Help - Search - Members - Calendar
Full Version: Server down several times after password atack ??
The Planet Forums > Control Panels > Plesk
fdr100
Jul 3 2007, 09:12 PM
Server is going down last weeks several times.

I my log file messages i get this line : "warning: can't get client adress connection reset by peer."

this line is comming afther that someone try's to enter via plesk admin with fals password +/- 100 times.

can this be the reson that my server is going down?

thanks
Frank wacko.gif
TheUniverses
Jul 4 2007, 11:56 AM
no, i dont think so, i believe i've seen that in my messages log

By server going down, do you mean the Plesk Web Server, Apache, or the entire system?
fdr100
Jul 6 2007, 06:57 AM
Jul 3 11:03:41 plesk sshd(pam_unix)[12289]: check pass; user unknown
Jul 3 11:03:41 plesk sshd(pam_unix)[12289]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=p15185024.pureserver.info
Jul 3 11:03:45 plesk sshd(pam_unix)[12303]: check pass; user unknown
Jul 3 11:03:45 plesk sshd(pam_unix)[12303]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=p15185024.pureserver.info
Jul 3 11:03:48 plesk sshd(pam_unix)[12306]: check pass; user unknown
Jul 3 11:03:48 plesk sshd(pam_unix)[12306]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=p15185024.pureserver.info
Jul 3 11:03:51 plesk sshd(pam_unix)[12309]: check pass; user unknown
Jul 3 11:03:51 plesk sshd(pam_unix)[12309]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=p15185024.pureserver.info
Jul 3 11:03:55 plesk sshd(pam_unix)[12312]: check pass; user unknown
Jul 3 11:03:55 plesk sshd(pam_unix)[12312]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=p15185024.pureserver.info
Jul 3 11:03:58 plesk sshd(pam_unix)[12314]: check pass; user unknown
Jul 3 11:03:58 plesk sshd(pam_unix)[12314]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=p15185024.pureserver.info
Jul 3 11:04:02 plesk sshd(pam_unix)[12316]: check pass; user unknown
Jul 3 11:04:02 plesk sshd(pam_unix)[12316]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=p15185024.pureserver.info
Jul 3 11:04:05 plesk sshd(pam_unix)[12365]: check pass; user unknown
Jul 3 11:04:05 plesk sshd(pam_unix)[12365]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=p15185024.pureserver.info
Jul 3 11:04:09 plesk sshd(pam_unix)[12444]: check pass; user unknown
Jul 3 11:04:09 plesk sshd(pam_unix)[12444]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=p15185024.pureserver.info
Jul 3 11:24:44 plesk xinetd[13342]: warning: can't get client address: Connection reset by peer
Jul 3 11:25:09 plesk xinetd[13362]: warning: can't get client address: Connection reset by peer
Jul 3 11:25:20 plesk xinetd[13365]: warning: can't get client address: Connection reset by peer
Jul 3 11:42:56 plesk xinetd[13831]: warning: can't get client address: Connection reset by peer
Jul 3 11:43:11 plesk xinetd[13832]: warning: can't get client address: Connection reset by peer
Jul 3 11:43:27 plesk xinetd[13833]: warning: can't get client address: Connection reset by peer
Jul 3 11:43:40 plesk xinetd[13846]: warning: can't get client address: Connection reset by peer
Jul 3 11:59:02 plesk xinetd[14256]: warning: can't get client address: Connection reset by peer
Jul 3 11:59:45 plesk xinetd[14347]: warning: can't get client address: Connection reset by peer
Jul 3 12:00:56 plesk authpsa: IMAP connect from @ [84.197.39.103]
Jul 3 12:09:14 plesk xinetd[14619]: warning: can't get client address: Connection reset by peer
Jul 3 12:22:00 plesk xinetd[15069]: warning: can't get client address: Connection reset by peer
Jul 3 12:32:57 plesk authpsa: IMAP connect from @ [84.197.39.103]
Jul 3 12:33:56 plesk authpsa: IMAP connect from @ [84.197.39.103]
Jul 3 12:42:55 plesk last message repeated 5 times


//

Jul 3 13:49:43 plesk sshd(pam_unix)[18045]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=serwer.24.tbpsh.pl user=root
Jul 3 13:49:44 plesk sshd(pam_unix)[18047]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=serwer.24.tbpsh.pl user=root
Jul 3 13:49:45 plesk sshd(pam_unix)[18049]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=serwer.24.tbpsh.pl user=root
Jul 3 13:49:47 plesk sshd(pam_unix)[18051]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=serwer.24.tbpsh.pl user=root
Jul 3 13:49:48 plesk sshd(pam_unix)[18054]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=serwer.24.tbpsh.pl user=root
Jul 3 13:49:48 plesk sshd(pam_unix)[18056]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=serwer.24.tbpsh.pl user=root


//


Jul 3 13:50:08 plesk sshd(pam_unix)[18113]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=serwer.24.tbpsh.pl user=root
Jul 3 13:50:09 plesk sshd(pam_unix)[18115]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=serwer.24.tbpsh.pl user=root
Jul 3 13:50:10 plesk sshd(pam_unix)[18117]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=serwer.24.tbpsh.pl user=root
Jul 3 13:50:12 plesk sshd(pam_unix)[18121]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=serwer.24.tbpsh.pl user=root
Jul 3 13:50:13 plesk sshd(pam_unix)[18129]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=serwer.24.tbpsh.pl user=root
Jul 3 13:50:14 plesk sshd(pam_unix)[18131]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=serwer.24.tbpsh.pl user=root
Jul 3 13:50:15 plesk sshd(pam_unix)[18136]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=serwer.24.tbpsh.pl user=root
Jul 3 13:50:17 plesk sshd(pam_unix)[18138]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=serwer.24.tbpsh.pl user=root
Jul 3 13:50:17 plesk sshd(pam_unix)[18140]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=serwer.24.tbpsh.pl user=root
Jul 3 13:50:19 plesk sshd(pam_unix)[18150]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=serwer.24.tbpsh.pl user=root
Jul 3 13:50:20 plesk sshd(pam_unix)[18152]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=serwer.24.tbpsh.pl user=root
Jul 3 13:50:22 plesk sshd(pam_unix)[18154]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=serwer.24.tbpsh.pl user=root
Jul 3 13:50:26 plesk sshd(pam_unix)[18156]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=serwer.24.tbpsh.pl user=root
Jul 3 13:50:29 plesk sshd(pam_unix)[18158]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=serwer.24.tbpsh.pl user=root
Jul 3 13:50:33 plesk sshd(pam_unix)[18161]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=serwer.24.tbpsh.pl user=root
Jul 3 13:50:37 plesk sshd(pam_unix)[18163]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=serwer.24.tbpsh.pl user=root
Jul 3 13:50:40 plesk sshd(pam_unix)[18165]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=serwer.24.tbpsh.pl user=root
Jul 3 13:50:44 plesk sshd(pam_unix)[18169]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=serwer.24.tbpsh.pl user=root
Jul 3 13:50:48 plesk sshd(pam_unix)[18184]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=serwer.24.tbpsh.pl user=root
Jul 3 13:50:51 plesk sshd(pam_unix)[18187]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=serwer.24.tbpsh.pl user=root
Jul 3 13:50:55 plesk sshd(pam_unix)[18199]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=serwer.24.tbpsh.pl user=root
Jul 3 13:50:58 plesk sshd(pam_unix)[18202]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=serwer.24.tbpsh.pl user=root
Jul 3 13:51:02 plesk sshd(pam_unix)[18210]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=serwer.24.tbpsh.pl user=root
Jul 3 13:51:05 plesk sshd(pam_unix)[18215]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=serwer.24.tbpsh.pl user=root
Jul 3 13:51:09 plesk sshd(pam_unix)[18218]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=serwer.24.tbpsh.pl user=root
Jul 3 14:09:17 plesk sshd(pam_unix)[18722]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=66.232.99.250 user=root
Jul 3 14:09:17 plesk sshd(pam_unix)[18724]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=66.232.99.250 user=root
Jul 3 14:09:19 plesk sshd(pam_unix)[18726]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=66.232.99.250 user=admin
Jul 3 14:09:19 plesk sshd(pam_unix)[18728]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=66.232.99.250 user=admin
Jul 3 14:09:22 plesk sshd(pam_unix)[18730]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=66.232.99.250 user=root
Jul 3 14:09:22 plesk sshd(pam_unix)[18732]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=66.232.99.250 user=root
Jul 3 14:09:22 plesk sshd(pam_unix)[18734]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=66.232.99.250 user=root
Jul 3 14:09:24 plesk sshd(pam_unix)[18736]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=66.232.99.250 user=admin
Jul 3 14:09:25 plesk sshd(pam_unix)[18738]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=66.232.99.250 user=admin
Jul 3 14:09:25 plesk sshd(pam_unix)[18740]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=66.232.99.250 user=admin
Jul 3 14:09:28 plesk sshd(pam_unix)[18743]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=66.232.99.250 user=root
Jul 3 14:09:30 plesk sshd(pam_unix)[18745]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=66.232.99.250 user=admin
Jul 3 14:24:03 plesk xinetd[19429]: warning: can't get client address: Connection reset by peer
Jul 3 14:28:35 plesk xinetd[19529]: warning: can't get client address: Connection reset by peer
Jul 3 15:05:07 plesk xinetd[20717]: warning: can't get client address: Connection reset by peer
Jul 3 15:59:15 plesk xinetd[23238]: warning: can't get client address: Connection reset by peer
Jul 3 16:32:34 plesk named[972]: client 212.111.11.111#4142: zone transfer 'ONE-Offmydomains.com/IN' denied
Jul 3 17:20:37 plesk xinetd[25540]: warning: can't get client address: Connection reset by peer
Jul 3 17:23:49 plesk xinetd[25580]: warning: can't get client address: Connection reset by peer
Jul 3 17:39:33 plesk named[972]: lame server resolving 'vendas.de' (in 'vendas.de'?): 205.178.190.3#53
Jul 3 17:39:33 plesk named[972]: lame server resolving 'vendas.de' (in 'vendas.de'?): 205.178.189.3#53
Jul 3 18:27:37 plesk xinetd[27500]: warning: can't get client address: Connection reset by peer
Jul 3 18:27:38 plesk xinetd[27501]: warning: can't get client address: Connection reset by peer
Jul 3 18:27:39 plesk xinetd[27499]: warning: can't get client address: Connection reset by peer
Jul 3 18:27:42 plesk xinetd[27503]: warning: can't get client address: Connection reset by peer
Jul 3 18:33:52 plesk named[972]: client 212.111.11.111#1075: zone transfer 'Mydomains2.com/IN' denied
Jul 3 18:36:53 plesk xinetd[27702]: warning: can't get client address: Connection reset by peer
Jul 3 18:43:31 plesk xinetd[27895]: warning: can't get client address: Connection reset by peer
Jul 3 18:52:42 plesk xinetd[28133]: warning: can't get client address: Connection reset by peer
Jul 3 19:01:22 plesk xinetd[28372]: warning: can't get client address: Connection reset by peer
Jul 3 19:23:30 plesk xinetd[28849]: warning: can't get client address: Connection reset by peer
Jul 3 19:23:55 plesk xinetd[28860]: warning: can't get client address: Connection reset by peer
Jul 3 19:26:11 plesk xinetd[28901]: warning: can't get client address: Connection reset by peer
Jul 3 19:27:00 plesk named[972]: lame server resolving 'ns1.not my domain.de' (in Not my domain.de'?): 134.91.19.6#53
Jul 3 19:27:00 plesk named[972]: lame server resolving 'ns2.Not my domain.de' (in 'Not my domain.de'?): 134.91.19.6#53
Jul 3 19:39:12 plesk xinetd[29266]: warning: can't get client address: Connection reset by peer
Jul 3 19:45:29 plesk xinetd[29429]: warning: can't get client address: Connection reset by peer
Jul 3 19:45:31 plesk xinetd[29430]: warning: can't get client address: Connection reset by peer
Jul 3 19:45:34 plesk xinetd[29431]: warning: can't get client address: Connection reset by peer
Jul 3 19:45:37 plesk xinetd[29432]: warning: can't get client address: Connection reset by peer
Jul 3 19:45:40 plesk xinetd[29434]: warning: can't get client address: Connection reset by peer
Jul 3 19:51:24 plesk xinetd[29552]: warning: can't get client address: Connection reset by peer
Jul 3 20:02:46 plesk xinetd[29861]: warning: can't get client address: Connection reset by peer
Jul 3 20:22:36 plesk named[972]: lame server resolving 'Not my domain.COM' (in 'Not my domain.com'?): 72.232.149.162#53
Jul 3 20:22:36 plesk named[972]: lame server resolving 'Not my domain.COM' (in 'Not my domain.com'?): 72.232.149.163#53
Jul 3 20:24:41 plesk xinetd[30479]: warning: can't get client address: Connection reset by peer
Jul 3 20:24:52 plesk xinetd[30482]: warning: can't get client address: Connection reset by peer
Jul 3 20:27:29 plesk xinetd[30539]: warning: can't get client address: Connection reset by peer
Jul 3 20:29:15 plesk xinetd[30602]: warning: can't get client address: Connection reset by peer
Jul 3 21:40:16 plesk syslogd 1.4.1: restart.


I think i see here that afther the have try to login my server was slow or down. This above is a part of messages log
James Jhurani
Jul 6 2007, 10:28 AM
I would suggest moving sshd to a non standard port.

Then next time it happens see if you still get the xinetd errors, since you won't get the sshd errors.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.