Menu

auth.log spam

Get Help
MACscr
2016-01-22
2016-01-22

  • MACscr

    MACscr - 2016-01-22

    Ah, so I think this might have been part of the reason why I woud get banned by fail2ban while in the web interface even though I was properly authenticated and before I was whitelisted within fail2ban. Anyway, seems while just sitting there and because of how you are doing the header stats reporting, its slamming apache with auth requests. Even when doing nothing because of the automated page updates for the stats. My auth file is 130MB and it installed a day yet, nor had my browser window open that much. here is an example of entries every couple seconds:

    Jan 22 03:55:02 mx1 sudo: www-data : TTY=unknown ; PWD=/var/www ; USER=root ; COMMAND=/var/www/bin/header.sh network
Jan 22 03:55:02 mx1 sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 03:55:03 mx1 sudo: pam_unix(sudo:session): session closed for user root
Jan 22 03:55:03 mx1 sudo: www-data : TTY=unknown ; PWD=/var/www ; USER=root ; COMMAND=/var/www/bin/header.sh services
Jan 22 03:55:03 mx1 sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 03:55:03 mx1 sudo: pam_unix(sudo:session): session closed for user root
Jan 22 03:55:04 mx1 sudo: www-data : TTY=unknown ; PWD=/var/www ; USER=root ; COMMAND=/var/www/bin/header.sh mem
Jan 22 03:55:04 mx1 sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 03:55:04 mx1 sudo: pam_unix(sudo:session): session closed for user root
Jan 22 03:55:04 mx1 sudo: www-data : TTY=unknown ; PWD=/var/www ; USER=root ; COMMAND=/var/www/bin/header.sh cpu
Jan 22 03:55:04 mx1 sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 03:55:06 mx1 sudo: pam_unix(sudo:session): session closed for user root
Jan 22 03:55:06 mx1 sudo: www-data : TTY=unknown ; PWD=/var/www ; USER=root ; COMMAND=/var/www/bin/header.sh disk
Jan 22 03:55:06 mx1 sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 03:55:07 mx1 sudo: pam_unix(sudo:session): session closed for user root
Jan 22 03:55:07 mx1 sudo: www-data : TTY=unknown ; PWD=/var/www ; USER=root ; COMMAND=/var/www/bin/header.sh network
Jan 22 03:55:07 mx1 sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 03:55:08 mx1 sudo: pam_unix(sudo:session): session closed for user root
Jan 22 03:55:08 mx1 sudo: www-data : TTY=unknown ; PWD=/var/www ; USER=root ; COMMAND=/var/www/bin/header.sh services
Jan 22 03:55:08 mx1 sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 03:55:08 mx1 sudo: pam_unix(sudo:session): session closed for user root
Jan 22 03:55:09 mx1 sudo: www-data : TTY=unknown ; PWD=/var/www ; USER=root ; COMMAND=/var/www/bin/header.sh mem
Jan 22 03:55:09 mx1 sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 03:55:09 mx1 sudo: pam_unix(sudo:session): session closed for user root
Jan 22 03:55:09 mx1 sudo: www-data : TTY=unknown ; PWD=/var/www ; USER=root ; COMMAND=/var/www/bin/header.sh cpu
Jan 22 03:55:09 mx1 sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 03:55:11 mx1 sudo: pam_unix(sudo:session): session closed for user root
Jan 22 03:55:11 mx1 sudo: www-data : TTY=unknown ; PWD=/var/www ; USER=root ; COMMAND=/var/www/bin/header.sh disk
Jan 22 03:55:11 mx1 sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 03:55:12 mx1 sudo: pam_unix(sudo:session): session closed for user root
Jan 22 03:55:12 mx1 sudo: www-data : TTY=unknown ; PWD=/var/www ; USER=root ; COMMAND=/var/www/bin/header.sh network
Jan 22 03:55:12 mx1 sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 03:55:13 mx1 sudo: pam_unix(sudo:session): session closed for user root
Jan 22 03:55:13 mx1 sudo: www-data : TTY=unknown ; PWD=/var/www ; USER=root ; COMMAND=/var/www/bin/header.sh services
Jan 22 03:55:13 mx1 sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 03:55:13 mx1 sudo: pam_unix(sudo:session): session closed for user root
Jan 22 03:55:14 mx1 sudo: www-data : TTY=unknown ; PWD=/var/www ; USER=root ; COMMAND=/var/www/bin/header.sh mem
Jan 22 03:55:14 mx1 sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 03:55:14 mx1 sudo: pam_unix(sudo:session): session closed for user root
Jan 22 03:55:14 mx1 sudo: www-data : TTY=unknown ; PWD=/var/www ; USER=root ; COMMAND=/var/www/bin/header.sh cpu
Jan 22 03:55:14 mx1 sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 03:55:16 mx1 sudo: pam_unix(sudo:session): session closed for user root
Jan 22 03:55:16 mx1 sudo: www-data : TTY=unknown ; PWD=/var/www ; USER=root ; COMMAND=/var/www/bin/header.sh disk
Jan 22 03:55:16 mx1 sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 03:55:17 mx1 sudo: pam_unix(sudo:session): session closed for user root
Jan 22 03:55:17 mx1 sudo: www-data : TTY=unknown ; PWD=/var/www ; USER=root ; COMMAND=/var/www/bin/header.sh network
Jan 22 03:55:17 mx1 sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 03:55:18 mx1 sudo: pam_unix(sudo:session): session closed for user root
Jan 22 03:55:18 mx1 sudo: www-data : TTY=unknown ; PWD=/var/www ; USER=root ; COMMAND=/var/www/bin/header.sh services
Jan 22 03:55:18 mx1 sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 03:55:18 mx1 sudo: pam_unix(sudo:session): session closed for user root
Jan 22 03:55:19 mx1 sudo: www-data : TTY=unknown ; PWD=/var/www ; USER=root ; COMMAND=/var/www/bin/header.sh mem
Jan 22 03:55:19 mx1 sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 03:55:19 mx1 sudo: pam_unix(sudo:session): session closed for user root
Jan 22 03:55:19 mx1 sudo: www-data : TTY=unknown ; PWD=/var/www ; USER=root ; COMMAND=/var/www/bin/header.sh cpu
Jan 22 03:55:19 mx1 sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 03:55:21 mx1 sudo: pam_unix(sudo:session): session closed for user root
Jan 22 03:55:21 mx1 sudo: www-data : TTY=unknown ; PWD=/var/www ; USER=root ; COMMAND=/var/www/bin/header.sh disk
Jan 22 03:55:21 mx1 sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 03:55:22 mx1 sudo: pam_unix(sudo:session): session closed for user root
Jan 22 03:55:22 mx1 sudo: www-data : TTY=unknown ; PWD=/var/www ; USER=root ; COMMAND=/var/www/bin/header.sh network
Jan 22 03:55:22 mx1 sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 03:55:23 mx1 sudo: pam_unix(sudo:session): session closed for user root
Jan 22 03:55:23 mx1 sudo: www-data : TTY=unknown ; PWD=/var/www ; USER=root ; COMMAND=/var/www/bin/header.sh services
Jan 22 03:55:23 mx1 sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 03:55:23 mx1 sudo: pam_unix(sudo:session): session closed for user root
Jan 22 03:55:24 mx1 sudo: www-data : TTY=unknown ; PWD=/var/www ; USER=root ; COMMAND=/var/www/bin/header.sh mem
Jan 22 03:55:24 mx1 sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 03:55:24 mx1 sudo: pam_unix(sudo:session): session closed for user root
Jan 22 03:55:24 mx1 sudo: www-data : TTY=unknown ; PWD=/var/www ; USER=root ; COMMAND=/var/www/bin/header.sh cpu
Jan 22 03:55:24 mx1 sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 03:55:26 mx1 sudo: pam_unix(sudo:session): session closed for user root
Jan 22 03:55:26 mx1 sudo: www-data : TTY=unknown ; PWD=/var/www ; USER=root ; COMMAND=/var/www/bin/header.sh disk
Jan 22 03:55:26 mx1 sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 03:55:27 mx1 sudo: pam_unix(sudo:session): session closed for user root
Jan 22 03:55:27 mx1 sudo: www-data : TTY=unknown ; PWD=/var/www ; USER=root ; COMMAND=/var/www/bin/header.sh network
Jan 22 03:55:27 mx1 sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 03:55:28 mx1 sudo: pam_unix(sudo:session): session closed for user root
Jan 22 03:55:28 mx1 sudo: www-data : TTY=unknown ; PWD=/var/www ; USER=root ; COMMAND=/var/www/bin/header.sh services
Jan 22 03:55:28 mx1 sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 03:55:28 mx1 sudo: pam_unix(sudo:session): session closed for user root
Jan 22 03:55:29 mx1 sudo: www-data : TTY=unknown ; PWD=/var/www ; USER=root ; COMMAND=/var/www/bin/header.sh mem
Jan 22 03:55:29 mx1 sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 03:55:29 mx1 sudo: pam_unix(sudo:session): session closed for user root
Jan 22 03:55:29 mx1 sudo: www-data : TTY=unknown ; PWD=/var/www ; USER=root ; COMMAND=/var/www/bin/header.sh cpu
Jan 22 03:55:29 mx1 sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 03:55:31 mx1 sudo: pam_unix(sudo:session): session closed for user root
Jan 22 03:55:31 mx1 sudo: www-data : TTY=unknown ; PWD=/var/www ; USER=root ; COMMAND=/var/www/bin/header.sh disk
Jan 22 03:55:31 mx1 sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 03:55:32 mx1 sudo: pam_unix(sudo:session): session closed for user root
Jan 22 03:55:32 mx1 sudo: www-data : TTY=unknown ; PWD=/var/www ; USER=root ; COMMAND=/var/www/bin/header.sh network
Jan 22 03:55:32 mx1 sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 03:55:33 mx1 sudo: pam_unix(sudo:session): session closed for user root
Jan 22 03:55:33 mx1 sudo: www-data : TTY=unknown ; PWD=/var/www ; USER=root ; COMMAND=/var/www/bin/header.sh services
Jan 22 03:55:33 mx1 sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 03:55:33 mx1 sudo: pam_unix(sudo:session): session closed for user root
     

  • Hannah Becket

    Hannah Becket - 2016-01-22

    That's a weird one I'm afraid, never happened to me

     

Log in to post a comment.