asked on
--------------------- pam_unix Begin ------------------------
sshd:
Authentication Failures:
root (sd-29897.dedibox.fr): 108 Time(s)
unknown (sd-29897.dedibox.fr): 95 Time(s)
root (202.205.176.115): 15 Time(s)
postgres (sd-29897.dedibox.fr): 3 Time(s)
mysql (sd-29897.dedibox.fr): 2 Time(s)
unknown (202.205.176.115): 2 Time(s)
postgres (202.205.176.115): 1 Time(s)
root (118.126.14.158): 1 Time(s)
Invalid Users:
Unknown Account: 97 Time(s)
---------------------- pam_unix End -------------------------
--------------------- SSHD Begin ------------------------
Failed logins from:
88.190.23.184 (sd-29897.dedibox.fr): 113 times
118.126.14.158: 1 time
202.205.176.115: 16 times
Illegal users from:
88.190.23.184 (sd-29897.dedibox.fr): 95 times
202.205.176.115: 2 times
Received disconnect:
11: Bye Bye : 18 Time(s)
**Unmatched Entries**
pam_succeed_if(sshd:auth): error retrieving information about user ryan : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user stephanie : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user mike : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user johnson : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user music : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user adam : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user ina : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user alex : 4 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user test : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user webmaster : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user oracle : 10 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user angie : 2 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user nagios : 12 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user visitor : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user ice : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user shoutcast : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user demo : 3 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user media : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user michael : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user bill : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user user1 : 3 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user jacob : 3 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user web : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user lala : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user mythtv : 2 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user build : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user testftp : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user svn : 2 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user fax : 2 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user corrine : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user tv : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user ftp1 : 5 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user tomcat : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user ttt : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user zabbix : 2 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user max : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user user : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user jim : 2 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user weblogic : 2 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user contact : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user public : 2 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user aaa : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user amanda : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user usuario : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user ts : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user master : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user office : 2 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user gnax : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user deploy : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user upload : 6 time(s)
---------------------- SSHD End -------------------------
-------------------------
###################### Logwatch End #########################
ASKER
ASKER
Result of the command: "show run"
: Saved
:
ASA Version 8.0(4)
!
terminal width 511
hostname asa5505
domain-name (mydomain).secureserver.net
enable password (password jargon) encrypted
passwd (password jargon) encrypted
names
dns-guard
!
interface Vlan1
nameif inside
security-level 100
ip address 10.0.0.254 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address (ip address here) 255.255.255.0
!
interface Ethernet0/0
switchport access vlan 2
speed 100
duplex full
!
interface Ethernet0/1
speed 100
duplex full
!
interface Ethernet0/2
shutdown
!
interface Ethernet0/3
shutdown
!
interface Ethernet0/4
shutdown
!
interface Ethernet0/5
shutdown
!
interface Ethernet0/6
shutdown
!
interface Ethernet0/7
shutdown
!
ftp mode passive
dns server-group DefaultDNS
domain-name (mydomain).secureserver.net
access-list outside_access_in extended permit tcp any any eq ftp-data
access-list outside_access_in extended permit tcp any any eq ftp
access-list outside_access_in extended permit tcp any any eq ssh
access-list outside_access_in extended permit tcp any any eq 42
access-list outside_access_in extended permit udp any any eq nameserver
access-list outside_access_in extended permit tcp any any eq domain
access-list outside_access_in extended permit udp any any eq domain
access-list outside_access_in extended permit tcp any any eq www
access-list outside_access_in extended permit tcp any any eq pop3
access-list outside_access_in extended permit tcp any any eq https
access-list outside_access_in extended permit tcp any any eq 465
access-list outside_access_in extended permit tcp any any eq 587
access-list outside_access_in extended permit tcp any any eq 995
access-list outside_access_in extended permit tcp any any eq 993
access-list outside_access_in extended permit tcp any any eq 3389
access-list outside_access_in extended permit tcp any any eq 8443
access-list outside_access_in extended permit tcp any any eq 2006
access-list outside_access_in extended permit tcp any any eq 8447
access-list outside_access_in extended permit tcp any any eq 9999
access-list outside_access_in extended permit tcp any any eq 2086
access-list outside_access_in extended permit tcp any any eq 2087
access-list outside_access_in extended permit tcp any any eq 2082
access-list outside_access_in extended permit tcp any any eq 2083
access-list outside_access_in extended permit tcp any any eq 2096
access-list outside_access_in extended permit tcp any any eq 2095
access-list outside_access_in extended deny tcp any any eq telnet
access-list outside_access_in extended permit tcp any any eq smtp
access-list outside_access_in extended deny tcp any any eq imap4
access-list outside_access_in extended deny tcp any any eq 1433
access-list outside_access_in extended deny tcp any any eq 3306
access-list outside_access_in extended deny tcp any any eq 9080
access-list outside_access_in extended deny tcp any any eq 9090
access-list outside_access_in extended permit icmp any any echo-reply
access-list outside_access_in extended permit icmp any any source-quench
access-list outside_access_in extended permit icmp any any unreachable
access-list outside_access_in extended permit icmp any any time-exceeded
access-list outside_access_in remark Backups
access-list outside_access_in extended permit ip host (ip address here) any
access-list outside_access_in remark Backups
access-list outside_access_in extended permit ip host (another ip) any
access-list outside_access_in remark Backups
access-list outside_access_in extended permit ip host (another ip) any
access-list outside_access_in remark Backups
access-list outside_access_in extended permit icmp host (another ip) any echo
access-list outside_access_in remark Backups
access-list outside_access_in extended permit icmp host (another ip) any echo
access-list outside_access_in remark Backups
access-list outside_access_in extended permit icmp host (another ip) any echo
access-list inside_access_in extended permit ip any any
no pager
logging enable
logging timestamp
logging buffered warnings
logging history warnings
logging asdm notifications
logging queue 500
mtu inside 1500
mtu outside 1500
ip verify reverse-path interface outside
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-613.bin
asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (outside,inside) 10.0.0.1 (ip address here) netmask 255.255.255.255
static (inside,outside) (ip address here) 10.0.0.1 netmask 255.255.255.255
access-group inside_access_in in interface inside
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 (ip address here) 1
route outside 0.0.0.0 0.0.0.0 (ip address here) 1
route outside 0.0.0.0 255.255.255.0 (ip address here) 1
route outside 0.0.0.0 255.255.255.0 (ip address here) 1
route outside 192.168.101.3 255.255.255.255 (ip address here) 1
route outside 192.168.101.3 255.255.255.255 (ip address here) 1
route outside 192.168.105.3 255.255.255.255 (ip address here) 1
route outside 192.168.105.3 255.255.255.255 (ip address here) 1
route outside 192.168.109.3 255.255.255.255 (ip address here) 1
route outside 192.168.109.3 255.255.255.255 (ip address here) 1
route outside 208.109.96.4 255.255.255.255 (ip address here) 1
route outside 208.109.188.4 255.255.255.255 (ip address here) 1
route outside 216.69.160.4 255.255.255.255 (ip address here) 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa authentication ssh console LOCAL
http server enable
http 10.0.0.0 255.255.255.0 inside
http 0.0.0.0 0.0.0.0 outside
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 inside
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 5
console timeout 0
management-access outside
dhcpd auto_config outside
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
username (my username) password (encrypted pword) encrypted privilege 15
!
class-map inspection-default
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect http
inspect pptp
inspect ils
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:27ae7f20f3cf4c0caf143d8dd98e51e5
: end
ASKER
ASKER
MySQL is an open source, relational database management system that runs as a server providing multi-user access to a number of databases. Acquired by Oracle in 2009, it is frequently used in combination with PHP installations, powering most of the WordPress installations.
TRUSTED BY
What other ports are open to the Internet for this server? Not the SQL ports I hope. Also ensure that you have the server fully updated.