확인좀 부탁드립니다....(급질문)

웹호스팅 서버를 운영하시는게 아니라면,

아마 취약한 버전의 ftp를 찾아서 공격하는 유형이라고 생각할수 잇겠구요.

메일로그는

스팸봇 (스팸메일 보내기)를 이용한 스팸메일 보내기를 시도하고 있는거 같네요.

 게다가 25번 포트에 연결해서 질의를 하는것으로 보아 내부사용자나 구버전의

 메일버전을 사용하는 서버를 찾는거 같습니다.

 ssh는 취약한 버전의 스캔을 시도하는것 같구요.

 그런데 지금 메세지로 보아하니 최신버전의 프로그램을 사용하시는것 같아서

 크게 위험은 없을듯으로 보이나, 계속 관심을 가지고 운영을 하셔야 할듯하네요.

 특히 스캔한 ip나 스팸메일을 보내는 ip는 체크해두신후에 접속을 하지 못하게

 막아두시고, 그 ip를 whois로 검색하셔서 적절한 조치를 취하시기 바랍니다.

tsha 님의 글

어떤 의미인지 확인좀 부탁드립니다...제가 생각하기에는 해킹을 당하고 있는 것 같습니다.. ################## LogWatch 2.1.1 Begin ##################### --------------------- proftpd-messages Begin ------------------------ **Unmatched Entries** xxxxxx.com (62.98.120.51[62.98.120.51]) - FTP session opened. xxxxxx.com (62.98.120.51[62.98.120.51]) - FTP session closed. xxxxxx.com (pf241.bochnia.sdi.tpnet.pl[217.97.94.241]) - FTP session opened. xxxxxx.com (pf241.bochnia.sdi.tpnet.pl[217.97.94.241]) - FTP session closed. xxxxxx.com (pf241.bochnia.sdi.tpnet.pl[217.97.94.241]) - FTP session opened. xxxxxx.com (pf241.bochnia.sdi.tpnet.pl[217.97.94.241]) - FTP session closed. ---------------------- proftpd-messages End ------------------------- --------------------- sendmail Begin ------------------------ 983688 bytes transferred 51 messages sent **Unmatched Entries** g653Onx02736: g653Oow02739: DSN: Service unavailable g654lK903123: timeout waiting for input from xxxxxx.com during server cmd read g654lK903123: lost input channel from xxxxxx.com [xxx.xxx.xxx.xxx] to MTA after rcpt g656oK903381: ruleset=check_rcpt, arg1=, relay=[211.252.150.1], reject=550 5.7.1 ... Relaying denied. IP name lookup failed [211.252.150.1] g656oK903381: ruleset=check_rcpt, arg1=, relay=[211.252.150.1], reject=550 5.7.1 ... Relaying denied. IP name lookup failed [211.252.150.1] g656oK903381: ruleset=check_rcpt, arg1=, relay=[211.252.150.1], reject=550 5.7.1 ... Relaying denied. IP name lookup failed [211.252.150.1] g656oK903381: ruleset=check_rcpt, arg1=, relay=[211.252.150.1], reject=550 5.7.1 ... Relaying denied. IP name lookup failed [211.252.150.1] NOQUEUE: [211.252.150.1] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA g656wv903386: ruleset=check_rcpt, arg1=, relay=[211.252.150.1], reject=550 5.7.1 ... Relaying denied. IP name lookup failed [211.252.150.1] g656wv903386: ruleset=check_rcpt, arg1=, relay=[211.252.150.1], reject=550 5.7.1 ... Relaying denied. IP name lookup failed [211.252.150.1] g656wv903386: ruleset=check_rcpt, arg1=, relay=[211.252.150.1], reject=550 5.7.1 ... Relaying denied. IP name lookup failed [211.252.150.1] g656wv903386: ruleset=check_rcpt, arg1=, relay=[211.252.150.1], reject=550 5.7.1 ... Relaying denied. IP name lookup failed [211.252.150.1] NOQUEUE: [211.252.150.1] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA g6561Y903255: timeout waiting for input from xxxxxx.com during server cmd read g6561Y903255: lost input channel from xxxxxx.com [xxx.xxx.xxx.xxx] to MTA after rcpt g6573p903397: ruleset=check_rcpt, arg1=, relay=[211.252.150.1], reject=550 5.7.1 ... Relaying denied. IP name lookup failed [211.252.150.1] g6573p903397: ruleset=check_rcpt, arg1=, relay=[211.252.150.1], reject=550 5.7.1 ... Relaying denied. IP name lookup failed [211.252.150.1] g6573p903397: ruleset=check_rcpt, arg1=, relay=[211.252.150.1], reject=550 5.7.1 ... Relaying denied. IP name lookup failed [211.252.150.1] g6573p903397: ruleset=check_rcpt, arg1=, relay=[211.252.150.1], reject=550 5.7.1 ... Relaying denied. IP name lookup failed [211.252.150.1] NOQUEUE: [211.252.150.1] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA g657g7V03467: g657gCU03470: DSN: Service unavailable NOQUEUE: localhost.localdomain [127.0.0.1] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA g65947c03808: g65947b03811: DSN: Service unavailable NOQUEUE: xxxxxx.com [xxx.xxx.xxx.xxx] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA g659Kje04204: g659Kpd04246: DSN: Service unavailable g65CcjN04598: g65CcjO04598: DSN: User unknown g65Ccgw04553: g65Ccmw04555: DSN: User unknown ---------------------- sendmail End ------------------------- ---------------- Connections (secure-log) Begin ------------------- Connections: Service pop-3: xxx.xxx.xxx.xxx: 161 Time(s) **Unmatched Entries** Jul 5 11:11:21 xxxxxx sshd[2529]: scanned from 61.221.123.140 with SSH-1.0-SSH_Version_Mapper. Don't panic. Jul 5 11:11:21 xxxxxx sshd[2528]: Did not receive identification string from 61.221.123.140. ----------------- Connections (secure-log) End -------------------- ###################### LogWatch End #########################