (1.1.2 Dec  9 2004 08:19:09)
Jun 25 16:55:47 morpheus kernel: scsi1 : Adaptec AIC7XXX EISA/VLB/PCI SCSI HBA DRIVER, Rev 6.2.36
Jun 25 16:55:47 morpheus kernel: scsi2 : Adaptec AIC7XXX EISA/VLB/PCI SCSI HBA DRIVER, Rev 6.2.36
Jun 25 16:55:47 morpheus kernel: st: Version 20030406, bufsize 32768, max init. bufs 4, s/g segs 16
Jun 25 16:55:47 morpheus kernel: Partition check:
Jun 25 16:55:47 morpheus kernel:  sda: sda1 sda2
Jun 25 16:55:47 morpheus kernel:  sdb: sdb1
Jun 25 16:55:47 morpheus kernel:  sdc: sdc1 sdc2
Jun 25 16:55:47 morpheus kernel:  sdd: sdd1
Jun 25 16:55:47 morpheus kernel:  sde: sde1
Jun 25 16:55:47 morpheus kernel: Uniform CD-ROM driver Revision: 3.12
Jun 25 16:55:47 morpheus kernel: md: linear personality registered as nr 1
Jun 25 16:55:47 morpheus kernel: md: raid0 personality registered as nr 2
Jun 25 16:55:47 morpheus kernel: md: raid1 personality registered as nr 3
Jun 25 16:55:47 morpheus kernel: md: raid5 personality registered as nr 4
Jun 25 16:55:47 morpheus kernel: raid5: measuring checksumming speed
Jun 25 16:55:47 morpheus kernel: md: md driver 0.90.0 MAX_MD_DEVS=256, MD_SB_DISKS=27
Jun 25 16:55:47 morpheus kernel: md: Autodetecting RAID arrays.
Jun 25 16:55:47 morpheus kernel: md: autorun ...
Jun 25 16:55:47 morpheus kernel: md: ... autorun DONE.
Jun 25 16:55:47 morpheus kernel: LVM version 1.0.5+(22/07/2002)
Jun 25 16:55:47 morpheus kernel: Initializing Cryptographic API
Jun 25 16:55:47 morpheus kernel: NET4: Linux TCP/IP 1.0 for NET4.0
Jun 25 16:55:47 morpheus kernel: IP Protocols: ICMP, UDP, TCP
Jun 25 16:55:47 morpheus kernel: IP: routing cache hash table of 4096 buckets, 32Kbytes
Jun 25 16:55:47 morpheus kernel: TCP: Hash tables configured (established 32768 bind 32768)
Jun 25 16:55:47 morpheus kernel: NET4: Unix domain sockets 1.0/SMP for Linux NET4.0.
Jun 25 16:55:47 morpheus kernel: UMSDOS: msdos_read_super failed, mount aborted.
Jun 25 16:55:47 morpheus kernel: Freeing unused kernel memory: 124k freed
Jun 25 16:55:47 morpheus kernel: Adding Swap: 1951856k swap-space (priority -1)
Jun 25 16:55:47 morpheus kernel: Linux agpgart interface v0.99 (c) Jeff Hartmann
Jun 25 16:55:47 morpheus kernel: agpgart: Maximum main memory to use for agp memory: 439M
Jun 25 16:55:47 morpheus kernel: agpgart: Detected Intel 440BX chipset
Jun 25 16:55:47 morpheus kernel: agpgart: AGP aperture is 64M @ 0xf0000000
Jun 25 16:55:47 morpheus sshd[403]: Server listening on 0.0.0.0 port 22.
Jun 25 17:08:24 morpheus sshd[583]: Accepted password for plisken from 81.179.47.204 port 50285 ssh2
 
Old 06-25-2012, 11:50 AM   #20
T3slider
Senior Member
 
Registered: Jul 2007
Distribution: Slackware64-14.0
Posts: 2,242

Rep: Reputation: 614Reputation: 614Reputation: 614Reputation: 614Reputation: 614Reputation: 614
To be honest, at this point, if it isn't a stray legitimate script somewhere that is poorly written, I would be nervous about a fork bomb that has been placed on your system (or induced from PHP injection or some other web-facing element). I don't know what to say regarding the I/O errors. The weird ps output would certainly have me concerned that the security of your server may have been breached (is that output edited in any way apart from the removal of the e-mail address on the bottom line?). It would be a good idea to back up the system and at least run fsck on the drive(s) to make sure the filesystem is OK, and after that go digging to find possible vulnerabilities. If the server *was* compromised then it should be noted that all processes listed, even the suspect ones, are being run as root...so you really have no way of knowing what was done to your system. When diagnosing issues regarding application spawning it is better to use `ps -AH ux` instead of `ps aux` or similar, so you get a nice hierarchical tree (similar to pstree).
 
Old 06-25-2012, 03:07 PM   #21
plisken
Member
 
Registered: Dec 2001
Location: Scotland
Distribution: Slackware 9.1/13.37/14 RedHat 6.2/7/EL6.5 SuSE 8.2/11.1
Posts: 454

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by T3slider View Post
The weird ps output would certainly have me concerned that the security of your server may have been breached (is that output edited in any way apart from the removal of the e-mail address on the bottom line?). .
Nothing edited apart from that as you say and also some lines at the start of my recent logs.
 
Old 06-27-2012, 03:39 AM   #22
plisken
Member
 
Registered: Dec 2001
Location: Scotland
Distribution: Slackware 9.1/13.37/14 RedHat 6.2/7/EL6.5 SuSE 8.2/11.1
Posts: 454

Original Poster
Rep: Reputation: 30
What does anyone make of the strange date shift in the log files?

Additionally, if this was a hard disk fault, any way of finding out which one?

I run different disks for different mount points / var home etc

Thanks
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Killing processes hongman Linux - Newbie 3 02-28-2005 05:27 PM
Killing processes on Port 80 matux Linux - General 3 02-16-2005 09:15 PM
killing all of a user's processes thebeaglebeagle Linux - Software 1 09-04-2003 11:33 AM
killing processes adriaanbw Linux - Software 3 05-24-2003 10:46 PM
Vm: Killing Processes tbhebe Linux - General 3 03-07-2002 09:51 AM


All times are GMT -5. The time now is 11:09 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration