호스팅서버 secure로그분석 바랍니다.

안녕하십니까? 오늘과내일의 홍석범입니다.

보내주신 로그만으로는 특이점이 없으며 더더욱 단순접속때문에 서버가 다운되지는 않습니다.
서버자체가 다운된다면 CPU나 RAM/board등 HW문제일 가능성이 높으므로 HW교체를 검토하시기 바랍니다.

임두환 님의 글

호스팅서버가 주말마다 죽습니다. 벌써3번쨉니다. 로그를 보면 특별한게 없는데요

제 아이피가 110번입니다. !!!!이거는 제가 임시로 표시(보안상)한거구요 제가 ssh2로 무차별

접속시도가 있어서 아이피테이블추가만 하기도 빡세서 포트만 살짝바꾸었는데

로그내용이 이해가 안가네요 xinetd 이게 뭘하는 데몬인지 20번은 호스팅서버 아이피인데요

뭘 시작했다가 나갔다는건지....조언부탁드립니다.

Aug  6 08:49:37 ns2 sshd[14855]: Accepted password for !!!!!!!! from 61.39.2.110 port 1068 ssh2
Aug  6 09:45:13 ns2 sshd[16754]: Accepted password for !!!!!!!! from 61.39.2.110 port 1999 ssh2
Aug  6 10:55:08 ns2 sshd[20054]: Accepted password for !!!!!!!! from 61.39.2.110 port 2460 ssh2
Aug  6 11:16:49 ns2 xinetd[752]: START: imap pid=21188 from=61.39.2.20
Aug  6 11:16:50 ns2 xinetd[752]: START: pop3 pid=21191 from=61.39.2.20
Aug  6 11:16:53 ns2 xinetd[752]: EXIT: imap pid=21188 duration=4(sec)
Aug  6 11:16:54 ns2 xinetd[752]: EXIT: pop3 pid=21191 duration=4(sec)
Aug  6 11:36:23 ns2 xinetd[752]: START: pop3 pid=21782 from=61.39.2.20
Aug  6 11:36:25 ns2 xinetd[752]: START: imap pid=21785 from=61.39.2.20
Aug  6 11:36:25 ns2 xinetd[752]: EXIT: imap pid=21785 duration=0(sec)
Aug  6 11:36:27 ns2 xinetd[752]: EXIT: pop3 pid=21782 duration=4(sec)
Aug  6 11:36:44 ns2 sshd[21805]: warning: can't get client address: Connection reset by peer
Aug  6 11:36:44 ns2 sshd[21805]: Could not write ident string to 61.39.2.20
Aug  6 11:36:45 ns2 xinetd[752]: START: imap pid=21806 from=61.39.2.20
Aug  6 11:36:45 ns2 xinetd[752]: START: pop3 pid=21809 from=61.39.2.20
Aug  6 11:36:45 ns2 xinetd[752]: EXIT: pop3 pid=21809 duration=0(sec)
Aug  6 11:36:53 ns2 xinetd[752]: EXIT: imap pid=21806 duration=8(sec)
Aug  6 11:38:09 ns2 xinetd[752]: START: pop3 pid=21896 from=61.39.2.20
Aug  6 11:38:09 ns2 xinetd[752]: EXIT: pop3 pid=21896 duration=0(sec)
Aug  6 11:38:09 ns2 xinetd[752]: START: imap pid=21898 from=61.39.2.20
Aug  6 11:38:09 ns2 xinetd[752]: EXIT: imap pid=21898 duration=0(sec)
Aug  6 11:38:09 ns2 sshd[21899]: Did not receive identification string from 61.39.2.20
Aug  6 11:50:58 ns2 sshd[22396]: Did not receive identification string from 61.39.2.20
Aug  6 11:51:00 ns2 xinetd[752]: START: imap pid=22401 from=61.39.2.20
Aug  6 11:51:00 ns2 xinetd[752]: EXIT: imap pid=22401 duration=0(sec)
Aug  6 11:51:00 ns2 xinetd[752]: START: pop3 pid=22407 from=61.39.2.20
Aug  6 11:51:04 ns2 xinetd[752]: EXIT: pop3 pid=22407 duration=4(sec)
Aug  6 11:53:21 ns2 sshd[22493]: Did not receive identification string from 61.39.2.20
Aug  6 11:53:22 ns2 xinetd[752]: START: imap pid=22494 from=61.39.2.20
Aug  6 11:53:22 ns2 xinetd[752]: EXIT: imap pid=22494 duration=0(sec)
Aug  6 11:53:22 ns2 xinetd[752]: START: pop3 pid=22495 from=61.39.2.20
Aug  6 11:53:26 ns2 xinetd[752]: EXIT: pop3 pid=22495 duration=4(sec)
Aug  6 13:11:26 ns2 xinetd[752]: START: imap pid=25611 from=61.39.2.20
Aug  6 13:11:26 ns2 sshd[25612]: Did not receive identification string from 61.39.2.20
Aug  6 13:11:26 ns2 xinetd[752]: START: pop3 pid=25613 from=61.39.2.20
Aug  6 13:11:30 ns2 xinetd[752]: EXIT: imap pid=25611 duration=4(sec)
Aug  6 13:11:34 ns2 xinetd[752]: EXIT: pop3 pid=25613 duration=8(sec)
Aug  6 13:39:03 ns2 sshd[26539]: Accepted password for kimgiu from 61.39.2.110 port 1467 ssh2
Aug  6 14:11:57 ns2 sshd[28009]: Accepted password for kimgiu from 61.39.2.110 port 2797 ssh2
Aug  6 14:20:43 ns2 sshd[28306]: refused connect from 61.39.2.111 (61.39.2.111)
Aug  6 14:21:05 ns2 sshd[28316]: refused connect from 61.39.2.111 (61.39.2.111)
Aug  6 14:21:43 ns2 sshd[28325]: Accepted password for kimgiu from 61.39.2.110 port 2871 ssh2
Aug  6 14:26:08 ns2 sshd[28410]: Accepted password for kimgiu from 61.39.2.110 port 2935 ssh2