Return-Path: <logcheck@amedee.be>
X-Original-To: logcheck
Delivered-To: logcheck@amedee.be
Received: by intrepid.amedee.be (Postfix, from userid 112)
	id CD18E5A094; Thu,  4 Feb 2010 15:02:03 +0100 (CET)
To: logcheck@amedee.be
Subject: localhost 2010-02-04 15:02 System Events
Message-Id: <20100204140203.CD18E5A094@intrepid.amedee.be>
Date: Thu,  4 Feb 2010 15:02:03 +0100 (CET)
From: logcheck@amedee.be (logcheck system account)
 
System Events
=-=-=-=-=-=-=
Feb  4 15:00:17 localhost sshd[22196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.240.227.14  user=root
Feb  4 15:00:19 localhost sshd[22196]: Failed password for root from 117.240.227.14 port 50469 ssh2
Feb  4 15:00:23 localhost sshd[22198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.240.227.14  user=root
Feb  4 15:00:24 localhost sshd[22198]: Failed password for root from 117.240.227.14 port 50730 ssh2
Feb  4 15:00:27 localhost sshd[22200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.240.227.14  user=root
Feb  4 15:00:29 localhost sshd[22200]: Failed password for root from 117.240.227.14 port 51022 ssh2
Feb  4 15:00:32 localhost sshd[22202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.240.227.14  user=root
Feb  4 15:00:34 localhost sshd[22202]: Failed password for root from 117.240.227.14 port 51278 ssh2
Feb  4 15:00:37 localhost sshd[22204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.240.227.14  user=root
Feb  4 15:00:39 localhost sshd[22204]: Failed password for root from 117.240.227.14 port 51563 ssh2

Return-Path: <nobody@localhost>
X-Original-To: root@localhost
Delivered-To: root@localhost
Received: from localhost.localdomain (localhost [127.0.0.1])
	by intrepid.amedee.be (Postfix) with ESMTP id 550C25A093
	for <root@localhost>; Thu,  4 Feb 2010 15:00:37 +0100 (CET)
From: DenyHosts <nobody@localhost>
To: root@localhost
Subject: DenyHosts Report
Date: Thu, 04 Feb 2010 15:00:37 +0100
Message-Id: <20100204140037.550C25A093@intrepid.amedee.be>
 
Added the following hosts to /etc/hosts.deny:
 
117.240.227.14 (unknown)
 
----------------------------------------------------------------------

Received: from 188.40.34.110 (proxying for 127.0.0.1)
        (SquirrelMail authenticated user amedee)
        by amedee.be with HTTP;
        Thu, 4 Feb 2010 16:18:29 +0100 (CET)
Message-ID: <88e710867a3f8a73d3efa3f6216db7ce.squirrel@amedee.be>
Date: Thu, 4 Feb 2010 16:18:29 +0100 (CET)
Subject: [Fwd: localhost 2010-02-04 15:02 System Events]
From: "Amedee Van Gasse" <amedee@vangasse.eu>
To: dnw_jtotech@bsnl.in,
 dnwplg@sancharnet.in,
 hm-changed@apnic.net,
 hostmaster@sancharnet.in,
 ip.admin@vsnl.co.in,
 ip.nnoc@relianceada.com,
 lokesh.aksh@gmail.com,
 nib_jaipur@sancharnet.in,
 vivekprabhakar64@gmail.com,
 dns@jomax.net,
 info@zenzeo.com
User-Agent: SquirrelMail/1.4.15
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
X-XheaderVersion: 1.1
X-UserAgent: 
 
Hello,
 
Please stop with your cracking attempts. It is annoying.
Thank you.
 
Amedee.
 
----------
 
Added the following hosts to /etc/hosts.deny:
 
117.240.227.14 (unknown)
 
----------
 
$ whois 117.240.227.14
% [whois.apnic.net node-1]
% Whois data copyright terms    http://www.apnic.net/db/dbcopyright.html
 
inetnum:      117.240.227.0 - 117.240.227.127
netname:      Aksh
descr:        Aksh Optifiber
descr:        aksh optifiber
descr:        epip sitapura
descr:
admin-c:      LK105-AP
tech-c:       LK126-AP
country:      IN
admin-c:      NIJ2-AP
admin-c:      NC83-AP
tech-c:       CDN1-AP
mnt-by:       MAINT-IN-DOT
status:       ASSIGNED NON-PORTABLE
changed:      dnw_jtotech@bsnl.in 20100106
source:       APNIC
 
route:        117.240.224.0/20
descr:        BSNL Internet
country:      IN
origin:       AS9829
mnt-lower:    MAINT-IN-DOT
mnt-routes:   MAINT-IN-DOT
mnt-by:       MAINT-IN-AS9829
changed:      dnw_jtotech@bsnl.in 20070914
source:       APNIC
 
route:        117.240.192.0/18
descr:        BSNL Internet
country:      IN
origin:       AS9829
mnt-lower:    MAINT-IN-DOT
mnt-routes:   MAINT-IN-DOT
mnt-by:       MAINT-IN-AS9829
changed:      dnw_jtotech@bsnl.in 20071207
source:       APNIC
 
route:        117.240.0.0/16
descr:        BSNL Internet
country:      IN
origin:       AS9829
mnt-lower:    MAINT-IN-DOT
mnt-routes:   MAINT-IN-DOT
mnt-by:       MAINT-IN-AS9829
changed:      dnw_jtotech@bsnl.in 20071207
source:       APNIC
 
role:         NS Cell
address:      Internet Cell
address:      Bharat Sanchar Nigam Limited
address:      8th Floor,148-B Statesman House
address:      Barakhamba Road, New Delhi - 110 001
country:      IN
phone:        +91-11-23734057
phone:        +91-11-23710183
fax-no:       +91-11-23734052
e-mail:       hostmaster@sancharnet.in
admin-c:      CGMD1-AP
tech-c:       DT197-AP
nic-hdl:      NC83-AP
mnt-by:       MAINT-IN-DOT
changed:      dnwplg@sancharnet.in 20030120
changed:      hm-changed@apnic.net 20071227
source:       APNIC
 
role:         CGM Data Networks
address:      CTS Compound
address:      Netaji Nagar
address:      New Delhi- 110 023
country:      IN
phone:        +91-11-24106782
phone:        +91-11-24102119
fax-no:       +91-11-26116783
fax-no:       +91-11-26887888
e-mail:       dnwplg@sancharnet.in
e-mail:       hostmaster@sancharnet.in
admin-c:      CGMD1-AP
tech-c:       DT197-AP
tech-c:       BH155-AP
nic-hdl:      CDN1-AP
mnt-by:       MAINT-IN-DOT
changed:      dnwplg@sancharnet.in 20030120
changed:      hm-changed@apnic.net 20071227
source:       APNIC
 
person:       Lokesh Khandelwal
nic-hdl:      LK105-AP
address:      aksh optifiber
address:      epip sitapura
address:
phone:        +91-141-2770738
fax-no:       +91-141-2770738
country:      IN
e-mail:       lokesh.aksh@gmail.com
mnt-by:       MAINT-IN-PER-DOT
changed:      dnw_jtotech@bsnl.in 20100106
source:       APNIC
 
person:       Node Incharge JAIPUR
nic-hdl:      NIJ2-AP
address:      NIB JAIPUR
address:      O/O PGMTD Jaipur
phone:        +91-141-2361234
fax-no:       +91-141-2370040
country:      IN
e-mail:       nib_jaipur@sancharnet.in
mnt-by:       MAINT-IN-PER-DOT
changed:      dnwplg@sancharnet.in 20030716
source:       APNIC
 
person:       Lokesh Khandelwal
nic-hdl:      LK126-AP
address:      aksh optifiber
address:      epip sitapura
address:
phone:        +91-141-2770738
fax-no:       +91-141-2770738
country:      IN
e-mail:       lokesh.aksh@gmail.com
mnt-by:       MAINT-IN-PER-DOT
changed:      dnw_jtotech@bsnl.in 20100106
source:       APNIC
 
route:          117.192.0.0/10
descr:          BSNL-VSNL Route Object
origin:         AS4755
mnt-by:         MAINT-VSNL-IN
changed:        ip.admin@vsnl.co.in 20070917
source:         RADB
 
route:          117.192.0.0/10
descr:          Reliance customer-BSNL
origin:         AS9829
mnt-by:         MAINT-AS18101
changed:        ip.nnoc@relianceada.com 20071207  #06:04:30(UTC)
source:         RADB
 
----------
 
$ nmap -A -T4 117.240.227.14
 
Starting Nmap 4.62 ( http://nmap.org ) at 2010-02-04 15:44 CET
Interesting ports on 117.240.227.14:
Not shown: 1700 closed ports
PORT      STATE    SERVICE    VERSION
22/tcp    open     ssh        OpenSSH 3.9p1 (protocol 1.99)
25/tcp    open     smtp       qmail smtpd
80/tcp    open     http       Apache httpd 2.0.52 ((Red Hat))
106/tcp   open     tcpwrapped
110/tcp   open     pop3       qmail pop3d
111/tcp   open     rpcbind
113/tcp   open     ident      authd
143/tcp   open     imap       Courier Imapd (released 2005)
443/tcp   open     ssl/http   Apache httpd 2.0.52 ((Red Hat))
866/tcp   filtered unknown
993/tcp   open     ssl/imap   Courier Imapd (released 2005)
1827/tcp  filtered pcm
3306/tcp  open     mysql      MySQL 4.1.12
5900/tcp  open     vnc        VNC (protocol 3.7)
10000/tcp open     http       Webmin httpd
Service Info: Host: mail.zonzeo.com; OS: Unix
 
Service detection performed. Please report any incorrect results at
http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 76.613 seconds
 
----------
 
$ nslookup mail.zonzeo.com
Server:         213.133.98.98
Address:        213.133.98.98#53
 
Non-authoritative answer:
Name:   mail.zonzeo.com
Address: 117.240.227.14
 
----------
 
$ whois zonzeo.com
 
Whois Server Version 2.0
 
Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.
 
   Domain Name: ZONZEO.COM
   Registrar: GODADDY.COM, INC.
   Whois Server: whois.godaddy.com
   Referral URL: http://registrar.godaddy.com
   Name Server: NS25.DOMAINCONTROL.COM
   Name Server: NS26.DOMAINCONTROL.COM
   Status: clientDeleteProhibited
   Status: clientRenewProhibited
   Status: clientTransferProhibited
   Status: clientUpdateProhibited
   Updated Date: 12-jan-2010
   Creation Date: 04-mar-2009
   Expiration Date: 04-mar-2019
 
>>> Last update of whois database: Thu, 04 Feb 2010 15:05:31 UTC <<<
 
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the
expiration
date of the domain name registrant's agreement with the sponsoring
registrar.  Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
 
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to
ensure
operational stability.  VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
 
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.The data contained in GoDaddy.com, Inc.'s WhoIs database,
while believed by the company to be reliable, is provided "as is"
with no guarantee or warranties regarding its accuracy.  This
information is provided for the sole purpose of assisting you
in obtaining information about domain name registration records.
Any use of this data for any other purpose is expressly forbidden without
the prior written
permission of GoDaddy.com, Inc.  By submitting an inquiry,
you agree to these terms of usage and limitations of warranty.  In
particular,
you agree not to use this data to allow, enable, or otherwise make possible,
dissemination or collection of this data, in part or in its entirety, for any
purpose, such as the transmission of unsolicited advertising and
and solicitations of any kind, including spam.  You further agree
not to use this data to enable high volume, automated or robotic electronic
processes designed to collect or compile this data for any purpose,
including mining this data for your own personal or commercial purposes.
 
Please note: the registrant of the domain name is specified
in the "registrant" field.  In most cases, GoDaddy.com, Inc.
is not the registrant of domain names listed in this database.
 
 
Registrant:
   new era mart pvt ltd
   s no 54 goverdhan colony
   new sanganer road,sodala
   jaipur, Rajasthan 302019
   India
 
   Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)
   Domain Name: ZONZEO.COM
      Created on: 04-Mar-09
      Expires on: 04-Mar-19
      Last Updated on: 12-Jan-10
 
   Administrative Contact:
      prabhakar, vivek  vivekprabhakar64@gmail.com
      new era mart pvt ltd
      s no 54 goverdhan colony
      new sanganer road,sodala
      jaipur, Rajasthan 302019
      India
      +91.9351006001      Fax --
 
   Technical Contact:
      prabhakar, vivek  vivekprabhakar64@gmail.com
      new era mart pvt ltd
      s no 54 goverdhan colony
      new sanganer road,sodala
      jaipur, Rajasthan 302019
      India
      +91.9351006001      Fax --
 
   Domain servers in listed order:
      NS25.DOMAINCONTROL.COM
      NS26.DOMAINCONTROL.COM
 
 
---------------------------- Original Message ----------------------------
Subject: localhost 2010-02-04 15:02 System Events
From:    "logcheck system account" <logcheck@amedee.be>
Date:    Thu, February 4, 2010 15:02
To:      logcheck@amedee.be
--------------------------------------------------------------------------
 
System Events
=-=-=-=-=-=-=
Feb  4 15:00:17 localhost sshd[22196]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.240.227.14 
user=root
Feb  4 15:00:19 localhost sshd[22196]: Failed password for root from
117.240.227.14 port 50469 ssh2
Feb  4 15:00:23 localhost sshd[22198]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.240.227.14 
user=root
Feb  4 15:00:24 localhost sshd[22198]: Failed password for root from
117.240.227.14 port 50730 ssh2
Feb  4 15:00:27 localhost sshd[22200]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.240.227.14 
user=root
Feb  4 15:00:29 localhost sshd[22200]: Failed password for root from
117.240.227.14 port 51022 ssh2
Feb  4 15:00:32 localhost sshd[22202]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.240.227.14 
user=root
Feb  4 15:00:34 localhost sshd[22202]: Failed password for root from
117.240.227.14 port 51278 ssh2
Feb  4 15:00:37 localhost sshd[22204]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.240.227.14 
user=root
Feb  4 15:00:39 localhost sshd[22204]: Failed password for root from
117.240.227.14 port 51563 ssh2

Return-Path: <lokesh.aksh@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on intrepid.amedee.be
X-Spam-Level: ***
X-Spam-Status: No, score=3.3 required=5.0 tests=RCVD_IN_BL_SPAMCOP_NET,
	RCVD_IN_SORBS_WEB,SPF_PASS autolearn=no version=3.2.5
X-Original-To: amedee@vangasse.eu
Delivered-To: amedee@amedee.be
X-policyd-weight:  NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 CL_IP_EQ_HELO_IP=-2 (check from: .gmail. - helo: .mail-yx0-f196.google. - helo-domain: .google.)  FROM/MX_MATCHES_HELO(DOMAIN)=-2 IN_PM_RFCI=0.1; rate: -8.4
Received: from mail-yx0-f196.google.com (mail-yx0-f196.google.com [209.85.210.196])
	by intrepid.amedee.be (Postfix) with ESMTP id 7E5D75A094
	for <amedee@vangasse.eu>; Fri,  5 Feb 2010 10:37:17 +0100 (CET)
Received: by yxe34 with SMTP id 34so4200638yxe.16
        for <amedee@vangasse.eu>; Fri, 05 Feb 2010 01:37:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:from:to:references
         :in-reply-to:subject:date:message-id:mime-version:content-type
         :content-transfer-encoding:x-mailer:thread-index:content-language;
        bh=HceH/rOcmc5gBg6nW0mcaDclFGaU4v6cD6wxeG5W3EE=;
        b=N24nABkmOQi4I3sdgnUCMlhkFwA4TTbDqHeloMWDh9r/t/SuPoXlutRmyQURw0GexI
         BGvkIS6NL4AVO1VWKb2OKPdtC12NQh8nrQxtU9vf2f6zn5yintjZrZ3+hyhjhezd2O2U
         sFYRCwNhuaRGrLl//8uiZMMSaA6hsse/7icmg=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=from:to:references:in-reply-to:subject:date:message-id:mime-version
         :content-type:content-transfer-encoding:x-mailer:thread-index
         :content-language;
        b=Z7LUjh2oVWMqCFUCmi5X3rFObDC4yKm35n1x3PR0rJ23Bv9rEw6qXwbymmwdgx4R2P
         tIw/kOZ8bLQpUyMLa+f+WJNOEnA8k50kB++lZKnmlE6F7Kgxliv0NEhyGVh1Tkm2EsAW
         WJYM4ws2BVnKUWr/CT6u2kDGRJVgWrf+LOuqQ=
Received: by 10.101.197.6 with SMTP id z6mr3329320anp.102.1265362636468;
        Fri, 05 Feb 2010 01:37:16 -0800 (PST)
Received: from LokeshKhandelwa ([117.240.252.11])
        by mx.google.com with ESMTPS id 22sm370991yxe.57.2010.02.05.01.37.10
        (version=TLSv1/SSLv3 cipher=RC4-MD5);
        Fri, 05 Feb 2010 01:37:15 -0800 (PST)
From: "Lokesh" <lokesh.aksh@gmail.com>
To: "'Amedee Van Gasse'" <amedee@vangasse.eu>,
	<dnw_jtotech@bsnl.in>,
	<dnwplg@sancharnet.in>,
	<hm-changed@apnic.net>,
	<hostmaster@sancharnet.in>,
	<ip.admin@vsnl.co.in>,
	<ip.nnoc@relianceada.com>,
	<nib_jaipur@sancharnet.in>,
	<vivekprabhakar64@gmail.com>,
	<dns@jomax.net>,
	<info@zenzeo.com>
References: <88e710867a3f8a73d3efa3f6216db7ce.squirrel@amedee.be>
In-Reply-To: <88e710867a3f8a73d3efa3f6216db7ce.squirrel@amedee.be>
Subject: RE: [Fwd: localhost 2010-02-04 15:02 System Events]
Date: Fri, 5 Feb 2010 15:07:13 +0530
Message-ID: <4b6be6cb.1602be0a.6714.2a5b@mx.google.com>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AcqlrVD6A6v7/4JpTkqWzOHoYHvkMwAmXJcg
Content-Language: en-us
 
Hope problem is now resolved.
 
With regards
 
Lokesh

amedee@saruman { ~ }$ ssh-copy-id -i ~/.ssh/id_rsa.pub amedee@migration.amedee.be
amedee@migration.amedee.be's password: 
Now try logging into the machine, with "ssh 'amedee@migration.amedee.be'", and check in:
 
  .ssh/authorized_keys
 
to make sure we haven't added extra keys that you weren't expecting.

amedee@saruman { ~ }$ ssh amedee@migration.amedee.be
Linux intrepid 2.6.26-2-xen-amd64 #1 SMP Fri May 29 00:30:34 UTC 2009 x86_64
 
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
 
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
amedee@intrepid:~$

PermitRootLogin no

/etc/init.d/ssh restart

sudo aptitude install apache2 php5 imagemagick php5-imagick \
     mysql-server phpmyadmin php5-curl php5-dev php-pear make

sudo a2enmod rewrite

        <Directory /var/www/>
                Options Indexes FollowSymLinks MultiViews
                #AllowOverride None
                AllowOverride All
                Order allow,deny
                allow from all
        </Directory>

<Directory /usr/share/phpmyadmin>
    Order Deny,Allow
    Deny from all
    Allow from 127.0.0.1
    Allow from 10
    Allow from <mijn-ip-adres>
</Directory>

sudo /etc/init.d/apache2 restart

sudo rsync -aczhP -e ssh root@oldserver.amedee.be:/var/www /var/

mysqldump -u root -p --all-databases | bzip2 -c > databasebackup.sql.bz2

scp oldserver.amedee.be:"~/databasebackup.sql.bz2" .
bzcat databasebackup.sql.bz2 | mysql -u root -p