I know everybody gets these long emails everyday but I got one this morning that was very strange considering this is a brand new box. I had just installed cpanel on it last night and this morning, I got this. Please read it and tell me what you think.
Security Violations
=-=-=-=-=-=-=-=-=-=
Mar 3 21:56:59 localhost named: named shutdown failed
Mar 3 21:56:59 localhost named: named shutdown failed
Mar 4 01:19:03 localhost chkservd: chkservd shutdown succeeded
Unusual System Events
=-=-=-=-=-=-=-=-=-=-=
Mar 3 05:04:27 localhost proftpd[29862]: localhost.localdomain (koenig.socsci.buffalo.edu[128.205.98.23]) - FTP session opened.
Mar 3 05:07:05 localhost proftpd[29894]: localhost.localdomain (koenig.socsci.buffalo.edu[128.205.98.23]) - FTP session opened.
Mar 3 08:26:43 localhost proftpd[30837]: localhost.localdomain (tturc.hsc.usc.edu[128.125.169.150]) - FTP session opened.
Mar 3 09:04:44 localhost proftpd[31000]: localhost.localdomain (209.117.204.35[209.117.204.35]) - FTP session opened.
Mar 3 09:07:23 localhost proftpd[31019]: localhost.localdomain (209.117.204.35[209.117.204.35]) - FTP session opened.
Mar 3 17:32:09 localhost proftpd[918]: localhost.localdomain (port-213-20-128-157.reverse.qdsl-home.de[213.20.128.157]) - FTP session opened.
Mar 3 17:32:09 localhost proftpd[918]: localhost.localdomain (port-213-20-128-157.reverse.qdsl-home.de[213.20.128.157]) - ftp: Directory ~ftp/ is not accessible.
Mar 3 21:14:51 localhost sshd(pam_unix)[1967]: session opened for user root by (uid=0)
Mar 3 21:19:26 localhost sshd(pam_unix)[1967]: session closed for user root
Mar 3 21:38:06 localhost proftpd[2288]: localhost.localdomain (localhost.localdomain[127.0.0.1]) - FTP session opened.
Mar 3 21:46:26 localhost proftpd[2318]: localhost.localdomain (localhost.localdomain[127.0.0.1]) - FTP session opened.
Mar 3 21:54:46 localhost proftpd[2413]: localhost.localdomain (localhost.localdomain[127.0.0.1]) - FTP session opened.
Mar 3 21:56:59 localhost named[2489]: using 1 CPU
Mar 3 21:56:59 localhost named[2492]: loading configuration from '/etc/named.conf'
Mar 3 21:56:59 localhost named[2492]: the default for the 'auth-nxdomain' option is now 'no'
Mar 3 21:56:59 localhost named[2492]: no IPv6 interfaces found
The only thing I can think of is that my IP for this machine was being used by someone else. Anything I have to worry about?
Thanks!
Security Violations
=-=-=-=-=-=-=-=-=-=
Mar 3 21:56:59 localhost named: named shutdown failed
Mar 3 21:56:59 localhost named: named shutdown failed
Mar 4 01:19:03 localhost chkservd: chkservd shutdown succeeded
Unusual System Events
=-=-=-=-=-=-=-=-=-=-=
Mar 3 05:04:27 localhost proftpd[29862]: localhost.localdomain (koenig.socsci.buffalo.edu[128.205.98.23]) - FTP session opened.
Mar 3 05:07:05 localhost proftpd[29894]: localhost.localdomain (koenig.socsci.buffalo.edu[128.205.98.23]) - FTP session opened.
Mar 3 08:26:43 localhost proftpd[30837]: localhost.localdomain (tturc.hsc.usc.edu[128.125.169.150]) - FTP session opened.
Mar 3 09:04:44 localhost proftpd[31000]: localhost.localdomain (209.117.204.35[209.117.204.35]) - FTP session opened.
Mar 3 09:07:23 localhost proftpd[31019]: localhost.localdomain (209.117.204.35[209.117.204.35]) - FTP session opened.
Mar 3 17:32:09 localhost proftpd[918]: localhost.localdomain (port-213-20-128-157.reverse.qdsl-home.de[213.20.128.157]) - FTP session opened.
Mar 3 17:32:09 localhost proftpd[918]: localhost.localdomain (port-213-20-128-157.reverse.qdsl-home.de[213.20.128.157]) - ftp: Directory ~ftp/ is not accessible.
Mar 3 21:14:51 localhost sshd(pam_unix)[1967]: session opened for user root by (uid=0)
Mar 3 21:19:26 localhost sshd(pam_unix)[1967]: session closed for user root
Mar 3 21:38:06 localhost proftpd[2288]: localhost.localdomain (localhost.localdomain[127.0.0.1]) - FTP session opened.
Mar 3 21:46:26 localhost proftpd[2318]: localhost.localdomain (localhost.localdomain[127.0.0.1]) - FTP session opened.
Mar 3 21:54:46 localhost proftpd[2413]: localhost.localdomain (localhost.localdomain[127.0.0.1]) - FTP session opened.
Mar 3 21:56:59 localhost named[2489]: using 1 CPU
Mar 3 21:56:59 localhost named[2492]: loading configuration from '/etc/named.conf'
Mar 3 21:56:59 localhost named[2492]: the default for the 'auth-nxdomain' option is now 'no'
Mar 3 21:56:59 localhost named[2492]: no IPv6 interfaces found
The only thing I can think of is that my IP for this machine was being used by someone else. Anything I have to worry about?
Thanks!
