You are heresecurity
security
Vervelende script kiddies en hoe ermee om te gaan
Enkele dagen geleden stuurde logcheck mij volgend mailtje:
't Is te zeggen, logcheck stuurt mij zo regelmatig een mailtje. Normaal moet ik daar niets voor doen, want even later kreeg ik van denyhosts de volgende mail:
Uitzonderlijk wou ik het niet laten liggen, dus heb ik volgende mail opgesteld:
Enkele uren later volgde dit antwoord:
Awaal nem! Good riddance. :-)
Heeft er trouwens iemand suggesties om dit te automatiseren? Of is het de moeite niet?
Return-Path: <logcheck@amedee.be>
X-Original-To: logcheck
Delivered-To: logcheck@amedee.be
Received: by intrepid.amedee.be (Postfix, from userid 112)
id CD18E5A094; Thu, 4 Feb 2010 15:02:03 +0100 (CET)
To: logcheck@amedee.be
Subject: localhost 2010-02-04 15:02 System Events
Message-Id: <20100204140203.CD18E5A094@intrepid.amedee.be>
Date: Thu, 4 Feb 2010 15:02:03 +0100 (CET)
From: logcheck@amedee.be (logcheck system account)
System Events
=-=-=-=-=-=-=
Feb 4 15:00:17 localhost sshd[22196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.240.227.14 user=root
Feb 4 15:00:19 localhost sshd[22196]: Failed password for root from 117.240.227.14 port 50469 ssh2
Feb 4 15:00:23 localhost sshd[22198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.240.227.14 user=root
Feb 4 15:00:24 localhost sshd[22198]: Failed password for root from 117.240.227.14 port 50730 ssh2
Feb 4 15:00:27 localhost sshd[22200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.240.227.14 user=root
Feb 4 15:00:29 localhost sshd[22200]: Failed password for root from 117.240.227.14 port 51022 ssh2
Feb 4 15:00:32 localhost sshd[22202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.240.227.14 user=root
Feb 4 15:00:34 localhost sshd[22202]: Failed password for root from 117.240.227.14 port 51278 ssh2
Feb 4 15:00:37 localhost sshd[22204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.240.227.14 user=root
Feb 4 15:00:39 localhost sshd[22204]: Failed password for root from 117.240.227.14 port 51563 ssh2
X-Original-To: logcheck
Delivered-To: logcheck@amedee.be
Received: by intrepid.amedee.be (Postfix, from userid 112)
id CD18E5A094; Thu, 4 Feb 2010 15:02:03 +0100 (CET)
To: logcheck@amedee.be
Subject: localhost 2010-02-04 15:02 System Events
Message-Id: <20100204140203.CD18E5A094@intrepid.amedee.be>
Date: Thu, 4 Feb 2010 15:02:03 +0100 (CET)
From: logcheck@amedee.be (logcheck system account)
System Events
=-=-=-=-=-=-=
Feb 4 15:00:17 localhost sshd[22196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.240.227.14 user=root
Feb 4 15:00:19 localhost sshd[22196]: Failed password for root from 117.240.227.14 port 50469 ssh2
Feb 4 15:00:23 localhost sshd[22198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.240.227.14 user=root
Feb 4 15:00:24 localhost sshd[22198]: Failed password for root from 117.240.227.14 port 50730 ssh2
Feb 4 15:00:27 localhost sshd[22200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.240.227.14 user=root
Feb 4 15:00:29 localhost sshd[22200]: Failed password for root from 117.240.227.14 port 51022 ssh2
Feb 4 15:00:32 localhost sshd[22202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.240.227.14 user=root
Feb 4 15:00:34 localhost sshd[22202]: Failed password for root from 117.240.227.14 port 51278 ssh2
Feb 4 15:00:37 localhost sshd[22204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.240.227.14 user=root
Feb 4 15:00:39 localhost sshd[22204]: Failed password for root from 117.240.227.14 port 51563 ssh2
Return-Path: <nobody@localhost>
X-Original-To: root@localhost
Delivered-To: root@localhost
Received: from localhost.localdomain (localhost [127.0.0.1])
by intrepid.amedee.be (Postfix) with ESMTP id 550C25A093
for <root@localhost>; Thu, 4 Feb 2010 15:00:37 +0100 (CET)
From: DenyHosts <nobody@localhost>
To: root@localhost
Subject: DenyHosts Report
Date: Thu, 04 Feb 2010 15:00:37 +0100
Message-Id: <20100204140037.550C25A093@intrepid.amedee.be>
Added the following hosts to /etc/hosts.deny:
117.240.227.14 (unknown)
----------------------------------------------------------------------
X-Original-To: root@localhost
Delivered-To: root@localhost
Received: from localhost.localdomain (localhost [127.0.0.1])
by intrepid.amedee.be (Postfix) with ESMTP id 550C25A093
for <root@localhost>; Thu, 4 Feb 2010 15:00:37 +0100 (CET)
From: DenyHosts <nobody@localhost>
To: root@localhost
Subject: DenyHosts Report
Date: Thu, 04 Feb 2010 15:00:37 +0100
Message-Id: <20100204140037.550C25A093@intrepid.amedee.be>
Added the following hosts to /etc/hosts.deny:
117.240.227.14 (unknown)
----------------------------------------------------------------------
Received: from 188.40.34.110 (proxying for 127.0.0.1)
(SquirrelMail authenticated user amedee)
by amedee.be with HTTP;
Thu, 4 Feb 2010 16:18:29 +0100 (CET)
Message-ID: <88e710867a3f8a73d3efa3f6216db7ce.squirrel@amedee.be>
Date: Thu, 4 Feb 2010 16:18:29 +0100 (CET)
Subject: [Fwd: localhost 2010-02-04 15:02 System Events]
From: "Amedee Van Gasse" <amedee@vangasse.eu>
To: dnw_jtotech@bsnl.in,
dnwplg@sancharnet.in,
hm-changed@apnic.net,
hostmaster@sancharnet.in,
ip.admin@vsnl.co.in,
ip.nnoc@relianceada.com,
lokesh.aksh@gmail.com,
nib_jaipur@sancharnet.in,
vivekprabhakar64@gmail.com,
dns@jomax.net,
info@zenzeo.com
User-Agent: SquirrelMail/1.4.15
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
X-XheaderVersion: 1.1
X-UserAgent:
Hello,
Please stop with your cracking attempts. It is annoying.
Thank you.
Amedee.
----------
Added the following hosts to /etc/hosts.deny:
117.240.227.14 (unknown)
----------
$ whois 117.240.227.14
% [whois.apnic.net node-1]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
inetnum: 117.240.227.0 - 117.240.227.127
netname: Aksh
descr: Aksh Optifiber
descr: aksh optifiber
descr: epip sitapura
descr:
admin-c: LK105-AP
tech-c: LK126-AP
country: IN
admin-c: NIJ2-AP
admin-c: NC83-AP
tech-c: CDN1-AP
mnt-by: MAINT-IN-DOT
status: ASSIGNED NON-PORTABLE
changed: dnw_jtotech@bsnl.in 20100106
source: APNIC
route: 117.240.224.0/20
descr: BSNL Internet
country: IN
origin: AS9829
mnt-lower: MAINT-IN-DOT
mnt-routes: MAINT-IN-DOT
mnt-by: MAINT-IN-AS9829
changed: dnw_jtotech@bsnl.in 20070914
source: APNIC
route: 117.240.192.0/18
descr: BSNL Internet
country: IN
origin: AS9829
mnt-lower: MAINT-IN-DOT
mnt-routes: MAINT-IN-DOT
mnt-by: MAINT-IN-AS9829
changed: dnw_jtotech@bsnl.in 20071207
source: APNIC
route: 117.240.0.0/16
descr: BSNL Internet
country: IN
origin: AS9829
mnt-lower: MAINT-IN-DOT
mnt-routes: MAINT-IN-DOT
mnt-by: MAINT-IN-AS9829
changed: dnw_jtotech@bsnl.in 20071207
source: APNIC
role: NS Cell
address: Internet Cell
address: Bharat Sanchar Nigam Limited
address: 8th Floor,148-B Statesman House
address: Barakhamba Road, New Delhi - 110 001
country: IN
phone: +91-11-23734057
phone: +91-11-23710183
fax-no: +91-11-23734052
e-mail: hostmaster@sancharnet.in
admin-c: CGMD1-AP
tech-c: DT197-AP
nic-hdl: NC83-AP
mnt-by: MAINT-IN-DOT
changed: dnwplg@sancharnet.in 20030120
changed: hm-changed@apnic.net 20071227
source: APNIC
role: CGM Data Networks
address: CTS Compound
address: Netaji Nagar
address: New Delhi- 110 023
country: IN
phone: +91-11-24106782
phone: +91-11-24102119
fax-no: +91-11-26116783
fax-no: +91-11-26887888
e-mail: dnwplg@sancharnet.in
e-mail: hostmaster@sancharnet.in
admin-c: CGMD1-AP
tech-c: DT197-AP
tech-c: BH155-AP
nic-hdl: CDN1-AP
mnt-by: MAINT-IN-DOT
changed: dnwplg@sancharnet.in 20030120
changed: hm-changed@apnic.net 20071227
source: APNIC
person: Lokesh Khandelwal
nic-hdl: LK105-AP
address: aksh optifiber
address: epip sitapura
address:
phone: +91-141-2770738
fax-no: +91-141-2770738
country: IN
e-mail: lokesh.aksh@gmail.com
mnt-by: MAINT-IN-PER-DOT
changed: dnw_jtotech@bsnl.in 20100106
source: APNIC
person: Node Incharge JAIPUR
nic-hdl: NIJ2-AP
address: NIB JAIPUR
address: O/O PGMTD Jaipur
phone: +91-141-2361234
fax-no: +91-141-2370040
country: IN
e-mail: nib_jaipur@sancharnet.in
mnt-by: MAINT-IN-PER-DOT
changed: dnwplg@sancharnet.in 20030716
source: APNIC
person: Lokesh Khandelwal
nic-hdl: LK126-AP
address: aksh optifiber
address: epip sitapura
address:
phone: +91-141-2770738
fax-no: +91-141-2770738
country: IN
e-mail: lokesh.aksh@gmail.com
mnt-by: MAINT-IN-PER-DOT
changed: dnw_jtotech@bsnl.in 20100106
source: APNIC
route: 117.192.0.0/10
descr: BSNL-VSNL Route Object
origin: AS4755
mnt-by: MAINT-VSNL-IN
changed: ip.admin@vsnl.co.in 20070917
source: RADB
route: 117.192.0.0/10
descr: Reliance customer-BSNL
origin: AS9829
mnt-by: MAINT-AS18101
changed: ip.nnoc@relianceada.com 20071207 #06:04:30(UTC)
source: RADB
----------
$ nmap -A -T4 117.240.227.14
Starting Nmap 4.62 ( http://nmap.org ) at 2010-02-04 15:44 CET
Interesting ports on 117.240.227.14:
Not shown: 1700 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 3.9p1 (protocol 1.99)
25/tcp open smtp qmail smtpd
80/tcp open http Apache httpd 2.0.52 ((Red Hat))
106/tcp open tcpwrapped
110/tcp open pop3 qmail pop3d
111/tcp open rpcbind
113/tcp open ident authd
143/tcp open imap Courier Imapd (released 2005)
443/tcp open ssl/http Apache httpd 2.0.52 ((Red Hat))
866/tcp filtered unknown
993/tcp open ssl/imap Courier Imapd (released 2005)
1827/tcp filtered pcm
3306/tcp open mysql MySQL 4.1.12
5900/tcp open vnc VNC (protocol 3.7)
10000/tcp open http Webmin httpd
Service Info: Host: mail.zonzeo.com; OS: Unix
Service detection performed. Please report any incorrect results at
http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 76.613 seconds
----------
$ nslookup mail.zonzeo.com
Server: 213.133.98.98
Address: 213.133.98.98#53
Non-authoritative answer:
Name: mail.zonzeo.com
Address: 117.240.227.14
----------
$ whois zonzeo.com
Whois Server Version 2.0
Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.
Domain Name: ZONZEO.COM
Registrar: GODADDY.COM, INC.
Whois Server: whois.godaddy.com
Referral URL: http://registrar.godaddy.com
Name Server: NS25.DOMAINCONTROL.COM
Name Server: NS26.DOMAINCONTROL.COM
Status: clientDeleteProhibited
Status: clientRenewProhibited
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 12-jan-2010
Creation Date: 04-mar-2009
Expiration Date: 04-mar-2019
>>> Last update of whois database: Thu, 04 Feb 2010 15:05:31 UTC <<<
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the
expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to
ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.The data contained in GoDaddy.com, Inc.'s WhoIs database,
while believed by the company to be reliable, is provided "as is"
with no guarantee or warranties regarding its accuracy. This
information is provided for the sole purpose of assisting you
in obtaining information about domain name registration records.
Any use of this data for any other purpose is expressly forbidden without
the prior written
permission of GoDaddy.com, Inc. By submitting an inquiry,
you agree to these terms of usage and limitations of warranty. In
particular,
you agree not to use this data to allow, enable, or otherwise make possible,
dissemination or collection of this data, in part or in its entirety, for any
purpose, such as the transmission of unsolicited advertising and
and solicitations of any kind, including spam. You further agree
not to use this data to enable high volume, automated or robotic electronic
processes designed to collect or compile this data for any purpose,
including mining this data for your own personal or commercial purposes.
Please note: the registrant of the domain name is specified
in the "registrant" field. In most cases, GoDaddy.com, Inc.
is not the registrant of domain names listed in this database.
Registrant:
new era mart pvt ltd
s no 54 goverdhan colony
new sanganer road,sodala
jaipur, Rajasthan 302019
India
Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)
Domain Name: ZONZEO.COM
Created on: 04-Mar-09
Expires on: 04-Mar-19
Last Updated on: 12-Jan-10
Administrative Contact:
prabhakar, vivek vivekprabhakar64@gmail.com
new era mart pvt ltd
s no 54 goverdhan colony
new sanganer road,sodala
jaipur, Rajasthan 302019
India
+91.9351006001 Fax --
Technical Contact:
prabhakar, vivek vivekprabhakar64@gmail.com
new era mart pvt ltd
s no 54 goverdhan colony
new sanganer road,sodala
jaipur, Rajasthan 302019
India
+91.9351006001 Fax --
Domain servers in listed order:
NS25.DOMAINCONTROL.COM
NS26.DOMAINCONTROL.COM
---------------------------- Original Message ----------------------------
Subject: localhost 2010-02-04 15:02 System Events
From: "logcheck system account" <logcheck@amedee.be>
Date: Thu, February 4, 2010 15:02
To: logcheck@amedee.be
--------------------------------------------------------------------------
System Events
=-=-=-=-=-=-=
Feb 4 15:00:17 localhost sshd[22196]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.240.227.14
user=root
Feb 4 15:00:19 localhost sshd[22196]: Failed password for root from
117.240.227.14 port 50469 ssh2
Feb 4 15:00:23 localhost sshd[22198]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.240.227.14
user=root
Feb 4 15:00:24 localhost sshd[22198]: Failed password for root from
117.240.227.14 port 50730 ssh2
Feb 4 15:00:27 localhost sshd[22200]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.240.227.14
user=root
Feb 4 15:00:29 localhost sshd[22200]: Failed password for root from
117.240.227.14 port 51022 ssh2
Feb 4 15:00:32 localhost sshd[22202]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.240.227.14
user=root
Feb 4 15:00:34 localhost sshd[22202]: Failed password for root from
117.240.227.14 port 51278 ssh2
Feb 4 15:00:37 localhost sshd[22204]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.240.227.14
user=root
Feb 4 15:00:39 localhost sshd[22204]: Failed password for root from
117.240.227.14 port 51563 ssh2
(SquirrelMail authenticated user amedee)
by amedee.be with HTTP;
Thu, 4 Feb 2010 16:18:29 +0100 (CET)
Message-ID: <88e710867a3f8a73d3efa3f6216db7ce.squirrel@amedee.be>
Date: Thu, 4 Feb 2010 16:18:29 +0100 (CET)
Subject: [Fwd: localhost 2010-02-04 15:02 System Events]
From: "Amedee Van Gasse" <amedee@vangasse.eu>
To: dnw_jtotech@bsnl.in,
dnwplg@sancharnet.in,
hm-changed@apnic.net,
hostmaster@sancharnet.in,
ip.admin@vsnl.co.in,
ip.nnoc@relianceada.com,
lokesh.aksh@gmail.com,
nib_jaipur@sancharnet.in,
vivekprabhakar64@gmail.com,
dns@jomax.net,
info@zenzeo.com
User-Agent: SquirrelMail/1.4.15
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
X-XheaderVersion: 1.1
X-UserAgent:
Hello,
Please stop with your cracking attempts. It is annoying.
Thank you.
Amedee.
----------
Added the following hosts to /etc/hosts.deny:
117.240.227.14 (unknown)
----------
$ whois 117.240.227.14
% [whois.apnic.net node-1]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
inetnum: 117.240.227.0 - 117.240.227.127
netname: Aksh
descr: Aksh Optifiber
descr: aksh optifiber
descr: epip sitapura
descr:
admin-c: LK105-AP
tech-c: LK126-AP
country: IN
admin-c: NIJ2-AP
admin-c: NC83-AP
tech-c: CDN1-AP
mnt-by: MAINT-IN-DOT
status: ASSIGNED NON-PORTABLE
changed: dnw_jtotech@bsnl.in 20100106
source: APNIC
route: 117.240.224.0/20
descr: BSNL Internet
country: IN
origin: AS9829
mnt-lower: MAINT-IN-DOT
mnt-routes: MAINT-IN-DOT
mnt-by: MAINT-IN-AS9829
changed: dnw_jtotech@bsnl.in 20070914
source: APNIC
route: 117.240.192.0/18
descr: BSNL Internet
country: IN
origin: AS9829
mnt-lower: MAINT-IN-DOT
mnt-routes: MAINT-IN-DOT
mnt-by: MAINT-IN-AS9829
changed: dnw_jtotech@bsnl.in 20071207
source: APNIC
route: 117.240.0.0/16
descr: BSNL Internet
country: IN
origin: AS9829
mnt-lower: MAINT-IN-DOT
mnt-routes: MAINT-IN-DOT
mnt-by: MAINT-IN-AS9829
changed: dnw_jtotech@bsnl.in 20071207
source: APNIC
role: NS Cell
address: Internet Cell
address: Bharat Sanchar Nigam Limited
address: 8th Floor,148-B Statesman House
address: Barakhamba Road, New Delhi - 110 001
country: IN
phone: +91-11-23734057
phone: +91-11-23710183
fax-no: +91-11-23734052
e-mail: hostmaster@sancharnet.in
admin-c: CGMD1-AP
tech-c: DT197-AP
nic-hdl: NC83-AP
mnt-by: MAINT-IN-DOT
changed: dnwplg@sancharnet.in 20030120
changed: hm-changed@apnic.net 20071227
source: APNIC
role: CGM Data Networks
address: CTS Compound
address: Netaji Nagar
address: New Delhi- 110 023
country: IN
phone: +91-11-24106782
phone: +91-11-24102119
fax-no: +91-11-26116783
fax-no: +91-11-26887888
e-mail: dnwplg@sancharnet.in
e-mail: hostmaster@sancharnet.in
admin-c: CGMD1-AP
tech-c: DT197-AP
tech-c: BH155-AP
nic-hdl: CDN1-AP
mnt-by: MAINT-IN-DOT
changed: dnwplg@sancharnet.in 20030120
changed: hm-changed@apnic.net 20071227
source: APNIC
person: Lokesh Khandelwal
nic-hdl: LK105-AP
address: aksh optifiber
address: epip sitapura
address:
phone: +91-141-2770738
fax-no: +91-141-2770738
country: IN
e-mail: lokesh.aksh@gmail.com
mnt-by: MAINT-IN-PER-DOT
changed: dnw_jtotech@bsnl.in 20100106
source: APNIC
person: Node Incharge JAIPUR
nic-hdl: NIJ2-AP
address: NIB JAIPUR
address: O/O PGMTD Jaipur
phone: +91-141-2361234
fax-no: +91-141-2370040
country: IN
e-mail: nib_jaipur@sancharnet.in
mnt-by: MAINT-IN-PER-DOT
changed: dnwplg@sancharnet.in 20030716
source: APNIC
person: Lokesh Khandelwal
nic-hdl: LK126-AP
address: aksh optifiber
address: epip sitapura
address:
phone: +91-141-2770738
fax-no: +91-141-2770738
country: IN
e-mail: lokesh.aksh@gmail.com
mnt-by: MAINT-IN-PER-DOT
changed: dnw_jtotech@bsnl.in 20100106
source: APNIC
route: 117.192.0.0/10
descr: BSNL-VSNL Route Object
origin: AS4755
mnt-by: MAINT-VSNL-IN
changed: ip.admin@vsnl.co.in 20070917
source: RADB
route: 117.192.0.0/10
descr: Reliance customer-BSNL
origin: AS9829
mnt-by: MAINT-AS18101
changed: ip.nnoc@relianceada.com 20071207 #06:04:30(UTC)
source: RADB
----------
$ nmap -A -T4 117.240.227.14
Starting Nmap 4.62 ( http://nmap.org ) at 2010-02-04 15:44 CET
Interesting ports on 117.240.227.14:
Not shown: 1700 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 3.9p1 (protocol 1.99)
25/tcp open smtp qmail smtpd
80/tcp open http Apache httpd 2.0.52 ((Red Hat))
106/tcp open tcpwrapped
110/tcp open pop3 qmail pop3d
111/tcp open rpcbind
113/tcp open ident authd
143/tcp open imap Courier Imapd (released 2005)
443/tcp open ssl/http Apache httpd 2.0.52 ((Red Hat))
866/tcp filtered unknown
993/tcp open ssl/imap Courier Imapd (released 2005)
1827/tcp filtered pcm
3306/tcp open mysql MySQL 4.1.12
5900/tcp open vnc VNC (protocol 3.7)
10000/tcp open http Webmin httpd
Service Info: Host: mail.zonzeo.com; OS: Unix
Service detection performed. Please report any incorrect results at
http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 76.613 seconds
----------
$ nslookup mail.zonzeo.com
Server: 213.133.98.98
Address: 213.133.98.98#53
Non-authoritative answer:
Name: mail.zonzeo.com
Address: 117.240.227.14
----------
$ whois zonzeo.com
Whois Server Version 2.0
Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.
Domain Name: ZONZEO.COM
Registrar: GODADDY.COM, INC.
Whois Server: whois.godaddy.com
Referral URL: http://registrar.godaddy.com
Name Server: NS25.DOMAINCONTROL.COM
Name Server: NS26.DOMAINCONTROL.COM
Status: clientDeleteProhibited
Status: clientRenewProhibited
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 12-jan-2010
Creation Date: 04-mar-2009
Expiration Date: 04-mar-2019
>>> Last update of whois database: Thu, 04 Feb 2010 15:05:31 UTC <<<
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the
expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to
ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.The data contained in GoDaddy.com, Inc.'s WhoIs database,
while believed by the company to be reliable, is provided "as is"
with no guarantee or warranties regarding its accuracy. This
information is provided for the sole purpose of assisting you
in obtaining information about domain name registration records.
Any use of this data for any other purpose is expressly forbidden without
the prior written
permission of GoDaddy.com, Inc. By submitting an inquiry,
you agree to these terms of usage and limitations of warranty. In
particular,
you agree not to use this data to allow, enable, or otherwise make possible,
dissemination or collection of this data, in part or in its entirety, for any
purpose, such as the transmission of unsolicited advertising and
and solicitations of any kind, including spam. You further agree
not to use this data to enable high volume, automated or robotic electronic
processes designed to collect or compile this data for any purpose,
including mining this data for your own personal or commercial purposes.
Please note: the registrant of the domain name is specified
in the "registrant" field. In most cases, GoDaddy.com, Inc.
is not the registrant of domain names listed in this database.
Registrant:
new era mart pvt ltd
s no 54 goverdhan colony
new sanganer road,sodala
jaipur, Rajasthan 302019
India
Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)
Domain Name: ZONZEO.COM
Created on: 04-Mar-09
Expires on: 04-Mar-19
Last Updated on: 12-Jan-10
Administrative Contact:
prabhakar, vivek vivekprabhakar64@gmail.com
new era mart pvt ltd
s no 54 goverdhan colony
new sanganer road,sodala
jaipur, Rajasthan 302019
India
+91.9351006001 Fax --
Technical Contact:
prabhakar, vivek vivekprabhakar64@gmail.com
new era mart pvt ltd
s no 54 goverdhan colony
new sanganer road,sodala
jaipur, Rajasthan 302019
India
+91.9351006001 Fax --
Domain servers in listed order:
NS25.DOMAINCONTROL.COM
NS26.DOMAINCONTROL.COM
---------------------------- Original Message ----------------------------
Subject: localhost 2010-02-04 15:02 System Events
From: "logcheck system account" <logcheck@amedee.be>
Date: Thu, February 4, 2010 15:02
To: logcheck@amedee.be
--------------------------------------------------------------------------
System Events
=-=-=-=-=-=-=
Feb 4 15:00:17 localhost sshd[22196]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.240.227.14
user=root
Feb 4 15:00:19 localhost sshd[22196]: Failed password for root from
117.240.227.14 port 50469 ssh2
Feb 4 15:00:23 localhost sshd[22198]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.240.227.14
user=root
Feb 4 15:00:24 localhost sshd[22198]: Failed password for root from
117.240.227.14 port 50730 ssh2
Feb 4 15:00:27 localhost sshd[22200]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.240.227.14
user=root
Feb 4 15:00:29 localhost sshd[22200]: Failed password for root from
117.240.227.14 port 51022 ssh2
Feb 4 15:00:32 localhost sshd[22202]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.240.227.14
user=root
Feb 4 15:00:34 localhost sshd[22202]: Failed password for root from
117.240.227.14 port 51278 ssh2
Feb 4 15:00:37 localhost sshd[22204]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.240.227.14
user=root
Feb 4 15:00:39 localhost sshd[22204]: Failed password for root from
117.240.227.14 port 51563 ssh2
Return-Path: <lokesh.aksh@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on intrepid.amedee.be
X-Spam-Level: ***
X-Spam-Status: No, score=3.3 required=5.0 tests=RCVD_IN_BL_SPAMCOP_NET,
RCVD_IN_SORBS_WEB,SPF_PASS autolearn=no version=3.2.5
X-Original-To: amedee@vangasse.eu
Delivered-To: amedee@amedee.be
X-policyd-weight: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 CL_IP_EQ_HELO_IP=-2 (check from: .gmail. - helo: .mail-yx0-f196.google. - helo-domain: .google.) FROM/MX_MATCHES_HELO(DOMAIN)=-2 IN_PM_RFCI=0.1; rate: -8.4
Received: from mail-yx0-f196.google.com (mail-yx0-f196.google.com [209.85.210.196])
by intrepid.amedee.be (Postfix) with ESMTP id 7E5D75A094
for <amedee@vangasse.eu>; Fri, 5 Feb 2010 10:37:17 +0100 (CET)
Received: by yxe34 with SMTP id 34so4200638yxe.16
for <amedee@vangasse.eu>; Fri, 05 Feb 2010 01:37:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=gamma;
h=domainkey-signature:received:received:from:to:references
:in-reply-to:subject:date:message-id:mime-version:content-type
:content-transfer-encoding:x-mailer:thread-index:content-language;
bh=HceH/rOcmc5gBg6nW0mcaDclFGaU4v6cD6wxeG5W3EE=;
b=N24nABkmOQi4I3sdgnUCMlhkFwA4TTbDqHeloMWDh9r/t/SuPoXlutRmyQURw0GexI
BGvkIS6NL4AVO1VWKb2OKPdtC12NQh8nrQxtU9vf2f6zn5yintjZrZ3+hyhjhezd2O2U
sFYRCwNhuaRGrLl//8uiZMMSaA6hsse/7icmg=
DomainKey-Signature: a=rsa-sha1; c=nofws;
d=gmail.com; s=gamma;
h=from:to:references:in-reply-to:subject:date:message-id:mime-version
:content-type:content-transfer-encoding:x-mailer:thread-index
:content-language;
b=Z7LUjh2oVWMqCFUCmi5X3rFObDC4yKm35n1x3PR0rJ23Bv9rEw6qXwbymmwdgx4R2P
tIw/kOZ8bLQpUyMLa+f+WJNOEnA8k50kB++lZKnmlE6F7Kgxliv0NEhyGVh1Tkm2EsAW
WJYM4ws2BVnKUWr/CT6u2kDGRJVgWrf+LOuqQ=
Received: by 10.101.197.6 with SMTP id z6mr3329320anp.102.1265362636468;
Fri, 05 Feb 2010 01:37:16 -0800 (PST)
Received: from LokeshKhandelwa ([117.240.252.11])
by mx.google.com with ESMTPS id 22sm370991yxe.57.2010.02.05.01.37.10
(version=TLSv1/SSLv3 cipher=RC4-MD5);
Fri, 05 Feb 2010 01:37:15 -0800 (PST)
From: "Lokesh" <lokesh.aksh@gmail.com>
To: "'Amedee Van Gasse'" <amedee@vangasse.eu>,
<dnw_jtotech@bsnl.in>,
<dnwplg@sancharnet.in>,
<hm-changed@apnic.net>,
<hostmaster@sancharnet.in>,
<ip.admin@vsnl.co.in>,
<ip.nnoc@relianceada.com>,
<nib_jaipur@sancharnet.in>,
<vivekprabhakar64@gmail.com>,
<dns@jomax.net>,
<info@zenzeo.com>
References: <88e710867a3f8a73d3efa3f6216db7ce.squirrel@amedee.be>
In-Reply-To: <88e710867a3f8a73d3efa3f6216db7ce.squirrel@amedee.be>
Subject: RE: [Fwd: localhost 2010-02-04 15:02 System Events]
Date: Fri, 5 Feb 2010 15:07:13 +0530
Message-ID: <4b6be6cb.1602be0a.6714.2a5b@mx.google.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AcqlrVD6A6v7/4JpTkqWzOHoYHvkMwAmXJcg
Content-Language: en-us
Hope problem is now resolved.
With regards
Lokesh
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on intrepid.amedee.be
X-Spam-Level: ***
X-Spam-Status: No, score=3.3 required=5.0 tests=RCVD_IN_BL_SPAMCOP_NET,
RCVD_IN_SORBS_WEB,SPF_PASS autolearn=no version=3.2.5
X-Original-To: amedee@vangasse.eu
Delivered-To: amedee@amedee.be
X-policyd-weight: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 CL_IP_EQ_HELO_IP=-2 (check from: .gmail. - helo: .mail-yx0-f196.google. - helo-domain: .google.) FROM/MX_MATCHES_HELO(DOMAIN)=-2 IN_PM_RFCI=0.1; rate: -8.4
Received: from mail-yx0-f196.google.com (mail-yx0-f196.google.com [209.85.210.196])
by intrepid.amedee.be (Postfix) with ESMTP id 7E5D75A094
for <amedee@vangasse.eu>; Fri, 5 Feb 2010 10:37:17 +0100 (CET)
Received: by yxe34 with SMTP id 34so4200638yxe.16
for <amedee@vangasse.eu>; Fri, 05 Feb 2010 01:37:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=gamma;
h=domainkey-signature:received:received:from:to:references
:in-reply-to:subject:date:message-id:mime-version:content-type
:content-transfer-encoding:x-mailer:thread-index:content-language;
bh=HceH/rOcmc5gBg6nW0mcaDclFGaU4v6cD6wxeG5W3EE=;
b=N24nABkmOQi4I3sdgnUCMlhkFwA4TTbDqHeloMWDh9r/t/SuPoXlutRmyQURw0GexI
BGvkIS6NL4AVO1VWKb2OKPdtC12NQh8nrQxtU9vf2f6zn5yintjZrZ3+hyhjhezd2O2U
sFYRCwNhuaRGrLl//8uiZMMSaA6hsse/7icmg=
DomainKey-Signature: a=rsa-sha1; c=nofws;
d=gmail.com; s=gamma;
h=from:to:references:in-reply-to:subject:date:message-id:mime-version
:content-type:content-transfer-encoding:x-mailer:thread-index
:content-language;
b=Z7LUjh2oVWMqCFUCmi5X3rFObDC4yKm35n1x3PR0rJ23Bv9rEw6qXwbymmwdgx4R2P
tIw/kOZ8bLQpUyMLa+f+WJNOEnA8k50kB++lZKnmlE6F7Kgxliv0NEhyGVh1Tkm2EsAW
WJYM4ws2BVnKUWr/CT6u2kDGRJVgWrf+LOuqQ=
Received: by 10.101.197.6 with SMTP id z6mr3329320anp.102.1265362636468;
Fri, 05 Feb 2010 01:37:16 -0800 (PST)
Received: from LokeshKhandelwa ([117.240.252.11])
by mx.google.com with ESMTPS id 22sm370991yxe.57.2010.02.05.01.37.10
(version=TLSv1/SSLv3 cipher=RC4-MD5);
Fri, 05 Feb 2010 01:37:15 -0800 (PST)
From: "Lokesh" <lokesh.aksh@gmail.com>
To: "'Amedee Van Gasse'" <amedee@vangasse.eu>,
<dnw_jtotech@bsnl.in>,
<dnwplg@sancharnet.in>,
<hm-changed@apnic.net>,
<hostmaster@sancharnet.in>,
<ip.admin@vsnl.co.in>,
<ip.nnoc@relianceada.com>,
<nib_jaipur@sancharnet.in>,
<vivekprabhakar64@gmail.com>,
<dns@jomax.net>,
<info@zenzeo.com>
References: <88e710867a3f8a73d3efa3f6216db7ce.squirrel@amedee.be>
In-Reply-To: <88e710867a3f8a73d3efa3f6216db7ce.squirrel@amedee.be>
Subject: RE: [Fwd: localhost 2010-02-04 15:02 System Events]
Date: Fri, 5 Feb 2010 15:07:13 +0530
Message-ID: <4b6be6cb.1602be0a.6714.2a5b@mx.google.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AcqlrVD6A6v7/4JpTkqWzOHoYHvkMwAmXJcg
Content-Language: en-us
Hope problem is now resolved.
With regards
Lokesh
intrepid²: ssh zonder wachtwoord
Voor wie nog geen RSA keypair heeft, lees eerst dit artikel: Password-less logins with OpenSSH.
Ik heb wel al een RSA keypair, dus voor mij is het gemakkelijk:
amedee@saruman { ~ }$ ssh-copy-id -i ~/.ssh/id_rsa.pub amedee@migration.amedee.be
amedee@migration.amedee.be's password:
Now try logging into the machine, with "ssh 'amedee@migration.amedee.be'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
amedee@migration.amedee.be's password:
Now try logging into the machine, with "ssh 'amedee@migration.amedee.be'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
amedee@saruman { ~ }$ ssh amedee@migration.amedee.be
Linux intrepid 2.6.26-2-xen-amd64 #1 SMP Fri May 29 00:30:34 UTC 2009 x86_64
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
amedee@intrepid:~$
Linux intrepid 2.6.26-2-xen-amd64 #1 SMP Fri May 29 00:30:34 UTC 2009 x86_64
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
amedee@intrepid:~$
/etc/ssh/sshd_config:
PermitRootLogin no
/etc/init.d/ssh restart
intrepid²: webserver
Installatie
Apache, PHP, MySQL en phpMyAdmin tesamen in één keer installeren met:
sudo aptitude install apache2 php5 imagemagick php5-imagick \
mysql-server phpmyadmin php5-curl php5-dev php-pear make
mysql-server phpmyadmin php5-curl php5-dev php-pear make
Debian trekt zelf alle noodzakelijke afhankelijkheden binnen.
Kleine bugjes fixen
Apache gaf wel enkele waarschuwingen tijdens de installatie:
-
Oplossing:Starting web server: apache2apache2: apr_sockaddr_info_get() failed for intrepid
apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName- Toegevoegd aan
/etc/hosts:188.40.34.110 intrepid intrepid.amedee.be amedee.be - Toegevoegd aan
/etc/apache2/httpd.conf:ServerName amedee.be
- Toegevoegd aan
-
Oplossing:Setting up ssl-cert (1.0.23) ...
hostname: Unknown host
make-ssl-cert: Could not get FQDN, using "intrepid".
make-ssl-cert: You may want to fix your /etc/hosts and/or DNS setup and run
make-ssl-cert: make-ssl-cert generate-default-snakeoil --force-overwrite
make-ssl-cert: again.sudo make-ssl-cert generate-default-snakeoil --force-overwrite
Mod-rewrite aanzetten
Onder andere Drupal heeft mod-rewrite nodig, voor clean URLs. Dus:
sudo a2enmod rewrite
In /etc/apache2/sites-enabled/000-default is er ook nog een aanpassing nodig:
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
#AllowOverride None
AllowOverride All
Order allow,deny
allow from all
</Directory>
Options Indexes FollowSymLinks MultiViews
#AllowOverride None
AllowOverride All
Order allow,deny
allow from all
</Directory>
Dus AllowOverride None moet vervangen worden door AllowOverride All, anders werken de .htaccess-bestanden niet.
phpMyAdmin beveiligen
Ik vind het niet zo leuk dat om het even wie met phpMyAdmin kan klooien (ook al staat er een sterk wachtwoord op alle mysql-users. Daarom beveilig ik phpMyAdmin met mod_access door volgende aanpassing van /etc/apache2/httpd.conf:
<Directory /usr/share/phpmyadmin>
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
Allow from 10
Allow from <mijn-ip-adres>
</Directory>
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
Allow from 10
Allow from <mijn-ip-adres>
</Directory>
Van zodra de OpenVPN in orde is, gaat ook de regel Allow from <mijn-ip-adres> er uit, omdat de webserver dan te bereiken zal zijn via een 10.x.x.x adres.
Apache herstarten
Om al deze configuratiewijzigingen toe te passen, moet Apache herstart worden:
sudo /etc/init.d/apache2 restart
Websites overzetten
De websites draaien allemaal op één Drupal-installatie in /var/www maar wel met elk een eigen database.
Eerst de bestanden overzetten:
sudo rsync -aczhP -e ssh root@oldserver.amedee.be:/var/www /var/
Daarna de databases overzetten. Eerst een backup maken op de oude server:
mysqldump -u root -p --all-databases | bzip2 -c > databasebackup.sql.bz2
Vervolgens de backup kopiëren naar de nieuwe server en importeren in mysql:
scp oldserver.amedee.be:"~/databasebackup.sql.bz2" .
bzcat databasebackup.sql.bz2 | mysql -u root -p
bzcat databasebackup.sql.bz2 | mysql -u root -p
Omdat de users database nu ook mee gekopieerd is, moet er ook nog een flush privileges gebeuren in mysql. Dit heb ik via phpMyAdmin gedaan.
Eindresultaat: alle websites zijn getransplanteerd van de oude server naar de nieuwe server. Er zijn nog een paar kleinigheden die nagekeken moeten worden, zoals tijdelijke import-directories voor Drupal, maar voor de rest werkt alles.
