Server Offline After Reboot

Issues related to configuring your network
stevegr
Posts: 7
Joined: 2020/05/27 19:09:28

Server Offline After Reboot

Post by stevegr » 2020/05/27 19:26:07

Hello

Prologue
I rent a dedicated server the last 2 years and it was running centos 6 now is to time to upgrade to centos 7.
The installation is automatic from the datacenter.
Ps.On that server i running cPanel.

The problem
When the installation finished everything was right.
After the first reboot can not connect to the server (ping command does not anwser).
I Check ifcfg<dev> file and of cource i'm Using Static ip

PS.In rescue mode server running right.
Except the rescue mode i can't connect from other way to the server etc KVM

I have spend too much time to serching for solution and the data center's support can help too much even the log files. :?
Any suggestion please.

Thank you for your time

Update_1

All Ports seems to be blocked :?

tunk
Posts: 1205
Joined: 2017/02/22 15:08:17

Re: Server Offline After Reboot

Post by tunk » 2020/05/28 10:07:37

What's the output of this:
systemctl status network
Does it start with this command:
systemctl start network
Do you have ONBOOT="yes" in the config file?

stevegr
Posts: 7
Joined: 2020/05/27 19:09:28

Re: Server Offline After Reboot

Post by stevegr » 2020/05/28 11:16:36

tunk wrote:
2020/05/28 10:07:37
1.What's the output of this:
systemctl status network
2.Does it start with this command:
systemctl start network
3.Do you have ONBOOT="yes" in the config file?
Hello

1 & 2. Hard to say because i have access only from rescue mode and can't execute those commands

root@grml ~ # systemctl status network
Unit network.service could not be found.
4 root@grml ~ # systemctl start network :(
Failed to start network.service: Unit network.service not found.


3.Of cource i have ONBOOT="yes" in the config file

aks
Posts: 3073
Joined: 2014/09/20 11:22:14

Re: Server Offline After Reboot

Post by aks » 2020/05/29 06:57:53

So what messages do you see before rescue mode starts?
Can you view the journal (journalctrl command)?

stevegr
Posts: 7
Joined: 2020/05/27 19:09:28

Re: Server Offline After Reboot

Post by stevegr » 2020/05/31 08:10:07

aks wrote:
2020/05/29 06:57:53
So what messages do you see before rescue mode starts?
Can you view the journal (journalctrl command)?
Hello

I cant see any message because the server is in Germany and im in Greece :lol: :lol:
When the server is ready on rescue mode i can find the new root pass from the customer area of data center

I will check the command and will inform you

Thank you

stevegr
Posts: 7
Joined: 2020/05/27 19:09:28

Re: Server Offline After Reboot

Post by stevegr » 2020/05/31 08:32:26

Here is the results of command

I cant see anything wrong or failure except the bold.

Mai 31 08:14:33 grml systemd[1]: systemd 232 running in system mode. (+PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN)
Mai 31 08:14:33 grml systemd[1]: Detected architecture x86-64.
Mai 31 08:14:33 grml systemd[1]: Running with unpopulated /etc.
Mai 31 08:14:33 grml systemd[1]: Set hostname to <grml>.
Mai 31 08:14:33 grml systemd[1]: Initializing machine ID from random generator.
Mai 31 08:14:33 grml systemd[1]: Populated /etc with preset unit settings.
Mai 31 08:14:33 grml systemd-sysv-generator[480]: Overwriting existing symlink /run/systemd/generator.late/grml-reboot.service with real service.
Mai 31 08:14:33 grml systemd[1]: Listening on Journal Socket (/dev/log).
Mai 31 08:14:33 grml systemd[1]: Listening on Journal Socket.
Mai 31 08:14:33 grml systemd[1]: Listening on udev Kernel Socket.
Mai 31 08:14:33 grml systemd[1]: Listening on udev Control Socket.
Mai 31 08:14:33 grml kernel: fuse init (API version 7.26)
Mai 31 08:14:33 grml kernel: Loading iSCSI transport class v2.0-870.
Mai 31 08:14:33 grml systemd-journald[496]: Journal started
Mai 31 08:14:33 grml systemd-journald[496]: Runtime journal (/run/log/journal/87f350b39d4046cebb6943d49d86d950) is 8.0M, max 79.7M, 71.7M free.
Mai 31 08:14:33 grml systemd-modules-load[490]: Failed to insert 'aesni_intel': No such device
Mai 31 08:14:33 grml systemd-modules-load[490]: Inserted module 'evdev'
Mai 31 08:14:33 grml systemd-modules-load[490]: Inserted module 'fuse'
Mai 31 08:14:33 grml systemd-modules-load[490]: Inserted module 'iscsi_tcp'
Mai 31 08:14:33 grml kernel: iscsi: registered transport (tcp)
Mai 31 08:14:33 grml systemd[1]: Starting udev Coldplug all Devices...
Mai 31 08:14:33 grml systemd[1]: Starting Load/Save Random Seed...
Mai 31 08:14:33 grml systemd[1]: Starting Flush Journal to Persistent Storage...
Mai 31 08:14:33 grml systemd[1]: Starting Create Static Device Nodes in /dev...
Mai 31 08:14:33 grml systemd[1]: Started Nameserver information manager.
Mai 31 08:14:34 grml systemd-journald[496]: Runtime journal (/run/log/journal/87f350b39d4046cebb6943d49d86d950) is 8.0M, max 79.7M, 71.7M free.
Mai 31 08:14:34 grml systemd[1]: Started Flush Journal to Persistent Storage.
Mai 31 08:14:34 grml systemd[1]: Started Load/Save Random Seed.
Mai 31 08:14:34 grml systemd-modules-load[490]: Inserted module 'ib_iser'
Mai 31 08:14:34 grml kernel: iscsi: registered transport (iser)
Mai 31 08:14:34 grml systemd[1]: systemd-modules-load.service: Main process exited, code=exited, status=1/FAILURE
Mai 31 08:14:34 grml systemd[1]: Failed to start Load Kernel Modules.
Mai 31 08:14:34 grml systemd[1]: systemd-modules-load.service: Unit entered failed state.
Mai 31 08:14:34 grml systemd[1]: systemd-modules-load.service: Failed with result 'exit-code'.
Mai 31 08:14:34 grml systemd[1]: Started udev Coldplug all Devices.
Mai 31 08:14:34 grml systemd[1]: Mounting Configuration File System...
Mai 31 08:14:34 grml systemd[1]: Starting Apply Kernel Variables...
Mai 31 08:14:34 grml systemd[1]: Mounting FUSE Control File System...
Mai 31 08:14:34 grml systemd[1]: Mounted Configuration File System.
Mai 31 08:14:34 grml systemd[1]: Mounted FUSE Control File System.
Mai 31 08:14:35 grml systemd[1]: Started Create Static Device Nodes in /dev.
Mai 31 08:14:35 grml systemd[1]: Started Apply Kernel Variables.
Mai 31 08:14:35 grml systemd[1]: Starting udev Kernel Device Manager...
Mai 31 08:14:35 grml systemd[1]: Reached target Local File Systems (Pre).
Mai 31 08:14:35 grml systemd[1]: Mounting /tmp...
Mai 31 08:14:35 grml systemd[1]: Mounted /tmp.
Mai 31 08:14:35 grml systemd[1]: Reached target Local File Systems.
Mai 31 08:14:35 grml systemd[1]: Starting Create Volatile Files and Directories...
Mai 31 08:14:35 grml systemd[1]: Started Create Volatile Files and Directories.
Mai 31 08:14:35 grml systemd[1]: Starting Update UTMP about System Boot/Shutdown...
Mai 31 08:14:36 grml systemd[1]: Started udev Kernel Device Manager.
Mai 31 08:14:36 grml systemd-udevd[560]: Process '/bin/mount -t fusectl fusectl /sys/fs/fuse/connections' failed with exit code 32.
Mai 31 08:14:36 grml systemd-udevd[557]: Process '/bin/mount -t fusectl fusectl /sys/fs/fuse/connections' failed with exit code 32.
Mai 31 08:14:36 grml systemd[1]: Started Update UTMP about System Boot/Shutdown.
Mai 31 08:14:36 grml systemd[1]: Reached target System Initialization.
Mai 31 08:14:36 grml systemd[1]: Started Daily Cleanup of Temporary Directories.
Mai 31 08:14:36 grml systemd[1]: Reached target Timers.
Mai 31 08:14:36 grml systemd[1]: Listening on D-Bus System Message Bus Socket.
Mai 31 08:14:36 grml systemd[1]: Reached target Sockets.
Mai 31 08:14:37 grml systemd[1]: Reached target Basic System.
Mai 31 08:14:37 grml systemd[1]: Starting Grml boot option support...
Mai 31 08:14:37 grml systemd[1]: Starting Login Service...
Mai 31 08:14:37 grml systemd[1]: Starting Permit User Sessions...
Mai 31 08:14:39 grml kernel: lpc_sch 0000:00:1f.0: Decode of the ie6xx_wdt I/O range disabled
Mai 31 08:14:39 grml kernel: lpc_sch 0000:00:1f.0: I/O space for ie6xx_wdt uninitialized
Mai 31 08:14:39 grml kernel: input: PC Speaker as /devices/platform/pcspkr/input/input1
Mai 31 08:14:39 grml kernel: shpchp: Standard Hot Plug PCI Controller Driver version: 0.4
Mai 31 08:14:40 grml kernel: ipmi message handler version 39.2
Mai 31 08:14:40 grml systemd[1]: Started Permit User Sessions.
Mai 31 08:14:40 grml kernel: sd 0:0:0:0: Attached scsi generic sg0 type 0
Mai 31 08:14:40 grml kernel: ipmi_si IPI0001:00: ipmi_si: probing via ACPI
Mai 31 08:14:40 grml kernel: ipmi_si IPI0001:00: [io 0x0ca2-0x0ca3] regsize 1 spacing 1 irq 0
Mai 31 08:14:40 grml kernel: ipmi_si: Adding ACPI-specified kcs state machine
Mai 31 08:14:40 grml kernel: IPMI System Interface driver.
Mai 31 08:14:40 grml kernel: ipmi_si: probing via SMBIOS
Mai 31 08:14:40 grml kernel: ipmi_si: SMBIOS: io 0xca2 regsize 1 spacing 1 irq 0
Mai 31 08:14:40 grml kernel: ipmi_si: Adding SMBIOS-specified kcs state machine duplicate interface
Mai 31 08:14:40 grml kernel: ipmi_si: probing via SPMI
Mai 31 08:14:40 grml kernel: ipmi_si: SPMI: io 0xca2 regsize 2 spacing 2 irq 0
Mai 31 08:14:40 grml kernel: ipmi_si: Adding SPMI-specified kcs state machine duplicate interface
Mai 31 08:14:40 grml kernel: ipmi_si: Trying ACPI-specified kcs state machine at i/o address 0xca2, slave address 0x0, irq 0
Mai 31 08:14:41 grml systemd[1]: Found device Atom Processor S1200 UART.
Mai 31 08:14:41 grml systemd[1]: Started D-Bus System Message Bus.
Mai 31 08:14:42 grml kernel: FS-Cache: Loaded
Mai 31 08:14:42 grml kernel: 9pnet: Installing 9P2000 support
Mai 31 08:14:42 grml kernel: 9p: Installing v9fs 9p2000 file system support
Mai 31 08:14:42 grml kernel: FS-Cache: Netfs '9p' registered for caching
Mai 31 08:14:42 grml dbus[682]: [system] Successfully activated service 'org.freedesktop.systemd1'
Mai 31 08:14:42 grml systemd[1]: Started Serial Getty on ttyS0.
Mai 31 08:14:42 grml kernel: isch_smbus isch_smbus.3168: SMBus region 0x0 already in use!
Mai 31 08:14:42 grml kernel: isch_smbus: probe of isch_smbus.3168 failed with error -16
Mai 31 08:14:42 grml kernel: ipmi_si IPI0001:00: Found new BMC (man_id: 0x00000b, prod_id: 0x2101, dev_id: 0x14)
Mai 31 08:14:42 grml kernel: ipmi_si IPI0001:00: IPMI kcs interface initialized
Mai 31 08:14:43 grml systemd[1]: Started Login Service.
Mai 31 08:14:43 grml systemd-logind[584]: Watching system buttons on /dev/input/event0 (Power Button)
Mai 31 08:14:43 grml systemd-logind[584]: New seat seat0.
Mai 31 08:14:43 grml systemd-logind[584]: Watching system buttons on /dev/input/event0 (Power Button)
Mai 31 08:14:43 grml systemd-logind[584]: Watching system buttons on /dev/input/event0 (Power Button)
Mai 31 08:14:48 grml systemd[1]: Listening on Syslog Socket.
Mai 31 08:14:48 grml systemd[1]: Starting System Logging Service...
Mai 31 08:14:48 grml login[1119]: pam_unix(login:session): session opened for user root by LOGIN(uid=0)
Mai 31 08:14:48 grml systemd[1]: Created slice User Slice of root.
Mai 31 08:14:48 grml systemd-logind[584]: New session 1 of user root.
Mai 31 08:14:48 grml systemd[1]: Started Session 1 of user root.
Mai 31 08:14:48 grml systemd[1]: Starting User Manager for UID 0...
Mai 31 08:14:48 grml grml-setlang[1589]: Writing language settings (de_DE:de) to /etc/default/locale was successful.
Mai 31 08:14:48 grml systemd[1587]: pam_unix(systemd-user:session): session opened for user root by (uid=0)
Mai 31 08:14:48 grml liblogging-stdlog[1568]: [origin software="rsyslogd" swVersion="8.24.0" x-pid="1568" x-info="http://www.rsyslog.com"] start
Mai 31 08:14:48 grml systemd[1]: Started System Logging Service.
Mai 31 08:14:49 grml systemd[1587]: Reached target Timers.
Mai 31 08:14:49 grml systemd[1587]: Listening on GnuPG cryptographic agent and passphrase cache (restricted).
Mai 31 08:14:49 grml systemd[1587]: Reached target Paths.
Mai 31 08:14:49 grml systemd[1587]: Listening on GnuPG cryptographic agent (ssh-agent emulation).
Mai 31 08:14:49 grml systemd[1587]: Listening on GnuPG cryptographic agent and passphrase cache.
Mai 31 08:14:49 grml systemd[1587]: Listening on GnuPG cryptographic agent (access for web browsers).
Mai 31 08:14:49 grml systemd[1587]: Reached target Sockets.
Mai 31 08:14:49 grml systemd[1587]: Reached target Basic System.
Mai 31 08:14:49 grml systemd[1587]: Reached target Default.
Mai 31 08:14:49 grml systemd[1587]: Startup finished in 234ms.
Mai 31 08:14:49 grml systemd[1]: Started User Manager for UID 0.
Mai 31 08:14:49 grml login[1611]: ROOT LOGIN on '/dev/ttyS0'
Mai 31 08:14:50 grml systemd[1]: Time has been changed
Mai 31 08:14:50 grml systemd[1587]: Time has been changed
Mai 31 08:14:51 grml systemd[1]: Starting LSB: Load kernel modules needed to enable cpufreq scaling...
Mai 31 08:14:52 grml loadcpufreq[1715]: * Loading cpufreq kernel modules... done (acpi-cpufreq).
Mai 31 08:14:52 grml systemd[1]: Started LSB: Load kernel modules needed to enable cpufreq scaling.
Mai 31 08:14:52 grml systemd[1]: Starting LSB: gpm sysv init script...
Mai 31 08:14:52 grml gpm[1793]: * Starting mouse interface server: gpm.
Mai 31 08:14:52 grml /usr/sbin/gpm[1802]: *** info [daemon/startup.c(131)]:
Mai 31 08:14:52 grml systemd[1]: Started LSB: gpm sysv init script.
Mai 31 08:14:52 grml /usr/sbin/gpm[1802]: Started gpm successfully. Entered daemon mode.
Mai 31 08:14:53 grml grml-autoconfig[583]: --2020-05-31 08:14:53-- http://Tf186qDL9xw2BX4q:*password*@85.1 ... f-91-a8.sh
Mai 31 08:14:53 grml grml-autoconfig[583]: Connecting to 85.114.144.115:80... connected.
Mai 31 08:14:53 grml grml-autoconfig[583]: HTTP request sent, awaiting response... 200 OK
Mai 31 08:14:53 grml grml-autoconfig[583]: Length: 18644 (18K) [text/x-sh]
Mai 31 08:14:53 grml grml-autoconfig[583]: Saving to: ‘/tmp/netscript.grml’
Mai 31 08:14:53 grml grml-autoconfig[583]: 0K .......... ........ 100% 68,2M=0s
Mai 31 08:14:53 grml grml-autoconfig[583]: 2020-05-31 08:14:53 (68,2 MB/s) - ‘/tmp/netscript.grml’ saved [18644/18644]
Mai 31 08:14:53 grml sudo[1813]: root : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/bin/sed -i s#^KEYTABLE.*#KEYTABLE=de-latin1-nodeadkeys# /etc/sysconfig/keyboard
Mai 31 08:14:53 grml sudo[1813]: pam_unix(sudo:session): session opened for user root by (uid=0)
Mai 31 08:14:53 grml sudo[1813]: pam_unix(sudo:session): session closed for user root
Mai 31 08:14:53 grml sudo[1816]: root : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/bin/sed -i s#^XKEYBOARD.*#XKEYBOARD=de# /etc/sysconfig/keyboard
Mai 31 08:14:53 grml sudo[1816]: pam_unix(sudo:session): session opened for user root by (uid=0)
Mai 31 08:14:53 grml sudo[1816]: pam_unix(sudo:session): session closed for user root
Mai 31 08:14:53 grml sudo[1818]: root : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/bin/loadkeys i386/qwertz/de-latin1-nodeadkeys.kmap.gz
Mai 31 08:14:53 grml sudo[1818]: pam_unix(sudo:session): session opened for user root by (uid=0)
Mai 31 08:14:53 grml sudo[1818]: pam_unix(sudo:session): session closed for user root
Mai 31 08:14:54 grml grml-autoconfig[583]: Failed to start mdadm-raid.service: Unit mdadm-raid.service not found.
Mai 31 08:15:03 grml systemd[1]: Starting OpenBSD Secure Shell server...
Mai 31 08:15:04 grml sh[1905]: ssh-keygen: generating new host keys: RSA DSA ECDSA ED25519
Mai 31 08:15:04 grml systemd[1]: Started OpenBSD Secure Shell server.
Mai 31 08:15:04 grml sshd[1909]: Server listening on 0.0.0.0 port 22.
Mai 31 08:15:04 grml sshd[1909]: Server listening on :: port 22.
Mai 31 08:15:04 grml systemd[1]: Started Grml boot option support.
Mai 31 08:15:04 grml systemd[1]: Started grml-quickconfig on tty1.
Mai 31 08:15:04 grml systemd[1]: Started journalctl on tty12.
Mai 31 08:15:04 grml systemd[1]: Reached target Login Prompts.
Mai 31 08:15:04 grml systemd[1]: Reached target Grml Live System.
Mai 31 08:15:04 grml systemd[1]: Startup finished in 1min 19.658s (kernel) + 37.416s (userspace) = 1min 57.074s.
Mai 31 08:15:08 grml sshd[2017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.92.166.166 user=root
Mai 31 08:15:10 grml sshd[2134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.70.229.239 user=root
Mai 31 08:15:11 grml sshd[2017]: Failed password for root from 120.92.166.166 port 2450 ssh2
Mai 31 08:15:11 grml sshd[2017]: Received disconnect from 120.92.166.166 port 2450:11: Bye Bye [preauth]
Mai 31 08:15:11 grml sshd[2017]: Disconnected from 120.92.166.166 port 2450 [preauth]
Mai 31 08:15:11 grml sshd[2136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.243.50.8 user=root
Mai 31 08:15:12 grml sshd[2134]: Failed password for root from 50.70.229.239 port 43706 ssh2
Mai 31 08:15:12 grml sshd[2134]: Received disconnect from 50.70.229.239 port 43706:11: Bye Bye [preauth]
Mai 31 08:15:12 grml sshd[2134]: Disconnected from 50.70.229.239 port 43706 [preauth]
Mai 31 08:15:13 grml sshd[2136]: Failed password for root from 162.243.50.8 port 57723 ssh2
Mai 31 08:15:13 grml sshd[2136]: Received disconnect from 162.243.50.8 port 57723:11: Bye Bye [preauth]
Mai 31 08:15:13 grml sshd[2136]: Disconnected from 162.243.50.8 port 57723 [preauth]
Mai 31 08:15:15 grml kernel: perf: interrupt took too long (2519 > 2500), lowering kernel.perf_event_max_sample_rate to 79250
Mai 31 08:15:31 grml kernel: perf: interrupt took too long (3170 > 3148), lowering kernel.perf_event_max_sample_rate to 63000
Mai 31 08:15:38 grml sshd[2145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=140.246.156.179 user=root
Mai 31 08:15:40 grml sshd[2145]: Failed password for root from 140.246.156.179 port 58264 ssh2
Mai 31 08:15:44 grml sshd[2147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.204.205.125 user=root
Mai 31 08:15:44 grml sshd[2149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.51.37 user=root
Mai 31 08:15:46 grml sshd[2147]: Failed password for root from 129.204.205.125 port 37456 ssh2
Mai 31 08:15:46 grml sshd[2149]: Failed password for root from 165.22.51.37 port 36544 ssh2
Mai 31 08:15:47 grml sshd[2149]: Received disconnect from 165.22.51.37 port 36544:11: Bye Bye [preauth]
Mai 31 08:15:47 grml sshd[2149]: Disconnected from 165.22.51.37 port 36544 [preauth]
Mai 31 08:15:47 grml sshd[2147]: Received disconnect from 129.204.205.125 port 37456:11: Bye Bye [preauth]
Mai 31 08:15:47 grml sshd[2147]: Disconnected from 129.204.205.125 port 37456 [preauth]
Mai 31 08:15:48 grml sshd[2145]: Received disconnect from 140.246.156.179 port 58264:11: Bye Bye [preauth]
Mai 31 08:15:48 grml sshd[2145]: Disconnected from 140.246.156.179 port 58264 [preauth]
Mai 31 08:15:53 grml kernel: perf: interrupt took too long (3991 > 3962), lowering kernel.perf_event_max_sample_rate to 50000
Mai 31 08:15:56 grml sshd[2151]: Invalid user testing from 36.48.145.118 port 5661
Mai 31 08:15:56 grml sshd[2151]: input_userauth_request: invalid user testing [preauth]
Mai 31 08:15:56 grml sshd[2151]: pam_unix(sshd:auth): check pass; user unknown
Mai 31 08:15:56 grml sshd[2151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.48.145.118
Mai 31 08:15:59 grml sshd[2151]: Failed password for invalid user testing from 36.48.145.118 port 5661 ssh2
Mai 31 08:15:59 grml sshd[2151]: Received disconnect from 36.48.145.118 port 5661:11: Bye Bye [preauth]
Mai 31 08:15:59 grml sshd[2151]: Disconnected from 36.48.145.118 port 5661 [preauth]
Mai 31 08:16:04 grml sshd[2153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.139.130.49 user=root
Mai 31 08:16:06 grml sshd[2153]: Failed password for root from 219.139.130.49 port 6809 ssh2
Mai 31 08:16:07 grml sshd[2153]: Received disconnect from 219.139.130.49 port 6809:11: Bye Bye [preauth]
Mai 31 08:16:07 grml sshd[2153]: Disconnected from 219.139.130.49 port 6809 [preauth]
Mai 31 08:16:19 grml sshd[2155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.93.235.74 user=root
Mai 31 08:16:20 grml sshd[2155]: Failed password for root from 111.93.235.74 port 24131 ssh2
Mai 31 08:16:20 grml sshd[2155]: Received disconnect from 111.93.235.74 port 24131:11: Bye Bye [preauth]
Mai 31 08:16:20 grml sshd[2155]: Disconnected from 111.93.235.74 port 24131 [preauth]
Mai 31 08:16:24 grml sshd[2157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.78.46.81 user=root
Mai 31 08:16:25 grml sshd[2160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.10.87.20 user=root
Mai 31 08:16:26 grml sshd[2159]: Invalid user nagiosadmin from 122.51.206.41 port 47396
Mai 31 08:16:26 grml sshd[2159]: input_userauth_request: invalid user nagiosadmin [preauth]
Mai 31 08:16:26 grml sshd[2159]: pam_unix(sshd:auth): check pass; user unknown
Mai 31 08:16:26 grml sshd[2159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.51.206.41
Mai 31 08:16:26 grml sshd[2157]: Failed password for root from 218.78.46.81 port 40598 ssh2
Mai 31 08:16:26 grml kernel: perf: interrupt took too long (5006 > 4988), lowering kernel.perf_event_max_sample_rate to 39750
Mai 31 08:16:27 grml sshd[2157]: Received disconnect from 218.78.46.81 port 40598:11: Bye Bye [preauth]
Mai 31 08:16:27 grml sshd[2157]: Disconnected from 218.78.46.81 port 40598 [preauth]
Mai 31 08:16:28 grml sshd[2160]: Failed password for root from 103.10.87.20 port 60089 ssh2
Mai 31 08:16:28 grml sshd[2160]: Received disconnect from 103.10.87.20 port 60089:11: Bye Bye [preauth]
Mai 31 08:16:28 grml sshd[2160]: Disconnected from 103.10.87.20 port 60089 [preauth]
Mai 31 08:16:28 grml sshd[2159]: Failed password for invalid user nagiosadmin from 122.51.206.41 port 47396 ssh2
Mai 31 08:16:28 grml sshd[2159]: Received disconnect from 122.51.206.41 port 47396:11: Bye Bye [preauth]
Mai 31 08:16:28 grml sshd[2159]: Disconnected from 122.51.206.41 port 47396 [preauth]
Mai 31 08:16:56 grml sshd[2167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.135.34 user=root
Mai 31 08:16:56 grml sshd[2163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.144.227.105 user=root
Mai 31 08:16:58 grml sshd[2167]: Failed password for root from 192.241.135.34 port 39898 ssh2
Mai 31 08:16:58 grml sshd[2163]: Failed password for root from 192.144.227.105 port 37462 ssh2
Mai 31 08:16:58 grml sshd[2167]: Received disconnect from 192.241.135.34 port 39898:11: Bye Bye [preauth]
Mai 31 08:16:58 grml sshd[2167]: Disconnected from 192.241.135.34 port 39898 [preauth]
Mai 31 08:16:58 grml sshd[2163]: Received disconnect from 192.144.227.105 port 37462:11: Bye Bye [preauth]
Mai 31 08:16:58 grml sshd[2163]: Disconnected from 192.144.227.105 port 37462 [preauth]
Mai 31 08:17:04 grml sshd[2164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.72.219.102 user=root
Mai 31 08:17:06 grml sshd[2164]: Failed password for root from 41.72.219.102 port 40402 ssh2
Mai 31 08:17:06 grml sshd[2164]: Received disconnect from 41.72.219.102 port 40402:11: Bye Bye [preauth]
Mai 31 08:17:06 grml sshd[2164]: Disconnected from 41.72.219.102 port 40402 [preauth]
Mai 31 08:17:18 grml sshd[2171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.136.137.227 user=root
Mai 31 08:17:20 grml sshd[2171]: Failed password for root from 152.136.137.227 port 39398 ssh2
Mai 31 08:17:25 grml sshd[2171]: Received disconnect from 152.136.137.227 port 39398:11: Bye Bye [preauth]
Mai 31 08:17:25 grml sshd[2171]: Disconnected from 152.136.137.227 port 39398 [preauth]
Mai 31 08:17:35 grml sshd[2173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.51.37 user=root
Mai 31 08:17:37 grml sshd[2173]: Failed password for root from 165.22.51.37 port 35520 ssh2
Mai 31 08:17:37 grml sshd[2173]: Received disconnect from 165.22.51.37 port 35520:11: Bye Bye [preauth]
Mai 31 08:17:37 grml sshd[2173]: Disconnected from 165.22.51.37 port 35520 [preauth]
Mai 31 08:17:41 grml sshd[2177]: Invalid user stillmaker from 36.48.145.118 port 5367
Mai 31 08:17:41 grml sshd[2177]: input_userauth_request: invalid user stillmaker [preauth]
Mai 31 08:17:41 grml sshd[2177]: pam_unix(sshd:auth): check pass; user unknown
Mai 31 08:17:41 grml sshd[2177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.48.145.118
Mai 31 08:17:43 grml sshd[2177]: Failed password for invalid user stillmaker from 36.48.145.118 port 5367 ssh2
Mai 31 08:17:44 grml sshd[2177]: Received disconnect from 36.48.145.118 port 5367:11: Bye Bye [preauth]
Mai 31 08:17:44 grml sshd[2177]: Disconnected from 36.48.145.118 port 5367 [preauth]
Mai 31 08:17:54 grml kernel: perf: interrupt took too long (6278 > 6257), lowering kernel.perf_event_max_sample_rate to 31750
Mai 31 08:17:58 grml sshd[2179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.80.33.231 user=root
Mai 31 08:18:01 grml sshd[2179]: Failed password for root from 34.80.33.231 port 54190 ssh2
Mai 31 08:18:01 grml sshd[2179]: Received disconnect from 34.80.33.231 port 54190:11: Bye Bye [preauth]
Mai 31 08:18:01 grml sshd[2179]: Disconnected from 34.80.33.231 port 54190 [preauth]
Mai 31 08:18:06 grml sshd[2181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.204.205.125 user=root
Mai 31 08:18:08 grml sshd[2181]: Failed password for root from 129.204.205.125 port 35822 ssh2
Mai 31 08:18:08 grml sshd[2181]: Received disconnect from 129.204.205.125 port 35822:11: Bye Bye [preauth]
Mai 31 08:18:08 grml sshd[2181]: Disconnected from 129.204.205.125 port 35822 [preauth]
Mai 31 08:18:08 grml sshd[2184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.139.130.49 user=root
Mai 31 08:18:10 grml sshd[2184]: Failed password for root from 219.139.130.49 port 6810 ssh2
Mai 31 08:18:10 grml sshd[2184]: Received disconnect from 219.139.130.49 port 6810:11: Bye Bye [preauth]
Mai 31 08:18:10 grml sshd[2184]: Disconnected from 219.139.130.49 port 6810 [preauth]
Mai 31 08:18:20 grml sshd[2188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.51.206.41 user=root
Mai 31 08:18:22 grml sshd[2188]: Failed password for root from 122.51.206.41 port 38852 ssh2
Mai 31 08:18:22 grml sshd[2188]: Received disconnect from 122.51.206.41 port 38852:11: Bye Bye [preauth]
Mai 31 08:18:22 grml sshd[2188]: Disconnected from 122.51.206.41 port 38852 [preauth]
Mai 31 08:18:25 grml sshd[2186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.159.69.193 user=root
Mai 31 08:18:27 grml sshd[2186]: Failed password for root from 115.159.69.193 port 47113 ssh2
Mai 31 08:18:27 grml sshd[2186]: Received disconnect from 115.159.69.193 port 47113:11: Bye Bye [preauth]
Mai 31 08:18:27 grml sshd[2186]: Disconnected from 115.159.69.193 port 47113 [preauth]
Mai 31 08:18:41 grml sshd[2190]: Invalid user monitor from 120.92.166.166 port 22977
Mai 31 08:18:41 grml sshd[2190]: input_userauth_request: invalid user monitor [preauth]
Mai 31 08:18:41 grml sshd[2190]: pam_unix(sshd:auth): check pass; user unknown
Mai 31 08:18:41 grml sshd[2190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.92.166.166
Mai 31 08:18:43 grml sshd[2190]: Failed password for invalid user monitor from 120.92.166.166 port 22977 ssh2
Mai 31 08:18:43 grml sshd[2190]: Received disconnect from 120.92.166.166 port 22977:11: Bye Bye [preauth]
Mai 31 08:18:43 grml sshd[2190]: Disconnected from 120.92.166.166 port 22977 [preauth]
Mai 31 08:18:49 grml sshd[2192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.78.46.81 user=root
Mai 31 08:18:51 grml sshd[2192]: Failed password for root from 218.78.46.81 port 53439 ssh2
Mai 31 08:18:51 grml sshd[2192]: Received disconnect from 218.78.46.81 port 53439:11: Bye Bye [preauth]
Mai 31 08:18:51 grml sshd[2192]: Disconnected from 218.78.46.81 port 53439 [preauth]
Mai 31 08:19:21 grml sshd[2194]: Invalid user tester from 122.51.178.207 port 39150
Mai 31 08:19:21 grml sshd[2194]: input_userauth_request: invalid user tester [preauth]
Mai 31 08:19:21 grml sshd[2194]: pam_unix(sshd:auth): check pass; user unknown
Mai 31 08:19:21 grml sshd[2194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.51.178.207
Mai 31 08:19:23 grml sshd[2194]: Failed password for invalid user tester from 122.51.178.207 port 39150 ssh2
Mai 31 08:19:23 grml sshd[2194]: Received disconnect from 122.51.178.207 port 39150:11: Bye Bye [preauth]
Mai 31 08:19:23 grml sshd[2194]: Disconnected from 122.51.178.207 port 39150 [preauth]
Mai 31 08:19:24 grml sshd[2196]: Invalid user ishinkyo from 165.22.51.37 port 34502
Mai 31 08:19:24 grml sshd[2196]: input_userauth_request: invalid user ishinkyo [preauth]
Mai 31 08:19:24 grml sshd[2196]: pam_unix(sshd:auth): check pass; user unknown
Mai 31 08:19:24 grml sshd[2196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.51.37
Mai 31 08:19:26 grml sshd[2196]: Failed password for invalid user ishinkyo from 165.22.51.37 port 34502 ssh2
Mai 31 08:19:26 grml sshd[2196]: Received disconnect from 165.22.51.37 port 34502:11: Bye Bye [preauth]
Mai 31 08:19:26 grml sshd[2196]: Disconnected from 165.22.51.37 port 34502 [preauth]
Mai 31 08:19:37 grml sshd[2198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.48.145.118 user=root
Mai 31 08:19:39 grml sshd[2198]: Failed password for root from 36.48.145.118 port 6013 ssh2
Mai 31 08:19:39 grml sshd[2198]: Received disconnect from 36.48.145.118 port 6013:11: Bye Bye [preauth]
Mai 31 08:19:39 grml sshd[2198]: Disconnected from 36.48.145.118 port 6013 [preauth]
Mai 31 08:19:56 grml sshd[2200]: Accepted password for root from 79.130.39.35 port 58488 ssh2
Mai 31 08:19:56 grml sshd[2200]: pam_unix(sshd:session): session opened for user root by (uid=0)
Mai 31 08:19:56 grml systemd-logind[584]: New session 3 of user root.
Mai 31 08:19:56 grml systemd[1]: Started Session 3 of user root.
Mai 31 08:19:59 grml sshd[2206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.10.87.20 user=root
Mai 31 08:20:01 grml sshd[2208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.139.130.49 user=root
Mai 31 08:20:01 grml sshd[2206]: Failed password for root from 103.10.87.20 port 49944 ssh2
Mai 31 08:20:02 grml sshd[2206]: Received disconnect from 103.10.87.20 port 49944:11: Bye Bye [preauth]
Mai 31 08:20:02 grml sshd[2206]: Disconnected from 103.10.87.20 port 49944 [preauth]
Mai 31 08:20:02 grml sshd[2208]: Failed password for root from 219.139.130.49 port 6811 ssh2
Mai 31 08:20:03 grml sshd[2208]: Received disconnect from 219.139.130.49 port 6811:11: Bye Bye [preauth]
Mai 31 08:20:03 grml sshd[2208]: Disconnected from 219.139.130.49 port 6811 [preauth]
Mai 31 08:20:17 grml sshd[2236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.204.205.125 user=root
Mai 31 08:20:18 grml sshd[2234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.51.206.41 user=root
Mai 31 08:20:19 grml sshd[2236]: Failed password for root from 129.204.205.125 port 34186 ssh2
Mai 31 08:20:19 grml sshd[2236]: Received disconnect from 129.204.205.125 port 34186:11: Bye Bye [preauth]
Mai 31 08:20:19 grml sshd[2236]: Disconnected from 129.204.205.125 port 34186 [preauth]
Mai 31 08:20:20 grml sshd[2234]: Failed password for root from 122.51.206.41 port 58548 ssh2
Mai 31 08:20:20 grml sshd[2234]: Received disconnect from 122.51.206.41 port 58548:11: Bye Bye [preauth]
Mai 31 08:20:20 grml sshd[2234]: Disconnected from 122.51.206.41 port 58548 [preauth]
Mai 31 08:20:28 grml sshd[2238]: Connection closed by 140.246.156.179 port 55742 [preauth]
Mai 31 08:20:29 grml sshd[2241]: Invalid user redhat from 138.197.5.123 port 42586
Mai 31 08:20:29 grml sshd[2241]: input_userauth_request: invalid user redhat [preauth]
Mai 31 08:20:29 grml sshd[2241]: pam_unix(sshd:auth): check pass; user unknown
Mai 31 08:20:30 grml sshd[2241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.5.123
Mai 31 08:20:31 grml sshd[2241]: Failed password for invalid user redhat from 138.197.5.123 port 42586 ssh2
Mai 31 08:20:32 grml sshd[2241]: Received disconnect from 138.197.5.123 port 42586:11: Normal Shutdown, Thank you for playing [preauth]
Mai 31 08:20:32 grml sshd[2241]: Disconnected from 138.197.5.123 port 42586 [preauth]
Mai 31 08:20:33 grml sshd[2243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.144.227.105 user=root
Mai 31 08:20:36 grml sshd[2243]: Failed password for root from 192.144.227.105 port 48416 ssh2
Mai 31 08:20:36 grml sshd[2243]: Received disconnect from 192.144.227.105 port 48416:11: Bye Bye [preauth]
Mai 31 08:20:36 grml sshd[2243]: Disconnected from 192.144.227.105 port 48416 [preauth]
Mai 31 08:20:50 grml sshd[2248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.173 user=root
Mai 31 08:20:52 grml sshd[2248]: Failed password for root from 112.85.42.173 port 33463 ssh2
Mai 31 08:20:52 grml kernel: perf: interrupt took too long (7862 > 7847), lowering kernel.perf_event_max_sample_rate to 25250
Mai 31 08:20:55 grml sshd[2248]: Failed password for root from 112.85.42.173 port 33463 ssh2
Mai 31 08:20:58 grml sshd[2248]: Failed password for root from 112.85.42.173 port 33463 ssh2
Mai 31 08:21:00 grml sshd[2248]: Failed password for root from 112.85.42.173 port 33463 ssh2
Mai 31 08:21:04 grml sshd[2248]: Failed password for root from 112.85.42.173 port 33463 ssh2
Mai 31 08:21:04 grml sshd[2248]: error: maximum authentication attempts exceeded for root from 112.85.42.173 port 33463 ssh2 [preauth]
Mai 31 08:21:04 grml sshd[2248]: Disconnecting: Too many authentication failures [preauth]
Mai 31 08:21:04 grml sshd[2248]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.173 user=root
Mai 31 08:21:04 grml sshd[2248]: PAM service(sshd) ignoring max retries; 5 > 3
Mai 31 08:21:16 grml sshd[2254]: Invalid user public from 165.22.51.37 port 33486
Mai 31 08:21:16 grml sshd[2254]: input_userauth_request: invalid user public [preauth]
Mai 31 08:21:16 grml sshd[2254]: pam_unix(sshd:auth): check pass; user unknown
Mai 31 08:21:16 grml sshd[2254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.51.37
Mai 31 08:21:18 grml sshd[2258]: Invalid user 11111 from 36.48.145.118 port 5487
Mai 31 08:21:18 grml sshd[2258]: input_userauth_request: invalid user 11111 [preauth]
Mai 31 08:21:18 grml sshd[2258]: pam_unix(sshd:auth): check pass; user unknown
Mai 31 08:21:18 grml sshd[2258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.48.145.118
Mai 31 08:21:18 grml sshd[2254]: Failed password for invalid user public from 165.22.51.37 port 33486 ssh2
Mai 31 08:21:18 grml sshd[2254]: Received disconnect from 165.22.51.37 port 33486:11: Bye Bye [preauth]
Mai 31 08:21:18 grml sshd[2254]: Disconnected from 165.22.51.37 port 33486 [preauth]
Mai 31 08:21:20 grml sshd[2258]: Failed password for invalid user 11111 from 36.48.145.118 port 5487 ssh2
Mai 31 08:21:20 grml sshd[2256]: Invalid user miss from 218.78.46.81 port 38052
Mai 31 08:21:20 grml sshd[2256]: input_userauth_request: invalid user miss [preauth]
Mai 31 08:21:20 grml sshd[2256]: pam_unix(sshd:auth): check pass; user unknown
Mai 31 08:21:20 grml sshd[2256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.78.46.81
Mai 31 08:21:20 grml sshd[2258]: Received disconnect from 36.48.145.118 port 5487:11: Bye Bye [preauth]
Mai 31 08:21:20 grml sshd[2258]: Disconnected from 36.48.145.118 port 5487 [preauth]
Mai 31 08:21:22 grml sshd[2256]: Failed password for invalid user miss from 218.78.46.81 port 38052 ssh2
Mai 31 08:21:22 grml sshd[2256]: Received disconnect from 218.78.46.81 port 38052:11: Bye Bye [preauth]
Mai 31 08:21:22 grml sshd[2256]: Disconnected from 218.78.46.81 port 38052 [preauth]
Mai 31 08:22:01 grml sshd[2260]: Invalid user easson from 219.139.130.49 port 6812
Mai 31 08:22:01 grml sshd[2260]: input_userauth_request: invalid user easson [preauth]
Mai 31 08:22:01 grml sshd[2260]: pam_unix(sshd:auth): check pass; user unknown
Mai 31 08:22:01 grml sshd[2260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.139.130.49
Mai 31 08:22:03 grml sshd[2260]: Failed password for invalid user easson from 219.139.130.49 port 6812 ssh2
Mai 31 08:22:04 grml sshd[2260]: Received disconnect from 219.139.130.49 port 6812:11: Bye Bye [preauth]
Mai 31 08:22:04 grml sshd[2260]: Disconnected from 219.139.130.49 port 6812 [preauth]
Mai 31 08:22:14 grml sshd[2262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.92.166.166 user=root
Mai 31 08:22:14 grml sshd[2264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.159.69.193 user=root
Mai 31 08:22:16 grml sshd[2262]: Failed password for root from 120.92.166.166 port 43512 ssh2
Mai 31 08:22:16 grml sshd[2262]: Received disconnect from 120.92.166.166 port 43512:11: Bye Bye [preauth]
Mai 31 08:22:16 grml sshd[2262]: Disconnected from 120.92.166.166 port 43512 [preauth]
Mai 31 08:22:16 grml sshd[2264]: Failed password for root from 115.159.69.193 port 44158 ssh2
Mai 31 08:22:17 grml sshd[2264]: Received disconnect from 115.159.69.193 port 44158:11: Bye Bye [preauth]
Mai 31 08:22:17 grml sshd[2264]: Disconnected from 115.159.69.193 port 44158 [preauth]
Mai 31 08:22:18 grml sshd[2266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.51.206.41 user=root
Mai 31 08:22:20 grml sshd[2266]: Failed password for root from 122.51.206.41 port 50010 ssh2
Mai 31 08:22:20 grml sshd[2266]: Received disconnect from 122.51.206.41 port 50010:11: Bye Bye [preauth]
Mai 31 08:22:20 grml sshd[2266]: Disconnected from 122.51.206.41 port 50010 [preauth]
Mai 31 08:22:32 grml sshd[2268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.204.205.125 user=root
Mai 31 08:22:35 grml sshd[2268]: Failed password for root from 129.204.205.125 port 60778 ssh2
Mai 31 08:22:36 grml sshd[2268]: Received disconnect from 129.204.205.125 port 60778:11: Bye Bye [preauth]
Mai 31 08:22:36 grml sshd[2268]: Disconnected from 129.204.205.125 port 60778 [preauth]
Mai 31 08:23:00 grml sshd[2270]: Invalid user joe from 152.136.137.227 port 45036
Mai 31 08:23:00 grml sshd[2270]: input_userauth_request: invalid user joe [preauth]
Mai 31 08:23:00 grml sshd[2270]: pam_unix(sshd:auth): check pass; user unknown
Mai 31 08:23:00 grml sshd[2270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.136.137.227
Mai 31 08:23:02 grml sshd[2270]: Failed password for invalid user joe from 152.136.137.227 port 45036 ssh2
Mai 31 08:23:02 grml sshd[2270]: Received disconnect from 152.136.137.227 port 45036:11: Bye Bye [preauth]
Mai 31 08:23:02 grml sshd[2270]: Disconnected from 152.136.137.227 port 45036 [preauth]
Mai 31 08:23:09 grml sshd[2272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.48.145.118 user=root
Mai 31 08:23:10 grml sshd[2274]: Invalid user mysql from 165.22.51.37 port 60700
Mai 31 08:23:10 grml sshd[2274]: input_userauth_request: invalid user mysql [preauth]
Mai 31 08:23:10 grml sshd[2274]: pam_unix(sshd:auth): check pass; user unknown
Mai 31 08:23:10 grml sshd[2274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.51.37
Mai 31 08:23:12 grml sshd[2272]: Failed password for root from 36.48.145.118 port 5896 ssh2
Mai 31 08:23:12 grml sshd[2274]: Failed password for invalid user mysql from 165.22.51.37 port 60700 ssh2
Mai 31 08:23:12 grml sshd[2274]: Received disconnect from 165.22.51.37 port 60700:11: Bye Bye [preauth]
Mai 31 08:23:12 grml sshd[2274]: Disconnected from 165.22.51.37 port 60700 [preauth]
Mai 31 08:23:12 grml sshd[2272]: Received disconnect from 36.48.145.118 port 5896:11: Bye Bye [preauth]
Mai 31 08:23:12 grml sshd[2272]: Disconnected from 36.48.145.118 port 5896 [preauth]
Mai 31 08:23:15 grml sshd[2276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.80.33.231 user=root
Mai 31 08:23:18 grml sshd[2276]: Failed password for root from 34.80.33.231 port 60348 ssh2
Mai 31 08:23:18 grml sshd[2276]: Received disconnect from 34.80.33.231 port 60348:11: Bye Bye [preauth]
Mai 31 08:23:18 grml sshd[2276]: Disconnected from 34.80.33.231 port 60348 [preauth]
Mai 31 08:23:35 grml sshd[2278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.10.87.20 user=root
Mai 31 08:23:36 grml sshd[2279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=140.246.156.179 user=root
Mai 31 08:23:36 grml sshd[2278]: Failed password for root from 103.10.87.20 port 39797 ssh2
Mai 31 08:23:37 grml sshd[2278]: Received disconnect from 103.10.87.20 port 39797:11: Bye Bye [preauth]
Mai 31 08:23:37 grml sshd[2278]: Disconnected from 103.10.87.20 port 39797 [preauth]
Mai 31 08:23:37 grml sshd[2279]: Failed password for root from 140.246.156.179 port 53200 ssh2
Mai 31 08:23:38 grml sshd[2279]: Received disconnect from 140.246.156.179 port 53200:11: Bye Bye [preauth]
Mai 31 08:23:38 grml sshd[2279]: Disconnected from 140.246.156.179 port 53200 [preauth]
Mai 31 08:23:51 grml sshd[2287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.78.46.81 user=root
Mai 31 08:23:53 grml sshd[2287]: Failed password for root from 218.78.46.81 port 50895 ssh2
Mai 31 08:23:53 grml sshd[2287]: Received disconnect from 218.78.46.81 port 50895:11: Bye Bye [preauth]
Mai 31 08:23:53 grml sshd[2287]: Disconnected from 218.78.46.81 port 50895 [preauth]
Mai 31 08:23:56 grml sshd[2286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.139.130.49 user=root
Mai 31 08:23:58 grml sshd[2286]: Failed password for root from 219.139.130.49 port 6813 ssh2
Mai 31 08:23:58 grml sshd[2286]: Received disconnect from 219.139.130.49 port 6813:11: Bye Bye [preauth]
Mai 31 08:23:58 grml sshd[2286]: Disconnected from 219.139.130.49 port 6813 [preauth]
Mai 31 08:24:03 grml sshd[2290]: Invalid user cacti from 104.248.153.158 port 58544
Mai 31 08:24:03 grml sshd[2290]: input_userauth_request: invalid user cacti [preauth]
Mai 31 08:24:03 grml sshd[2290]: pam_unix(sshd:auth): check pass; user unknown
Mai 31 08:24:03 grml sshd[2290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.153.158
Mai 31 08:24:05 grml sshd[2290]: Failed password for invalid user cacti from 104.248.153.158 port 58544 ssh2
Mai 31 08:24:05 grml sshd[2290]: Received disconnect from 104.248.153.158 port 58544:11: Bye Bye [preauth]
Mai 31 08:24:05 grml sshd[2290]: Disconnected from 104.248.153.158 port 58544 [preauth]
Mai 31 08:24:06 grml sshd[2292]: Invalid user chip from 50.70.229.239 port 49564
Mai 31 08:24:06 grml sshd[2292]: input_userauth_request: invalid user chip [preauth]
Mai 31 08:24:06 grml sshd[2292]: pam_unix(sshd:auth): check pass; user unknown
Mai 31 08:24:06 grml sshd[2292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.70.229.239
Mai 31 08:24:07 grml sshd[2293]: Invalid user mike from 192.144.227.105 port 59370
Mai 31 08:24:07 grml sshd[2293]: input_userauth_request: invalid user mike [preauth]
Mai 31 08:24:07 grml sshd[2293]: pam_unix(sshd:auth): check pass; user unknown
Mai 31 08:24:07 grml sshd[2293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.144.227.105
Mai 31 08:24:08 grml sshd[2292]: Failed password for invalid user chip from 50.70.229.239 port 49564 ssh2
Mai 31 08:24:08 grml sshd[2292]: Received disconnect from 50.70.229.239 port 49564:11: Bye Bye [preauth]
Mai 31 08:24:08 grml sshd[2292]: Disconnected from 50.70.229.239 port 49564 [preauth]
Mai 31 08:24:09 grml sshd[2293]: Failed password for invalid user mike from 192.144.227.105 port 59370 ssh2
Mai 31 08:24:09 grml sshd[2293]: Received disconnect from 192.144.227.105 port 59370:11: Bye Bye [preauth]
Mai 31 08:24:09 grml sshd[2293]: Disconnected from 192.144.227.105 port 59370 [preauth]
Mai 31 08:24:14 grml sshd[2296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.51.206.41 user=root
Mai 31 08:24:16 grml sshd[2296]: Failed password for root from 122.51.206.41 port 41478 ssh2
Mai 31 08:24:16 grml sshd[2296]: Received disconnect from 122.51.206.41 port 41478:11: Bye Bye [preauth]
Mai 31 08:24:16 grml sshd[2296]: Disconnected from 122.51.206.41 port 41478 [preauth]
Mai 31 08:24:47 grml sshd[2301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.204.205.125 user=root
Mai 31 08:24:49 grml sshd[2301]: Failed password for root from 129.204.205.125 port 59144 ssh2
Mai 31 08:24:49 grml sshd[2301]: Received disconnect from 129.204.205.125 port 59144:11: Bye Bye [preauth]
Mai 31 08:24:49 grml sshd[2301]: Disconnected from 129.204.205.125 port 59144 [preauth]
Mai 31 08:24:49 grml sshd[2300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.173.226 user=root
Mai 31 08:24:51 grml sshd[2300]: Failed password for root from 222.186.173.226 port 31969 ssh2
Mai 31 08:24:54 grml sshd[2300]: Failed password for root from 222.186.173.226 port 31969 ssh2
Mai 31 08:24:57 grml sshd[2300]: Failed password for root from 222.186.173.226 port 31969 ssh2
Mai 31 08:25:01 grml sshd[2300]: Failed password for root from 222.186.173.226 port 31969 ssh2
Mai 31 08:25:01 grml sshd[2306]: Invalid user info from 165.22.51.37 port 59690
Mai 31 08:25:01 grml sshd[2306]: input_userauth_request: invalid user info [preauth]
Mai 31 08:25:01 grml sshd[2306]: pam_unix(sshd:auth): check pass; user unknown
Mai 31 08:25:01 grml sshd[2306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.51.37
Mai 31 08:25:03 grml sshd[2306]: Failed password for invalid user info from 165.22.51.37 port 59690 ssh2
Mai 31 08:25:03 grml sshd[2306]: Received disconnect from 165.22.51.37 port 59690:11: Bye Bye [preauth]
Mai 31 08:25:03 grml sshd[2306]: Disconnected from 165.22.51.37 port 59690 [preauth]
Mai 31 08:25:04 grml sshd[2300]: Failed password for root from 222.186.173.226 port 31969 ssh2
Mai 31 08:25:04 grml sshd[2300]: error: maximum authentication attempts exceeded for root from 222.186.173.226 port 31969 ssh2 [preauth]
Mai 31 08:25:04 grml sshd[2300]: Disconnecting: Too many authentication failures [preauth]
Mai 31 08:25:04 grml sshd[2300]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.173.226 user=root
Mai 31 08:25:04 grml sshd[2300]: PAM service(sshd) ignoring max retries; 5 > 3
Mai 31 08:25:06 grml sshd[2304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.48.145.118 user=root
Mai 31 08:25:07 grml sshd[2304]: Failed password for root from 36.48.145.118 port 5419 ssh2
Mai 31 08:25:08 grml sshd[2304]: Received disconnect from 36.48.145.118 port 5419:11: Bye Bye [preauth]
Mai 31 08:25:08 grml sshd[2304]: Disconnected from 36.48.145.118 port 5419 [preauth]
Mai 31 08:25:09 grml sshd[2308]: Invalid user sk from 192.241.135.34 port 32782
Mai 31 08:25:09 grml sshd[2308]: input_userauth_request: invalid user sk [preauth]
Mai 31 08:25:09 grml sshd[2308]: pam_unix(sshd:auth): check pass; user unknown
Mai 31 08:25:09 grml sshd[2308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.135.34
Mai 31 08:25:11 grml sshd[2308]: Failed password for invalid user sk from 192.241.135.34 port 32782 ssh2
Mai 31 08:25:11 grml sshd[2308]: Received disconnect from 192.241.135.34 port 32782:11: Bye Bye [preauth]
Mai 31 08:25:11 grml sshd[2308]: Disconnected from 192.241.135.34 port 32782 [preauth]

Thank you

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Server Offline After Reboot

Post by TrevorH » 2020/05/31 12:08:55

But that looks like the log from your rescue system not the log from your real system. You should probably be using your rescue system to look at the logs that are on your real filesystem's /var/log directory not the output from dmesg on the rescue system.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

stevegr
Posts: 7
Joined: 2020/05/27 19:09:28

Re: Server Offline After Reboot

Post by stevegr » 2020/05/31 13:48:45

TrevorH wrote:
2020/05/31 12:08:55
But that looks like the log from your rescue system not the log from your real system. You should probably be using your rescue system to look at the logs that are on your real filesystem's /var/log directory not the output from dmesg on the rescue system.
You right i didnt see it at the first time
Now i reinstall the server to check for the problem.

For more i will post again soon

stevegr
Posts: 7
Joined: 2020/05/27 19:09:28

Re: Server Offline After Reboot

Post by stevegr » 2020/05/31 14:47:46

Here is the logs
But i cant find something wrong.

As i said the installation is fresh. So when installation finished i send restart command and everthing was fine.
Then installed the csf. After csf i cant connect to the server.
I belive is a firewall / port issue but i cant find what.

May 31 15:52:08 ms446 systemd: Starting ConfigServer Firewall & Security - csf...
May 31 15:52:10 ms446 csf: Flushing chain `INPUT'
May 31 15:52:10 ms446 csf: Flushing chain `FORWARD'
May 31 15:52:10 ms446 csf: Flushing chain `OUTPUT'
May 31 15:52:10 ms446 csf: Flushing chain `PREROUTING'
May 31 15:52:10 ms446 csf: Flushing chain `INPUT'
May 31 15:52:10 ms446 csf: Flushing chain `OUTPUT'
May 31 15:52:10 ms446 csf: Flushing chain `POSTROUTING'
May 31 15:52:11 ms446 csf: Flushing chain `PREROUTING'
May 31 15:52:11 ms446 csf: Flushing chain `OUTPUT'
May 31 15:52:11 ms446 csf: Flushing chain `PREROUTING'
May 31 15:52:11 ms446 csf: Flushing chain `INPUT'
May 31 15:52:11 ms446 csf: Flushing chain `FORWARD'
May 31 15:52:11 ms446 csf: Flushing chain `OUTPUT'
May 31 15:52:11 ms446 csf: Flushing chain `POSTROUTING'
May 31 15:52:11 ms446 csf: Flushing chain `INPUT'
May 31 15:52:11 ms446 csf: Flushing chain `FORWARD'
May 31 15:52:11 ms446 csf: Flushing chain `OUTPUT'
May 31 15:52:11 ms446 csf: Flushing chain `PREROUTING'
May 31 15:52:11 ms446 csf: Flushing chain `INPUT'
May 31 15:52:11 ms446 csf: Flushing chain `OUTPUT'
May 31 15:52:11 ms446 csf: Flushing chain `POSTROUTING'
May 31 15:52:11 ms446 csf: Flushing chain `PREROUTING'
May 31 15:52:11 ms446 csf: Flushing chain `OUTPUT'
May 31 15:52:11 ms446 csf: Flushing chain `PREROUTING'
May 31 15:52:11 ms446 csf: Flushing chain `INPUT'
May 31 15:52:11 ms446 csf: Flushing chain `FORWARD'
May 31 15:52:11 ms446 csf: Flushing chain `OUTPUT'
May 31 15:52:11 ms446 csf: Flushing chain `POSTROUTING'
May 31 15:52:12 ms446 csf: csf: FASTSTART loading DROP no logging (IPv4)
May 31 15:52:12 ms446 csf: csf: FASTSTART loading DROP no logging (IPv6)
May 31 15:52:12 ms446 csf: LOG tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *TCP_IN Blocked* "
May 31 15:52:12 ms446 csf: LOG tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x17/0x02 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *TCP_OUT Blocked* "
May 31 15:52:12 ms446 csf: LOG udp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *UDP_IN Blocked* "
May 31 15:52:12 ms446 csf: LOG udp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *UDP_OUT Blocked* "
May 31 15:52:12 ms446 csf: LOG icmp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *ICMP_IN Blocked* "
May 31 15:52:12 ms446 csf: LOG icmp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *ICMP_OUT Blocked* "
May 31 15:52:12 ms446 csf: LOG tcp opt in * out * ::/0 -> ::/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *TCP6IN Blocked* "
May 31 15:52:12 ms446 csf: LOG tcp opt in * out * ::/0 -> ::/0 tcp flags:0x17/0x02 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *TCP6OUT Blocked* "
May 31 15:52:12 ms446 csf: LOG udp opt in * out * ::/0 -> ::/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *UDP6IN Blocked* "
May 31 15:52:12 ms446 csf: LOG udp opt in * out * ::/0 -> ::/0 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *UDP6OUT Blocked* "
May 31 15:52:12 ms446 csf: LOG icmpv6 opt in * out * ::/0 -> ::/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *ICMP6IN Blocked* "
May 31 15:52:13 ms446 csf: LOG icmpv6 opt in * out * ::/0 -> ::/0 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *ICMP6OUT Blocked* "
May 31 15:52:13 ms446 csf: DROP all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0
May 31 15:52:13 ms446 csf: REJECT all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 reject-with icmp-port-unreachable
May 31 15:52:13 ms446 csf: DROP all opt in * out * ::/0 -> ::/0
May 31 15:52:13 ms446 csf: REJECT all opt in * out * ::/0 -> ::/0 reject-with icmp6-port-unreachable
May 31 15:52:13 ms446 csf: DENYOUT all opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0
May 31 15:52:13 ms446 csf: DENYIN all opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0
May 31 15:52:13 ms446 csf: ALLOWOUT all opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0
May 31 15:52:13 ms446 csf: ALLOWIN all opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0
May 31 15:52:13 ms446 csf: DENYOUT all opt in * out !lo ::/0 -> ::/0
May 31 15:52:13 ms446 csf: DENYIN all opt in !lo out * ::/0 -> ::/0
May 31 15:52:13 ms446 csf: ALLOWOUT all opt in * out !lo ::/0 -> ::/0
May 31 15:52:13 ms446 csf: ALLOWIN all opt in !lo out * ::/0 -> ::/0
May 31 15:52:13 ms446 csf: csf: FASTSTART loading Packet Filter (IPv4)
May 31 15:52:13 ms446 csf: csf: FASTSTART loading Packet Filter (IPv6)
May 31 15:52:13 ms446 csf: DROP all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0
May 31 15:52:13 ms446 csf: INVALID tcp opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0
May 31 15:52:13 ms446 csf: INVALID tcp opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0
May 31 15:52:13 ms446 csf: DROP all opt in * out * ::/0 -> ::/0
May 31 15:52:13 ms446 csf: INVALID tcp opt in !lo out * ::/0 -> ::/0
May 31 15:52:14 ms446 csf: INVALID tcp opt in * out !lo ::/0 -> ::/0
May 31 15:52:14 ms446 csf: csf: FASTSTART loading csf.allow (IPv4)
May 31 15:52:14 ms446 csf: csf: FASTSTART loading csf.allow (IPv6)
May 31 15:52:14 ms446 csf: ACCEPT icmp opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0 icmptype 8 limit: avg 1/sec burst 5
May 31 15:52:14 ms446 csf: LOGDROPIN icmp opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0 icmptype 8
May 31 15:52:14 ms446 csf: ACCEPT icmp opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0
May 31 15:52:14 ms446 csf: ACCEPT icmp opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0
May 31 15:52:14 ms446 csf: ACCEPT icmpv6 opt in !lo out * ::/0 -> ::/0
May 31 15:52:14 ms446 csf: ACCEPT icmpv6 opt in * out !lo ::/0 -> ::/0
May 31 15:52:14 ms446 csf: ACCEPT all opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0 ctstate RELATED,ESTABLISHED
May 31 15:52:14 ms446 csf: ACCEPT all opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0 ctstate RELATED,ESTABLISHED
May 31 15:52:14 ms446 csf: ACCEPT all opt in !lo out * ::/0 -> ::/0 ctstate RELATED,ESTABLISHED
May 31 15:52:14 ms446 csf: ACCEPT all opt in * out !lo ::/0 -> ::/0 ctstate RELATED,ESTABLISHED
May 31 15:52:14 ms446 csf: csf: FASTSTART loading TCP_IN (IPv4)
May 31 15:52:14 ms446 csf: csf: FASTSTART loading TCP6_IN (IPv6)
May 31 15:52:14 ms446 csf: csf: FASTSTART loading TCP_OUT (IPv4)
May 31 15:52:14 ms446 csf: csf: FASTSTART loading TCP6_OUT (IPv6)
May 31 15:52:14 ms446 csf: csf: FASTSTART loading UDP_IN (IPv4)
May 31 15:52:14 ms446 csf: csf: FASTSTART loading UDP6_IN (IPv6)
May 31 15:52:14 ms446 csf: csf: FASTSTART loading UDP_OUT (IPv4)
May 31 15:52:14 ms446 csf: csf: FASTSTART loading UDP6_OUT (IPv6)
May 31 15:52:14 ms446 csf: ACCEPT all opt -- in lo out * 0.0.0.0/0 -> 0.0.0.0/0
May 31 15:52:14 ms446 csf: ACCEPT all opt -- in * out lo 0.0.0.0/0 -> 0.0.0.0/0
May 31 15:52:14 ms446 csf: LOGDROPOUT all opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0
May 31 15:52:14 ms446 csf: LOGDROPIN all opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0
May 31 15:52:14 ms446 csf: ACCEPT all opt in lo out * ::/0 -> ::/0
May 31 15:52:14 ms446 csf: ACCEPT all opt in * out lo ::/0 -> ::/0
May 31 15:52:14 ms446 csf: LOGDROPOUT all opt in * out !lo ::/0 -> ::/0
May 31 15:52:14 ms446 csf: LOGDROPIN all opt in !lo out * ::/0 -> ::/0
May 31 15:52:14 ms446 csf: csf: FASTSTART loading DNS (IPv4)
May 31 15:52:14 ms446 csf: csf: FASTSTART loading DNS (IPv6)
May 31 15:52:14 ms446 csf: LOCALOUTPUT all opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0
May 31 15:52:15 ms446 csf: LOCALINPUT all opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0
May 31 15:52:15 ms446 csf: LOCALOUTPUT all opt in * out !lo ::/0 -> ::/0
May 31 15:52:15 ms446 csf: LOCALINPUT all opt in !lo out * ::/0 -> ::/0
May 31 15:52:15 ms446 systemd: Started ConfigServer Firewall & Security - csf.
May 31 15:52:18 ms446 systemd: Starting ConfigServer Firewall & Security - lfd...
May 31 15:52:20 ms446 systemd: Started ConfigServer Firewall & Security - lfd.
May 31 15:52:22 ms446 systemd: Reloading.
May 31 15:52:24 ms446 systemd: Reloading.
May 31 15:52:28 ms446 kernel: Firewall: *TCP_IN Blocked* IN=enp4s0f0 OUT= MAC=38:ea:a7:0f:91:a8:98:5d:82:9e:9c:b5:08:00 SRC=195.54.160.159 DST=89.163.225.192 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=19193 PROTO=TCP SPT=41198 DPT=7789 WINDOW=1024 RES=0x00 SYN URGP=0
May 31 15:52:38 ms446 kernel: Firewall: *TCP_IN Blocked* IN=enp4s0f0 OUT= MAC=38:ea:a7:0f:91:a8:98:5d:82:9e:7f:d5:08:00 SRC=59.63.163.165 DST=89.163.225.192 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=40796 PROTO=TCP SPT=50262 DPT=14979 WINDOW=1024 RES=0x00 SYN URGP=0
May 31 15:52:44 ms446 kernel: Firewall: *TCP_IN Blocked* IN=enp4s0f0 OUT= MAC=38:ea:a7:0f:91:a8:98:5d:82:9e:9c:b5:08:00 SRC=89.248.168.244 DST=89.163.225.192 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=3406 PROTO=TCP SPT=49679 DPT=7858 WINDOW=1024 RES=0x00 SYN URGP=0
May 31 15:52:46 ms446 kernel: Firewall: *TCP_IN Blocked* IN=enp4s0f0 OUT= MAC=38:ea:a7:0f:91:a8:98:5d:82:9e:7f:d5:08:00 SRC=79.124.62.86 DST=89.163.225.192 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=31228 PROTO=TCP SPT=40204 DPT=9223 WINDOW=1024 RES=0x00 SYN URGP=0
May 31 15:52:57 ms446 kernel: Firewall: *UDP_IN Blocked* IN=enp4s0f0 OUT= MAC=38:ea:a7:0f:91:a8:98:5d:82:9e:9c:b5:08:00 SRC=185.203.253.131 DST=89.163.225.192 LEN=127 TOS=0x00 PREC=0x00 TTL=120 ID=11792 PROTO=UDP SPT=60542 DPT=59127 LEN=107
May 31 15:53:08 ms446 kernel: Firewall: *TCP_IN Blocked* IN=enp4s0f0 OUT= MAC=38:ea:a7:0f:91:a8:98:5d:82:9e:9c:b5:08:00 SRC=87.251.74.135 DST=89.163.225.192 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=36778 PROTO=TCP SPT=56061 DPT=2336 WINDOW=1024 RES=0x00 SYN URGP=0
May 31 15:53:11 ms446 kernel: Firewall: *TCP_IN Blocked* IN=enp4s0f0 OUT= MAC=38:ea:a7:0f:91:a8:98:5d:82:9e:7f:d5:08:00 SRC=223.255.169.254 DST=89.163.225.192 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=15204 PROTO=TCP SPT=36530 DPT=1433 WINDOW=1024 RES=0x00 SYN URGP=0
May 31 15:53:48 ms446 kernel: perf: interrupt took too long (5079 > 5011), lowering kernel.perf_event_max_sample_rate to 39000
May 31 15:54:11 ms446 kernel: Firewall: *TCP_IN Blocked* IN=enp4s0f0 OUT= MAC=38:ea:a7:0f:91:a8:98:5d:82:9e:9c:b5:08:00 SRC=89.248.168.244 DST=89.163.225.192 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=11415 PROTO=TCP SPT=49679 DPT=8163 WINDOW=1024 RES=0x00 SYN URGP=0
May 31 15:54:15 ms446 PAM-hulk[9697]: Brute force detection active: 580 LOGIN DENIED -- EXCESSIVE FAILURES -- IP TEMP BANNED
May 31 15:54:36 ms446 kernel: Firewall: *TCP_IN Blocked* IN=enp4s0f0 OUT= MAC=38:ea:a7:0f:91:a8:98:5d:82:9e:7f:d5:08:00 SRC=195.54.160.166 DST=89.163.225.192 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=11589 PROTO=TCP SPT=55410 DPT=8666 WINDOW=1024 RES=0x00 SYN URGP=0
May 31 15:54:43 ms446 kernel: Firewall: *TCP_IN Blocked* IN=enp4s0f0 OUT= MAC=38:ea:a7:0f:91:a8:98:5d:82:9e:9c:b5:08:00 SRC=37.49.226.7 DST=89.163.225.192 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=8850 PROTO=TCP SPT=51792 DPT=50802 WINDOW=1024 RES=0x00 SYN URGP=0
May 31 15:54:53 ms446 kernel: Firewall: *TCP_IN Blocked* IN=enp4s0f0 OUT= MAC=38:ea:a7:0f:91:a8:98:5d:82:9e:7f:d5:08:00 SRC=94.102.51.95 DST=89.163.225.192 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=21779 PROTO=TCP SPT=43086 DPT=35169 WINDOW=1024 RES=0x00 SYN URGP=0
May 31 15:54:59 ms446 kernel: Firewall: *TCP_IN Blocked* IN=enp4s0f0 OUT= MAC=38:ea:a7:0f:91:a8:98:5d:82:9e:7f:d5:08:00 SRC=162.243.144.248 DST=89.163.225.192 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=58556 DPT=27017 WINDOW=65535 RES=0x00 SYN URGP=0
May 31 15:55:01 ms446 systemd: Started Session 5 of user root.
May 31 15:55:06 ms446 kernel: Firewall: *TCP_IN Blocked* IN=enp4s0f0 OUT= MAC=38:ea:a7:0f:91:a8:98:5d:82:9e:7f:d5:08:00 SRC=194.26.29.53 DST=89.163.225.192 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=28737 PROTO=TCP SPT=51598 DPT=6209 WINDOW=1024 RES=0x00 SYN URGP=0
May 31 15:55:49 ms446 chronyd[550]: Selected source 195.50.171.101
May 31 15:55:51 ms446 kernel: Firewall: *TCP_IN Blocked* IN=enp4s0f0 OUT= MAC=38:ea:a7:0f:91:a8:98:5d:82:9e:7f:d5:08:00 SRC=87.251.74.132 DST=89.163.225.192 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=28755 PROTO=TCP SPT=44792 DPT=5674 WINDOW=1024 RES=0x00 SYN URGP=0
May 31 15:55:55 ms446 kernel: Firewall: *TCP_IN Blocked* IN=enp4s0f0 OUT= MAC=38:ea:a7:0f:91:a8:98:5d:82:9e:7f:d5:08:00 SRC=37.49.226.7 DST=89.163.225.192 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=56411 PROTO=TCP SPT=51792 DPT=5038 WINDOW=1024 RES=0x00 SYN URGP=0
May 31 15:56:03 ms446 kernel: Firewall: *TCP_IN Blocked* IN=enp4s0f0 OUT= MAC=38:ea:a7:0f:91:a8:98:5d:82:9e:7f:d5:08:00 SRC=164.52.24.176 DST=89.163.225.192 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=52795 DPT=992 WINDOW=65535 RES=0x00 SYN URGP=0
May 31 15:56:17 ms446 systemd-logind: New session 6 of user root.
May 31 15:56:17 ms446 systemd: Started Session 6 of user root.
May 31 15:56:23 ms446 kernel: Firewall: *TCP_IN Blocked* IN=enp4s0f0 OUT= MAC=38:ea:a7:0f:91:a8:98:5d:82:9e:7f:d5:08:00 SRC=80.82.77.33 DST=89.163.225.192 LEN=44 TOS=0x00 PREC=0x00 TTL=124 ID=27976 PROTO=TCP SPT=23320 DPT=2376 WINDOW=62376 RES=0x00 SYN URGP=0
May 31 15:56:35 ms446 kernel: Firewall: *TCP_IN Blocked* IN=enp4s0f0 OUT= MAC=38:ea:a7:0f:91:a8:98:5d:82:9e:9c:b5:08:00 SRC=78.128.113.42 DST=89.163.225.192 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=22962 PROTO=TCP SPT=50621 DPT=4494 WINDOW=1024 RES=0x00 SYN URGP=0
May 31 15:56:39 ms446 PAM-hulk[9830]: Brute force detection active: 580 LOGIN DENIED -- EXCESSIVE FAILURES -- IP TEMP BANNED
May 31 15:56:40 ms446 kernel: Firewall: *TCP_IN Blocked* IN=enp4s0f0 OUT= MAC=38:ea:a7:0f:91:a8:98:5d:82:9e:9c:b5:08:00 SRC=89.248.167.141 DST=89.163.225.192 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=21344 PROTO=TCP SPT=8080 DPT=3955 WINDOW=1024 RES=0x00 SYN URGP=0
May 31 15:56:46 ms446 kernel: Firewall: *TCP_IN Blocked* IN=enp4s0f0 OUT= MAC=38:ea:a7:0f:91:a8:98:5d:82:9e:9c:b5:08:00 SRC=87.251.74.126 DST=89.163.225.192 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=16597 PROTO=TCP SPT=44693 DPT=8008 WINDOW=1024 RES=0x00 SYN URGP=0
May 31 15:57:18 ms446 kernel: Firewall: *TCP_IN Blocked* IN=enp4s0f0 OUT= MAC=38:ea:a7:0f:91:a8:98:5d:82:9e:7f:d5:08:00 SRC=202.102.144.117 DST=89.163.225.192 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=51565 PROTO=TCP SPT=58005 DPT=6051 WINDOW=1024 RES=0x00 SYN URGP=0
May 31 15:57:34 ms446 kernel: Firewall: *TCP_IN Blocked* IN=enp4s0f0 OUT= MAC=38:ea:a7:0f:91:a8:98:5d:82:9e:7f:d5:08:00 SRC=36.229.48.214 DST=89.163.225.192 LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=56812 PROTO=TCP SPT=23635 DPT=37215 WINDOW=45021 RES=0x00 SYN URGP=0
May 31 15:57:39 ms446 kernel: Firewall: *TCP_IN Blocked* IN=enp4s0f0 OUT= MAC=38:ea:a7:0f:91:a8:98:5d:82:9e:9c:b5:08:00 SRC=46.161.27.75 DST=89.163.225.192 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=30230 PROTO=TCP SPT=50588 DPT=4373 WINDOW=1024 RES=0x00 SYN URGP=0
May 31 15:57:50 ms446 kernel: Firewall: *TCP_IN Blocked* IN=enp4s0f0 OUT= MAC=38:ea:a7:0f:91:a8:98:5d:82:9e:9c:b5:08:00 SRC=89.248.168.244 DST=89.163.225.192 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=53108 PROTO=TCP SPT=49679 DPT=6955 WINDOW=1024 RES=0x00 SYN URGP=0
May 31 15:57:58 ms446 kernel: Firewall: *TCP_IN Blocked* IN=enp4s0f0 OUT= MAC=38:ea:a7:0f:91:a8:98:5d:82:9e:9c:b5:08:00 SRC=83.97.20.35 DST=89.163.225.192 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=60639 DPT=5050 WINDOW=65535 RES=0x00 SYN URGP=0
May 31 15:58:09 ms446 kernel: Firewall: *TCP_IN Blocked* IN=enp4s0f0 OUT= MAC=38:ea:a7:0f:91:a8:98:5d:82:9e:9c:b5:08:00 SRC=94.102.51.17 DST=89.163.225.192 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=40063 PROTO=TCP SPT=40479 DPT=10144 WINDOW=1024 RES=0x00 SYN URGP=0
May 31 15:58:22 ms446 kernel: Firewall: *TCP_IN Blocked* IN=enp4s0f0 OUT= MAC=38:ea:a7:0f:91:a8:98:5d:82:9e:9c:b5:08:00 SRC=164.52.24.177 DST=89.163.225.192 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=51046 DPT=8090 WINDOW=65535 RES=0x00 SYN URGP=0
May 31 15:58:38 ms446 kernel: Firewall: *TCP_IN Blocked* IN=enp4s0f0 OUT= MAC=38:ea:a7:0f:91:a8:98:5d:82:9e:7f:d5:08:00 SRC=2.45.100.120 DST=89.163.225.192 LEN=44 TOS=0x00 PREC=0x00 TTL=54 ID=41411 PROTO=TCP SPT=53990 DPT=9001 WINDOW=25342 RES=0x00 SYN URGP=0
May 31 15:58:52 ms446 PAM-hulk[9964]: Brute force detection active: 580 LOGIN DENIED -- EXCESSIVE FAILURES -- IP TEMP BANNED
May 31 15:59:04 ms446 kernel: Firewall: *TCP_IN Blocked* IN=enp4s0f0 OUT= MAC=38:ea:a7:0f:91:a8:98:5d:82:9e:9c:b5:08:00 SRC=195.54.160.243 DST=89.163.225.192 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=16117 PROTO=TCP SPT=40868 DPT=35539 WINDOW=1024 RES=0x00 SYN URGP=0
May 31 15:59:06 ms446 kernel: Firewall: *UDP_IN Blocked* IN=enp4s0f0 OUT= MAC=38:ea:a7:0f:91:a8:98:5d:82:9e:9c:b5:08:00 SRC=80.82.77.245 DST=89.163.225.192 LEN=57 TOS=0x00 PREC=0x00 TTL=251 ID=54321 PROTO=UDP SPT=34099 DPT=631 LEN=37
May 31 15:59:35 ms446 kernel: perf: interrupt took too long (6414 > 6348), lowering kernel.perf_event_max_sample_rate to 31000
May 31 15:59:43 ms446 kernel: Firewall: *TCP_IN Blocked* IN=enp4s0f0 OUT= MAC=38:ea:a7:0f:91:a8:98:5d:82:9e:9c:b5:08:00 SRC=89.248.167.141 DST=89.163.225.192 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=50330 PROTO=TCP SPT=8080 DPT=4214 WINDOW=1024 RES=0x00 SYN URGP=0
May 31 15:59:46 ms446 kernel: Firewall: *TCP_IN Blocked* IN=enp4s0f0 OUT= MAC=38:ea:a7:0f:91:a8:98:5d:82:9e:9c:b5:08:00 SRC=195.54.160.159 DST=89.163.225.192 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=12130 PROTO=TCP SPT=41198 DPT=8877 WINDOW=1024 RES=0x00 SYN URGP=0
May 31 15:59:49 ms446 kernel: Firewall: *TCP_IN Blocked* IN=enp4s0f0 OUT= MAC=38:ea:a7:0f:91:a8:98:5d:82:9e:7f:d5:08:00 SRC=89.248.168.244 DST=89.163.225.192 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=10450 PROTO=TCP SPT=49679 DPT=8490 WINDOW=1024 RES=0x00 SYN URGP=0
May 31 16:00:01 ms446 systemd: Started Session 7 of user root.
May 31 16:00:01 ms446 systemd: Started Session 8 of user root.
May 31 16:00:01 ms446 systemd: Started Session 9 of user root.
May 31 16:00:59 ms446 kernel: Firewall: *TCP_IN Blocked* IN=enp4s0f0 OUT= MAC=38:ea:a7:0f:91:a8:98:5d:82:9e:7f:d5:08:00 SRC=162.243.140.139 DST=89.163.225.192 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=48091 DPT=4369 WINDOW=65535 RES=0x00 SYN URGP=0
May 31 16:01:01 ms446 systemd: Started Session 10 of user root.
May 31 16:01:01 ms446 systemd: Started Session 11 of user root.
May 31 16:01:03 ms446 kernel: Firewall: *TCP_IN Blocked* IN=enp4s0f0 OUT= MAC=38:ea:a7:0f:91:a8:98:5d:82:9e:9c:b5:08:00 SRC=46.161.27.75 DST=89.163.225.192 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=18390 PROTO=TCP SPT=50588 DPT=3998 WINDOW=1024 RES=0x00 SYN URGP=0
May 31 16:01:20 ms446 kernel: Firewall: *TCP_IN Blocked* IN=enp4s0f0 OUT= MAC=38:ea:a7:0f:91:a8:98:5d:82:9e:9c:b5:08:00 SRC=89.248.168.244 DST=89.163.225.192 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=4733 PROTO=TCP SPT=49580 DPT=762 WINDOW=1024 RES=0x00 SYN URGP=0
May 31 16:01:32 ms446 kernel: Firewall: *TCP_IN Blocked* IN=enp4s0f0 OUT= MAC=38:ea:a7:0f:91:a8:98:5d:82:9e:9c:b5:08:00 SRC=80.82.65.74 DST=89.163.225.192 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=49773 PROTO=TCP SPT=44397 DPT=54321 WINDOW=1024 RES=0x00 SYN URGP=0
May 31 16:01:36 ms446 kernel: Firewall: *TCP_IN Blocked* IN=enp4s0f0 OUT= MAC=38:ea:a7:0f:91:a8:98:5d:82:9e:7f:d5:08:00 SRC=210.106.219.82 DST=89.163.225.192 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=16440 DF PROTO=TCP SPT=19201 DPT=81 WINDOW=14600 RES=0x00 SYN URGP=0
May 31 16:01:39 ms446 kernel: Firewall: *TCP_IN Blocked* IN=enp4s0f0 OUT= MAC=38:ea:a7:0f:91:a8:98:5d:82:9e:9c:b5:08:00 SRC=87.251.74.126 DST=89.163.225.192 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=21389 PROTO=TCP SPT=44693 DPT=40100 WINDOW=1024 RES=0x00 SYN URGP=0
May 31 16:01:52 ms446 kernel: Firewall: *TCP_IN Blocked* IN=enp4s0f0 OUT= MAC=38:ea:a7:0f:91:a8:98:5d:82:9e:9c:b5:08:00 SRC=185.107.80.34 DST=89.163.225.192 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=46396 DPT=60001 WINDOW=65535 RES=0x00 SYN URGP=0
May 31 16:02:23 ms446 systemd: Starting Cleanup of Temporary Directories...
May 31 16:02:23 ms446 systemd: Started Cleanup of Temporary Directories.
May 31 16:02:38 ms446 kernel: Firewall: *TCP_IN Blocked* IN=enp4s0f0 OUT= MAC=38:ea:a7:0f:91:a8:98:5d:82:9e:7f:d5:08:00 SRC=87.251.74.140 DST=89.163.225.192 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=27227 PROTO=TCP SPT=44773 DPT=7414 WINDOW=1024 RES=0x00 SYN URGP=0
May 31 16:02:52 ms446 kernel: Firewall: *TCP_IN Blocked* IN=enp4s0f0 OUT= MAC=38:ea:a7:0f:91:a8:98:5d:82:9e:9c:b5:08:00 SRC=87.251.74.141 DST=89.163.225.192 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=15477 PROTO=TCP SPT=55455 DPT=8314 WINDOW=1024 RES=0x00 SYN URGP=0
May 31 16:02:53 ms446 kernel: Firewall: *TCP_IN Blocked* IN=enp4s0f0 OUT= MAC=38:ea:a7:0f:91:a8:98:5d:82:9e:9c:b5:08:00 SRC=212.23.138.78 DST=89.163.225.192 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=41585 PROTO=TCP SPT=58401 DPT=623 WINDOW=1024 RES=0x00 SYN URGP=0
May 31 16:03:11 ms446 kernel: Firewall: *TCP_IN Blocked* IN=enp4s0f0 OUT= MAC=38:ea:a7:0f:91:a8:98:5d:82:9e:9c:b5:08:00 SRC=89.248.168.244 DST=89.163.225.192 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=44886 PROTO=TCP SPT=49679 DPT=7794 WINDOW=1024 RES=0x00 SYN URGP=0
May 31 16:03:33 ms446 kernel: Firewall: *TCP_IN Blocked* IN=enp4s0f0 OUT= MAC=38:ea:a7:0f:91:a8:98:5d:82:9e:9c:b5:08:00 SRC=92.63.197.53 DST=89.163.225.192 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=61180 PROTO=TCP SPT=43250 DPT=3002 WINDOW=1024 RES=0x00 SYN URGP=0
May 31 16:03:37 ms446 kernel: Firewall: *UDP_IN Blocked* IN=enp4s0f0 OUT= MAC=38:ea:a7:0f:91:a8:98:5d:82:9e:7f:d5:08:00 SRC=102.129.224.62 DST=89.163.225.192 LEN=46 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=UDP SPT=1470 DPT=1900 LEN=26
May 31 16:04:13 ms446 kernel: Firewall: *TCP_IN Blocked* IN=enp4s0f0 OUT= MAC=38:ea:a7:0f:91:a8:98:5d:82:9e:9c:b5:08:00 SRC=94.102.51.17 DST=89.163.225.192 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=37678 PROTO=TCP SPT=40479 DPT=10719 WINDOW=1024 RES=0x00 SYN URGP=0
May 31 16:04:14 ms446 kernel: Firewall: *TCP_IN Blocked* IN=enp4s0f0 OUT= MAC=38:ea:a7:0f:91:a8:98:5d:82:9e:9c:b5:08:00 SRC=89.248.168.244 DST=89.163.225.192 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=22103 PROTO=TCP SPT=49580 DPT=2322 WINDOW=1024 RES=0x00 SYN URGP=0
May 31 16:04:15 ms446 kernel: Firewall: *TCP_IN Blocked* IN=enp4s0f0 OUT= MAC=38:ea:a7:0f:91:a8:98:5d:82:9e:7f:d5:08:00 SRC=59.125.186.4 DST=89.163.225.192 LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=8226 PROTO=TCP SPT=24854 DPT=9000 WINDOW=4869 RES=0x00 SYN URGP=0
May 31 16:04:34 ms446 systemd-logind: New session 12 of user root.
May 31 16:04:34 ms446 systemd: Started Session 12 of user root.
May 31 16:04:35 ms446 kernel: Firewall: *TCP_IN Blocked* IN=enp4s0f0 OUT= MAC=38:ea:a7:0f:91:a8:98:5d:82:9e:7f:d5:08:00 SRC=195.54.160.225 DST=89.163.225.192 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=42286 PROTO=TCP SPT=43364 DPT=4485 WINDOW=1024 RES=0x00 SYN URGP=0
May 31 16:04:43 ms446 kernel: Firewall: *TCP_IN Blocked* IN=enp4s0f0 OUT= MAC=38:ea:a7:0f:91:a8:98:5d:82:9e:7f:d5:08:00 SRC=194.26.29.53 DST=89.163.225.192 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=29322 PROTO=TCP SPT=51598 DPT=5938 WINDOW=1024 RES=0x00 SYN URGP=0
May 31 16:04:56 ms446 kernel: Firewall: *TCP_IN Blocked* IN=enp4s0f0 OUT= MAC=38:ea:a7:0f:91:a8:98:5d:82:9e:9c:b5:08:00 SRC=89.248.168.244 DST=89.163.225.192 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=40779 PROTO=TCP SPT=49580 DPT=2328 WINDOW=1024 RES=0x00 SYN URGP=0
May 31 16:05:01 ms446 systemd: Started Session 13 of user root.
May 31 16:05:01 ms446 systemd: Started Session 14 of user root.
May 31 16:05:13 ms446 kernel: Firewall: *TCP_IN Blocked* IN=enp4s0f0 OUT= MAC=38:ea:a7:0f:91:a8:98:5d:82:9e:9c:b5:08:00 SRC=89.248.168.244 DST=89.163.225.192 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=1496 PROTO=TCP SPT=49679 DPT=9239 WINDOW=1024 RES=0x00 SYN URGP=0
May 31 16:05:34 ms446 systemd: Stopped Dump dmesg to /var/log/dmesg.
May 31 16:05:34 ms446 systemd: Stopping Session 6 of user root.
May 31 16:05:34 ms446 systemd: Stopping cPanel Log services...
May 31 16:05:34 ms446 systemd: Stopping Session 1 of user root.
May 31 16:05:34 ms446 systemd: Stopping cPanel Greylisting Daemon...
May 31 16:05:34 ms446 systemd: Stopping Session 12 of user root.
May 31 16:05:34 ms446 systemd: Stopping Apache SpamAssassinβ„Ά deferral daemon...
May 31 16:05:34 ms446 systemd: Stopped target Timers.
May 31 16:05:34 ms446 systemd: Stopped Daily Cleanup of Temporary Directories.
May 31 16:05:34 ms446 smartd[531]: smartd received signal 15: Terminated
May 31 16:05:34 ms446 systemd: Stopped target RPC Port Mapper.
May 31 16:05:34 ms446 smartd[531]: smartd is exiting (exit status 0)
May 31 16:05:34 ms446 systemd: Removed slice system-selinux\x2dpolicy\x2dmigrate\x2dlocal\x2dchanges.slice.
May 31 16:05:34 ms446 systemd: Stopping cPanel brute force detector services...
May 31 16:05:34 ms446 systemd: Stopped Stop Read-Ahead Data Collection 10s After Completed Startup.
May 31 16:05:34 ms446 systemd: Stopped target Multi-User System.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Server Offline After Reboot

Post by TrevorH » 2020/05/31 15:14:48

Unfortunately we do not support cpanel or CSF or the systems they are installed on. You'll need to ask cpanel for support.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Post Reply