Serveur qui perd le réseau.

jgign · 8 juin 2021

Bonjour,
Depuis plusieurs mois, je dispose d'un serveur sur lequel j'ai installé mailcow en docker.
Depuis maintenant 4 jours, mon serveur n'est plus accessible de l'extérieur, que ce soit via le nom de domaine, adresse IP ou SSH.
Par contre lorsque je demande un redémarrage du serveur via ONEPROVIDER, j'ai de nouveau accés mais que pour un temps donné avant qu'il ne se remette à planter...
Je voulais donc savoir quelles sont les commandes que je dois faire pour tenter d'identifier le problème?
Je précise qu'il s'agit d'un serveur sous Ubuntu.

Merci d'avance.

Merrick · 8 juin 2021

Quand tu essaie d'accéder à ton serveur, tu le fais toujours depuis la même machine ? (si ça se trouve, tu es bloqué par un système genre fail2ban, mais ta machine reste accessible à d'autres ?)

jgign · 8 juin 2021

Merrick merci pour ton retour. Mais non, pas toujours de la même machine justement. Déjà 3 machines et IP différentes..(réseaumobile ou fixe)

spider1163 · 8 juin 2021

Rien dans les logs ?

Peut-etre commencer par un
sudo cat /var/log/auth.log | grep ssh

jgign · 8 juin 2021

Je poste la commande citée supra.

Jun  7 18:51:24 sd-25084 sshd[32552]: input_userauth_request: invalid user adam [preauth]
Jun  7 18:51:24 sd-25084 sshd[32552]: pam_unix(sshd:auth): check pass; user unknown
Jun  7 18:51:24 sd-25084 sshd[32552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.153.75
Jun  7 18:51:26 sd-25084 sshd[32552]: Failed password for invalid user adam from 157.230.153.75 port 54521 ssh2
Jun  7 18:51:26 sd-25084 sshd[32552]: Received disconnect from 157.230.153.75: 11: Bye Bye [preauth]
Jun  7 18:51:34 sd-25084 sshd[376]: Invalid user produkcja from 101.251.219.115
Jun  7 18:51:34 sd-25084 sshd[376]: input_userauth_request: invalid user produkcja [preauth]
Jun  7 18:51:34 sd-25084 sshd[376]: pam_unix(sshd:auth): check pass; user unknown
Jun  7 18:51:34 sd-25084 sshd[376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.251.219.115
Jun  7 18:51:36 sd-25084 sshd[376]: Failed password for invalid user produkcja from 101.251.219.115 port 54146 ssh2
Jun  7 18:51:37 sd-25084 sshd[376]: Received disconnect from 101.251.219.115: 11: Bye Bye [preauth]
Jun  7 18:51:39 sd-25084 sshd[379]: Invalid user cyrus from 159.75.92.165
Jun  7 18:51:39 sd-25084 sshd[379]: input_userauth_request: invalid user cyrus [preauth]
Jun  7 18:51:39 sd-25084 sshd[379]: pam_unix(sshd:auth): check pass; user unknown
Jun  7 18:51:39 sd-25084 sshd[379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.75.92.165
Jun  7 18:51:40 sd-25084 sshd[379]: Failed password for invalid user cyrus from 159.75.92.165 port 43850 ssh2
Jun  7 18:51:41 sd-25084 sshd[379]: Received disconnect from 159.75.92.165: 11: Bye Bye [preauth]
Jun  7 18:51:52 sd-25084 sshd[384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.115.126  user=root
Jun  7 18:51:54 sd-25084 sshd[384]: Failed password for root from 159.89.115.126 port 37158 ssh2
Jun  7 18:51:54 sd-25084 sshd[384]: Received disconnect from 159.89.115.126: 11: Bye Bye [preauth]
Jun  7 18:52:39 sd-25084 sshd[653]: reverse mapping checking getaddrinfo for 124-197-137-186.fibertel.com.ar [186.137.197.124] failed - POSSIBLE BREAK-IN ATTEMPT!
Jun  7 18:52:39 sd-25084 sshd[653]: Invalid user conrad from 186.137.197.124
Jun  7 18:52:39 sd-25084 sshd[653]: input_userauth_request: invalid user conrad [preauth]
Jun  7 18:52:39 sd-25084 sshd[653]: pam_unix(sshd:auth): check pass; user unknown
Jun  7 18:52:39 sd-25084 sshd[653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.137.197.124
Jun  7 18:52:41 sd-25084 sshd[653]: Failed password for invalid user conrad from 186.137.197.124 port 51896 ssh2
Jun  7 18:52:41 sd-25084 sshd[653]: Received disconnect from 186.137.197.124: 11: Bye Bye [preauth]
Jun  7 18:52:47 sd-25084 sshd[655]: Invalid user mailnull from 121.32.99.232
Jun  7 18:52:47 sd-25084 sshd[655]: input_userauth_request: invalid user mailnull [preauth]
Jun  7 18:52:47 sd-25084 sshd[655]: pam_unix(sshd:auth): check pass; user unknown
Jun  7 18:52:47 sd-25084 sshd[655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.32.99.232
Jun  7 18:52:49 sd-25084 sshd[655]: Failed password for invalid user mailnull from 121.32.99.232 port 2944 ssh2
Jun  7 18:52:49 sd-25084 sshd[655]: Received disconnect from 121.32.99.232: 11: Bye Bye [preauth]
Jun  7 18:52:55 sd-25084 sshd[658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.80.111.58  user=root
Jun  7 18:52:57 sd-25084 sshd[658]: Failed password for root from 189.80.111.58 port 38520 ssh2
Jun  7 18:52:57 sd-25084 sshd[658]: Received disconnect from 189.80.111.58: 11: Bye Bye [preauth]
Jun  7 18:53:09 sd-25084 sshd[664]: Invalid user postmaster from 157.230.153.75
Jun  7 18:53:09 sd-25084 sshd[664]: input_userauth_request: invalid user postmaster [preauth]
Jun  7 18:53:09 sd-25084 sshd[664]: pam_unix(sshd:auth): check pass; user unknown
Jun  7 18:53:09 sd-25084 sshd[664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.153.75
Jun  7 18:53:10 sd-25084 sshd[664]: Failed password for invalid user postmaster from 157.230.153.75 port 41751 ssh2
Jun  7 18:53:10 sd-25084 sshd[664]: Received disconnect from 157.230.153.75: 11: Bye Bye [preauth]
Jun  7 18:53:23 sd-25084 sshd[667]: Invalid user cai from 159.75.92.165
Jun  7 18:53:23 sd-25084 sshd[667]: input_userauth_request: invalid user cai [preauth]
Jun  7 18:53:23 sd-25084 sshd[667]: pam_unix(sshd:auth): check pass; user unknown
Jun  7 18:53:23 sd-25084 sshd[667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.75.92.165
Jun  7 18:53:25 sd-25084 sshd[667]: Failed password for invalid user cai from 159.75.92.165 port 42578 ssh2
Jun  7 18:53:26 sd-25084 sshd[667]: Received disconnect from 159.75.92.165: 11: Bye Bye [preauth]
Jun  7 18:53:30 sd-25084 sshd[1052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.251.219.115  user=root
Jun  7 18:53:33 sd-25084 sshd[1052]: Failed password for root from 101.251.219.115 port 55302 ssh2
Jun  7 18:53:33 sd-25084 sshd[1052]: Received disconnect from 101.251.219.115: 11: Bye Bye [preauth]
Jun  7 18:53:58 sd-25084 sshd[1072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.115.126  user=root
Jun  7 18:54:00 sd-25084 sshd[1072]: Failed password for root from 159.89.115.126 port 46150 ssh2
Jun  7 18:54:00 sd-25084 sshd[1072]: Received disconnect from 159.89.115.126: 11: Bye Bye [preauth]
Jun  7 18:54:27 sd-25084 sshd[1077]: reverse mapping checking getaddrinfo for 124-197-137-186.fibertel.com.ar [186.137.197.124] failed - POSSIBLE BREAK-IN ATTEMPT!
Jun  7 18:54:27 sd-25084 sshd[1077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.137.197.124  user=root
Jun  7 18:54:28 sd-25084 sshd[1077]: Failed password for root from 186.137.197.124 port 48302 ssh2
Jun  7 18:54:28 sd-25084 sshd[1077]: Received disconnect from 186.137.197.124: 11: Bye Bye [preauth]
Jun  7 18:54:56 sd-25084 sshd[1490]: Invalid user user7 from 157.230.153.75
Jun  7 18:54:56 sd-25084 sshd[1490]: input_userauth_request: invalid user user7 [preauth]
Jun  7 18:54:56 sd-25084 sshd[1490]: pam_unix(sshd:auth): check pass; user unknown
Jun  7 18:54:56 sd-25084 sshd[1490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.153.75
Jun  7 18:54:58 sd-25084 sshd[1490]: Failed password for invalid user user7 from 157.230.153.75 port 57213 ssh2
Jun  7 18:54:58 sd-25084 sshd[1490]: Received disconnect from 157.230.153.75: 11: Bye Bye [preauth]
Jun  7 18:55:02 sd-25084 sshd[1486]: Connection closed by 49.232.253.88 [preauth]
Jun  7 18:55:08 sd-25084 sshd[1494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.80.111.58  user=root
Jun  7 18:55:10 sd-25084 sshd[1494]: Failed password for root from 189.80.111.58 port 40140 ssh2
Jun  7 18:55:11 sd-25084 sshd[1494]: Received disconnect from 189.80.111.58: 11: Bye Bye [preauth]
Jun  7 18:55:11 sd-25084 sshd[1496]: Invalid user job from 159.75.92.165
Jun  7 18:55:11 sd-25084 sshd[1496]: input_userauth_request: invalid user job [preauth]
Jun  7 18:55:11 sd-25084 sshd[1496]: pam_unix(sshd:auth): check pass; user unknown
Jun  7 18:55:11 sd-25084 sshd[1496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.75.92.165
Jun  7 18:55:12 sd-25084 sshd[1496]: Failed password for invalid user job from 159.75.92.165 port 41308 ssh2
Jun  7 18:55:13 sd-25084 sshd[1496]: Received disconnect from 159.75.92.165: 11: Bye Bye [preauth]
Jun  7 18:55:26 sd-25084 sshd[1503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.251.219.115  user=root
Jun  7 18:55:28 sd-25084 sshd[1503]: Failed password for root from 101.251.219.115 port 56448 ssh2
Jun  7 18:55:28 sd-25084 sshd[1503]: Received disconnect from 101.251.219.115: 11: Bye Bye [preauth]
Jun  7 18:56:11 sd-25084 sshd[1806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.115.126  user=root
Jun  7 18:56:13 sd-25084 sshd[1806]: Failed password for root from 159.89.115.126 port 55142 ssh2
Jun  7 18:56:13 sd-25084 sshd[1806]: Received disconnect from 159.89.115.126: 11: Bye Bye [preauth]
Jun  7 18:56:15 sd-25084 sshd[1814]: reverse mapping checking getaddrinfo for 124-197-137-186.fibertel.com.ar [186.137.197.124] failed - POSSIBLE BREAK-IN ATTEMPT!
Jun  7 18:56:15 sd-25084 sshd[1814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.137.197.124  user=root
Jun  7 18:56:17 sd-25084 sshd[1814]: Failed password for root from 186.137.197.124 port 44700 ssh2
Jun  7 18:56:17 sd-25084 sshd[1814]: Received disconnect from 186.137.197.124: 11: Bye Bye [preauth]
Jun  7 18:56:45 sd-25084 sshd[2118]: Invalid user angela from 157.230.153.75
Jun  7 18:56:45 sd-25084 sshd[2118]: input_userauth_request: invalid user angela [preauth]
Jun  7 18:56:45 sd-25084 sshd[2118]: pam_unix(sshd:auth): check pass; user unknown
Jun  7 18:56:45 sd-25084 sshd[2118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.153.75
Jun  7 18:56:47 sd-25084 sshd[2118]: Failed password for invalid user angela from 157.230.153.75 port 44442 ssh2
Jun  7 18:56:47 sd-25084 sshd[2118]: Received disconnect from 157.230.153.75: 11: Bye Bye [preauth]
Jun  7 18:56:55 sd-25084 sshd[2124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.75.92.165  user=root
Jun  7 18:56:57 sd-25084 sshd[2124]: Failed password for root from 159.75.92.165 port 40028 ssh2
Jun  7 18:56:57 sd-25084 sshd[2124]: Received disconnect from 159.75.92.165: 11: Bye Bye [preauth]
Jun  7 18:57:08 sd-25084 sshd[2129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.80.111.58  user=root
Jun  7 18:57:10 sd-25084 sshd[2129]: Failed password for root from 189.80.111.58 port 41762 ssh2
Jun  7 18:57:10 sd-25084 sshd[2129]: Received disconnect from 189.80.111.58: 11: Bye Bye [preauth]
Jun  7 18:57:24 sd-25084 sshd[2133]: Invalid user ec2-user from 121.32.99.232
Jun  7 18:57:24 sd-25084 sshd[2133]: input_userauth_request: invalid user ec2-user [preauth]
Jun  7 18:57:24 sd-25084 sshd[2133]: pam_unix(sshd:auth): check pass; user unknown
Jun  7 18:57:24 sd-25084 sshd[2133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.32.99.232
Jun  7 18:57:26 sd-25084 sshd[2133]: Failed password for invalid user ec2-user from 121.32.99.232 port 3589 ssh2
Jun  7 18:57:27 sd-25084 sshd[2133]: Received disconnect from 121.32.99.232: 11: Bye Bye [preauth]
Jun  7 18:57:40 sd-25084 sshd[2383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.251.219.115  user=root
Jun  7 18:57:42 sd-25084 sshd[2383]: Failed password for root from 101.251.219.115 port 57596 ssh2
Jun  7 18:57:42 sd-25084 sshd[2383]: Received disconnect from 101.251.219.115: 11: Bye Bye [preauth]
Jun  7 18:58:02 sd-25084 sshd[2422]: reverse mapping checking getaddrinfo for 124-197-137-186.fibertel.com.ar [186.137.197.124] failed - POSSIBLE BREAK-IN ATTEMPT!
Jun  7 18:58:02 sd-25084 sshd[2422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.137.197.124  user=root
Jun  7 18:58:03 sd-25084 sshd[2422]: Failed password for root from 186.137.197.124 port 41088 ssh2
Jun  7 18:58:04 sd-25084 sshd[2422]: Received disconnect from 186.137.197.124: 11: Bye Bye [preauth]
Jun  7 18:58:22 sd-25084 sshd[2426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.115.126  user=root
Jun  7 18:58:24 sd-25084 sshd[2426]: Failed password for root from 159.89.115.126 port 35912 ssh2
Jun  7 18:58:24 sd-25084 sshd[2426]: Received disconnect from 159.89.115.126: 11: Bye Bye [preauth]
Jun  7 18:58:31 sd-25084 sshd[2673]: Invalid user mai from 157.230.153.75
Jun  7 18:58:31 sd-25084 sshd[2673]: input_userauth_request: invalid user mai [preauth]
Jun  7 18:58:31 sd-25084 sshd[2673]: pam_unix(sshd:auth): check pass; user unknown
Jun  7 18:58:31 sd-25084 sshd[2673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.153.75
Jun  7 18:58:32 sd-25084 sshd[2673]: Failed password for invalid user mai from 157.230.153.75 port 59905 ssh2
Jun  7 18:58:32 sd-25084 sshd[2673]: Received disconnect from 157.230.153.75: 11: Bye Bye [preauth]
Jun  7 18:58:43 sd-25084 sshd[2675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.232.253.88  user=root
Jun  7 18:58:44 sd-25084 sshd[2675]: Failed password for root from 49.232.253.88 port 36280 ssh2
Jun  7 18:58:44 sd-25084 sshd[2678]: Invalid user informix1 from 159.75.92.165
Jun  7 18:58:44 sd-25084 sshd[2678]: input_userauth_request: invalid user informix1 [preauth]
Jun  7 18:58:44 sd-25084 sshd[2678]: pam_unix(sshd:auth): check pass; user unknown
Jun  7 18:58:44 sd-25084 sshd[2678]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.75.92.165
Jun  7 18:58:45 sd-25084 sshd[2675]: Received disconnect from 49.232.253.88: 11: Bye Bye [preauth]
Jun  7 18:58:46 sd-25084 sshd[2678]: Failed password for invalid user informix1 from 159.75.92.165 port 38772 ssh2
Jun  7 18:58:46 sd-25084 sshd[2678]: Received disconnect from 159.75.92.165: 11: Bye Bye [preauth]
Jun  7 18:59:02 sd-25084 sshd[2682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.80.111.58  user=root
Jun  7 18:59:04 sd-25084 sshd[2682]: Failed password for root from 189.80.111.58 port 43384 ssh2
Jun  7 18:59:04 sd-25084 sshd[2682]: Received disconnect from 189.80.111.58: 11: Bye Bye [preauth]
Jun  7 18:59:43 sd-25084 sshd[2997]: Invalid user dbus from 121.32.99.232
Jun  7 18:59:43 sd-25084 sshd[2997]: input_userauth_request: invalid user dbus [preauth]
Jun  7 18:59:43 sd-25084 sshd[2997]: pam_unix(sshd:auth): check pass; user unknown
Jun  7 18:59:43 sd-25084 sshd[2997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.32.99.232
Jun  7 18:59:45 sd-25084 sshd[2997]: Failed password for invalid user dbus from 121.32.99.232 port 2586 ssh2
Jun  7 18:59:46 sd-25084 sshd[2997]: Received disconnect from 121.32.99.232: 11: Bye Bye [preauth]
Jun  7 18:59:47 sd-25084 sshd[2999]: reverse mapping checking getaddrinfo for 124-197-137-186.fibertel.com.ar [186.137.197.124] failed - POSSIBLE BREAK-IN ATTEMPT!
Jun  7 18:59:47 sd-25084 sshd[2999]: Invalid user walas from 186.137.197.124
Jun  7 18:59:47 sd-25084 sshd[2999]: input_userauth_request: invalid user walas [preauth]
Jun  7 18:59:47 sd-25084 sshd[2999]: pam_unix(sshd:auth): check pass; user unknown
Jun  7 18:59:47 sd-25084 sshd[2999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.137.197.124
Jun  7 18:59:48 sd-25084 sshd[2999]: Failed password for invalid user walas from 186.137.197.124 port 37500 ssh2
Jun  7 18:59:49 sd-25084 sshd[2999]: Received disconnect from 186.137.197.124: 11: Bye Bye [preauth]
Jun  7 18:59:59 sd-25084 sshd[3002]: Invalid user web from 101.251.219.115
Jun  7 18:59:59 sd-25084 sshd[3002]: input_userauth_request: invalid user web [preauth]
Jun  7 18:59:59 sd-25084 sshd[3002]: pam_unix(sshd:auth): check pass; user unknown
Jun  7 18:59:59 sd-25084 sshd[3002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.251.219.115
Jun  7 19:00:01 sd-25084 sshd[3002]: Failed password for invalid user web from 101.251.219.115 port 58750 ssh2
Jun  7 19:00:02 sd-25084 sshd[3002]: Received disconnect from 101.251.219.115: 11: Bye Bye [preauth]
Jun  7 19:00:17 sd-25084 sshd[3006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.153.75  user=sync
Jun  7 19:00:19 sd-25084 sshd[3006]: Failed password for sync from 157.230.153.75 port 47134 ssh2
Jun  7 19:00:19 sd-25084 sshd[3006]: Received disconnect from 157.230.153.75: 11: Bye Bye [preauth]
Jun  7 19:00:34 sd-25084 sshd[3288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.115.126  user=root
Jun  7 19:00:34 sd-25084 sshd[3286]: Invalid user lisa from 159.75.92.165
Jun  7 19:00:34 sd-25084 sshd[3286]: input_userauth_request: invalid user lisa [preauth]
Jun  7 19:00:34 sd-25084 sshd[3286]: pam_unix(sshd:auth): check pass; user unknown
Jun  7 19:00:34 sd-25084 sshd[3286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.75.92.165
Jun  7 19:00:36 sd-25084 sshd[3288]: Failed password for root from 159.89.115.126 port 44914 ssh2
Jun  7 19:00:36 sd-25084 sshd[3288]: Received disconnect from 159.89.115.126: 11: Bye Bye [preauth]
Jun  7 19:00:36 sd-25084 sshd[3286]: Failed password for invalid user lisa from 159.75.92.165 port 37500 ssh2
Jun  7 19:00:36 sd-25084 sshd[3286]: Received disconnect from 159.75.92.165: 11: Bye Bye [preauth]
Jun  7 19:00:59 sd-25084 sshd[3293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.80.111.58  user=root
Jun  7 19:01:01 sd-25084 sshd[3293]: Failed password for root from 189.80.111.58 port 45004 ssh2
Jun  7 19:01:01 sd-25084 sshd[3293]: Received disconnect from 189.80.111.58: 11: Bye Bye [preauth]
Jun  7 19:01:33 sd-25084 sshd[3593]: reverse mapping checking getaddrinfo for 124-197-137-186.fibertel.com.ar [186.137.197.124] failed - POSSIBLE BREAK-IN ATTEMPT!
Jun  7 19:01:33 sd-25084 sshd[3593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.137.197.124  user=root
Jun  7 19:01:35 sd-25084 sshd[3593]: Failed password for root from 186.137.197.124 port 33902 ssh2
Jun  7 19:01:35 sd-25084 sshd[3593]: Received disconnect from 186.137.197.124: 11: Bye Bye [preauth]
Jun  7 19:02:09 sd-25084 sshd[3602]: Invalid user debbie from 121.32.99.232
Jun  7 19:02:09 sd-25084 sshd[3602]: input_userauth_request: invalid user debbie [preauth]
Jun  7 19:02:09 sd-25084 sshd[3602]: pam_unix(sshd:auth): check pass; user unknown
Jun  7 19:02:09 sd-25084 sshd[3602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.32.99.232
Jun  7 19:02:10 sd-25084 sshd[3605]: Invalid user administrator from 157.230.153.75
Jun  7 19:02:10 sd-25084 sshd[3605]: input_userauth_request: invalid user administrator [preauth]
Jun  7 19:02:10 sd-25084 sshd[3605]: pam_unix(sshd:auth): check pass; user unknown
Jun  7 19:02:10 sd-25084 sshd[3605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.153.75
Jun  7 19:02:11 sd-25084 sshd[3602]: Failed password for invalid user debbie from 121.32.99.232 port 2809 ssh2
Jun  7 19:02:12 sd-25084 sshd[3602]: Received disconnect from 121.32.99.232: 11: Bye Bye [preauth]
Jun  7 19:02:12 sd-25084 sshd[3605]: Failed password for invalid user administrator from 157.230.153.75 port 34364 ssh2
Jun  7 19:02:12 sd-25084 sshd[3605]: Received disconnect from 157.230.153.75: 11: Bye Bye [preauth]
Jun  7 19:02:31 sd-25084 sshd[3846]: Invalid user tests1 from 159.75.92.165
Jun  7 19:02:31 sd-25084 sshd[3846]: input_userauth_request: invalid user tests1 [preauth]
Jun  7 19:02:31 sd-25084 sshd[3846]: pam_unix(sshd:auth): check pass; user unknown
Jun  7 19:02:31 sd-25084 sshd[3846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.75.92.165
Jun  7 19:02:31 sd-25084 sshd[3845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.232.253.88  user=root
Jun  7 19:02:34 sd-25084 sshd[3846]: Failed password for invalid user tests1 from 159.75.92.165 port 36238 ssh2
Jun  7 19:02:34 sd-25084 sshd[3845]: Failed password for root from 49.232.253.88 port 42888 ssh2
Jun  7 19:02:34 sd-25084 sshd[3846]: Received disconnect from 159.75.92.165: 11: Bye Bye [preauth]
Jun  7 19:02:34 sd-25084 sshd[3845]: Received disconnect from 49.232.253.88: 11: Bye Bye [preauth]
Jun  7 19:02:51 sd-25084 sshd[3851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.115.126  user=root
Jun  7 19:02:53 sd-25084 sshd[3851]: Failed password for root from 159.89.115.126 port 53906 ssh2
Jun  7 19:02:53 sd-25084 sshd[3851]: Received disconnect from 159.89.115.126: 11: Bye Bye [preauth]
Jun  7 19:02:59 sd-25084 sshd[3854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.80.111.58  user=root
Jun  7 19:03:01 sd-25084 sshd[3854]: Failed password for root from 189.80.111.58 port 46626 ssh2
Jun  7 19:03:01 sd-25084 sshd[3854]: Received disconnect from 189.80.111.58: 11: Bye Bye [preauth]
Jun  7 19:03:19 sd-25084 sshd[3857]: reverse mapping checking getaddrinfo for 124-197-137-186.fibertel.com.ar [186.137.197.124] failed - POSSIBLE BREAK-IN ATTEMPT!
Jun  7 19:03:19 sd-25084 sshd[3857]: Invalid user paypal from 186.137.197.124
Jun  7 19:03:19 sd-25084 sshd[3857]: input_userauth_request: invalid user paypal [preauth]
Jun  7 19:03:19 sd-25084 sshd[3857]: pam_unix(sshd:auth): check pass; user unknown
Jun  7 19:03:19 sd-25084 sshd[3857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.137.197.124
Jun  7 19:03:20 sd-25084 sshd[3857]: Failed password for invalid user paypal from 186.137.197.124 port 58556 ssh2
Jun  7 19:03:21 sd-25084 sshd[3857]: Received disconnect from 186.137.197.124: 11: Bye Bye [preauth]

Je peux pas tous mettre c'est trop long...
Je ne comprends pas cet utilisateur "paypal"....

Whisper40 · 8 juin 2021

Salut, je pense déja qu'il faudrait que tu regarde ce qu'il se passe dans tes syslogs (/var/log/syslog) avant le crash pour voir si une application ne provoque pas cet effet.

Merrick · 9 juin 2021

Et je rajouterais : est-ce que tu as sécurisé ton serveur ? (fail2ban est un minimum)

jgign · 9 juin 2021

Normalement c'est un script qui installe automatiquement un serveur mail en l'occurence "mailcow" donc je ne sais pas si ça a été installé...

Voici un extrait syslog

Jun  8 19:44:49 sd-25084 ntpd[314]: bad peer from pool 0.debian.pool.ntp.org (194.177.34.116)
Jun  8 19:44:49 sd-25084 ntpd[314]: bad peer from pool 1.debian.pool.ntp.org (212.85.158.10)
Jun  8 19:44:49 sd-25084 ntpd[314]: bad peer from pool 1.debian.pool.ntp.org (37.187.5.167)
Jun  8 19:44:49 sd-25084 ntpd[314]: bad peer from pool 2.debian.pool.ntp.org (2001:41d0:8:3939::1)
Jun  8 19:44:49 sd-25084 ntpd[314]: bad peer from pool 2.debian.pool.ntp.org (2001:41d0:2:abb2::22)
Jun  8 19:44:49 sd-25084 ntpd[314]: bad peer from pool 2.debian.pool.ntp.org (2606:4700:f1::1)
Jun  8 19:44:49 sd-25084 ntpd[314]: bad peer from pool 2.debian.pool.ntp.org (2606:4700:f1::123)
Jun  8 19:44:49 sd-25084 ntpd[314]: bad peer from pool 2.debian.pool.ntp.org (95.81.173.155)
Jun  8 19:44:49 sd-25084 ntpd[314]: bad peer from pool 3.debian.pool.ntp.org (51.174.198.198)
Jun  8 19:44:49 sd-25084 ntpd[314]: bad peer from pool 3.debian.pool.ntp.org (45.15.168.96)
Jun  8 19:46:05 sd-25084 ntpd[313]: adjusting local clock by -374.052965s
Jun  8 19:47:25 sd-25084 ntpd[314]: peer 129.250.35.251 now invalid
Jun  8 19:47:25 sd-25084 ntpd[313]: adjusting local clock by -374.012962s
Jun  8 19:50:37 sd-25084 ntpd[313]: adjusting local clock by -373.916852s
Jun  8 19:51:39 sd-25084 ntpd[313]: adjusting local clock by -373.886084s
Jun  8 19:53:50 sd-25084 ntpd[313]: adjusting local clock by -373.820592s
Jun  8 19:57:33 sd-25084 ntpd[313]: adjusting local clock by -373.708914s
Jun  8 20:00:11 sd-25084 ntpd[313]: adjusting local clock by -373.629811s
Jun  8 20:01:18 sd-25084 ntpd[313]: adjusting local clock by -373.596455s
Jun  8 20:04:27 sd-25084 ntpd[313]: adjusting local clock by -373.501985s
Jun  8 20:05:16 sd-25084 ntpd[314]: peer 162.159.200.123 now invalid
Jun  8 20:08:41 sd-25084 ntpd[313]: adjusting local clock by -373.375001s
Jun  9 09:02:46 sd-25084 rsyslogd: [origin software="rsyslogd" swVersion="8.4.2" x-pid="320" x-info="http://www.rsyslog.com"] start
Jun  9 09:02:46 sd-25084 systemd[1]: Started Remount Root and Kernel File Systems.
Jun  9 09:02:46 sd-25084 systemd[1]: Started Various fixups to make systemd work better on Debian.
Jun  9 09:02:46 sd-25084 kernel: [    0.000000] Initializing cgroup subsys cpuset
Jun  9 09:02:46 sd-25084 kernel: [    0.000000] Initializing cgroup subsys cpu
Jun  9 09:02:46 sd-25084 systemd[1]: Starting Load/Save Random Seed...
Jun  9 09:02:46 sd-25084 kernel: [    0.000000] Initializing cgroup subsys cpuacct
Jun  9 09:02:46 sd-25084 kernel: [    0.000000] Linux version 3.16.0-6-amd64 (debian-kernel@lists.debian.org) (gcc version 4.9.2 (Debian 4.9.2-10+deb8u1) ) #1 SMP Debian 3.16.56-1+deb8u1 (2018-05-08)
Jun  9 09:02:46 sd-25084 kernel: [    0.000000] Command line: BOOT_IMAGE=/vmlinuz-3.16.0-6-amd64 root=UUID=2b112cc3-7fce-42c9-b4fb-c107dab85c6d ro quiet
Jun  9 09:02:46 sd-25084 kernel: [    0.000000] e820: BIOS-provided physical RAM map:
Jun  9 09:02:46 sd-25084 kernel: [    0.000000] BIOS-e820: [mem 0x0000000000000000-0x000000000009bfff] usable
Jun  9 09:02:46 sd-25084 kernel: [    0.000000] BIOS-e820: [mem 0x0000000000100000-0x00000000bf698fff] usable
Jun  9 09:02:46 sd-25084 systemd[1]: Started Create Static Device Nodes in /dev.
Jun  9 09:02:46 sd-25084 kernel: [    0.000000] BIOS-e820: [mem 0x00000000bf699000-0x00000000bf6aefff] reserved
Jun  9 09:02:46 sd-25084 kernel: [    0.000000] BIOS-e820: [mem 0x00000000bf6af000-0x00000000bf6cdfff] ACPI data
Jun  9 09:02:46 sd-25084 kernel: [    0.000000] BIOS-e820: [mem 0x00000000bf6ce000-0x00000000bfffffff] reserved
Jun  9 09:02:46 sd-25084 kernel: [    0.000000] BIOS-e820: [mem 0x00000000e0000000-0x00000000efffffff] reserved
Jun  9 09:02:46 sd-25084 kernel: [    0.000000] BIOS-e820: [mem 0x00000000fe000000-0x00000000ffffffff] reserved
Jun  9 09:02:46 sd-25084 kernel: [    0.000000] BIOS-e820: [mem 0x0000000100000000-0x000000013bffffff] usable
Jun  9 09:02:46 sd-25084 systemd[1]: Starting udev Kernel Device Manager...
Jun  9 09:02:46 sd-25084 kernel: [    0.000000] NX (Execute Disable) protection: active
Jun  9 09:02:46 sd-25084 kernel: [    0.000000] SMBIOS 2.6 present.
Jun  9 09:02:46 sd-25084 kernel: [    0.000000] DMI: Dell Inc. PowerEdge R210/05KX61, BIOS 1.5.2 10/18/2010
Jun  9 09:02:46 sd-25084 kernel: [    0.000000] e820: update [mem 0x00000000-0x00000fff] usable ==> reserved
Jun  9 09:02:46 sd-25084 kernel: [    0.000000] e820: remove [mem 0x000a0000-0x000fffff] usable
Jun  9 09:02:46 sd-25084 kernel: [    0.000000] AGP: No AGP bridge found
Jun  9 09:02:46 sd-25084 kernel: [    0.000000] e820: last_pfn = 0x13c000 max_arch_pfn = 0x400000000
Jun  9 09:02:46 sd-25084 kernel: [    0.000000] MTRR default type: uncachable
Jun  9 09:02:46 sd-25084 systemd[1]: Starting Local File Systems (Pre).
Jun  9 09:02:46 sd-25084 kernel: [    0.000000] MTRR fixed ranges enabled:
Jun  9 09:02:46 sd-25084 kernel: [    0.000000]   00000-9FFFF write-back
Jun  9 09:02:46 sd-25084 kernel: [    0.000000]   A0000-BFFFF uncachable
Jun  9 09:02:46 sd-25084 kernel: [    0.000000]   C0000-D3FFF write-protect
Jun  9 09:02:46 sd-25084 systemd[1]: Reached target Local File Systems (Pre).
Jun  9 09:02:46 sd-25084 kernel: [    0.000000]   D4000-EBFFF uncachable
Jun  9 09:02:46 sd-25084 kernel: [    0.000000]   EC000-FFFFF write-protect
Jun  9 09:02:46 sd-25084 kernel: [    0.000000] MTRR variable ranges enabled:
Jun  9 09:02:46 sd-25084 kernel: [    0.000000]   0 base 000000000 mask F80000000 write-back
Jun  9 09:02:46 sd-25084 kernel: [    0.000000]   1 base 080000000 mask FC0000000 write-back
Jun  9 09:02:46 sd-25084 systemd[1]: Started Load/Save Random Seed.
Jun  9 09:02:46 sd-25084 kernel: [    0.000000]   2 base 100000000 mask FE0000000 write-back
Jun  9 09:02:46 sd-25084 systemd[1]: Started udev Kernel Device Manager.
Jun  9 09:02:46 sd-25084 kernel: [    0.000000]   3 base 120000000 mask FF0000000 write-back
Jun  9 09:02:46 sd-25084 kernel: [    0.000000]   4 base 130000000 mask FF8000000 write-back
Jun  9 09:02:46 sd-25084 kernel: [    0.000000]   5 base 138000000 mask FFC000000 write-back
Jun  9 09:02:46 sd-25084 kernel: [    0.000000]   6 disabled
Jun  9 09:02:46 sd-25084 systemd[1]: Starting Copy rules generated while the root was ro...
Jun  9 09:02:46 sd-25084 kernel: [    0.000000]   7 disabled
Jun  9 09:02:46 sd-25084 kernel: [    0.000000] x86 PAT enabled: cpu 0, old 0x7040600070406, new 0x7010600070106
Jun  9 09:02:46 sd-25084 kernel: [    0.000000] e820: update [mem 0xc0000000-0xffffffff] usable ==> reserved
Jun  9 09:02:46 sd-25084 systemd[1]: Started Copy rules generated while the root was ro.
Jun  9 09:02:46 sd-25084 kernel: [    0.000000] e820: last_pfn = 0xbf699 max_arch_pfn = 0x400000000
Jun  9 09:02:46 sd-25084 kernel: [    0.000000] found SMP MP-table at [mem 0x000fe710-0x000fe71f] mapped at [ffff8800000fe710]
Jun  9 09:02:46 sd-25084 kernel: [    0.000000] Base memory trampoline at [ffff880000096000] 96000 size 24576
Jun  9 09:02:46 sd-25084 kernel: [    0.000000] init_memory_mapping: [mem 0x00000000-0x000fffff]
Jun  9 09:02:46 sd-25084 kernel: [    0.000000]  [mem 0x00000000-0x000fffff] page 4k
Jun  9 09:02:46 sd-25084 kernel: [    0.000000] BRK [0x01b10000, 0x01b10fff] PGTABLE
Jun  9 09:02:46 sd-25084 systemd[1]: Found device Virtual_Disk 1.
Jun  9 09:02:46 sd-25084 kernel: [    0.000000] BRK [0x01b11000, 0x01b11fff] PGTABLE
Jun  9 09:02:46 sd-25084 kernel: [    0.000000] BRK [0x01b12000, 0x01b12fff] PGTABLE
Jun  9 09:02:46 sd-25084 kernel: [    0.000000] init_memory_mapping: [mem 0x13be00000-0x13bffffff]
Jun  9 09:02:46 sd-25084 systemd[1]: Starting File System Check on /dev/disk/by-uuid/99a072cd-9869-4a09-b225-1a28725c591e...
Jun  9 09:02:46 sd-25084 kernel: [    0.000000]  [mem 0x13be00000-0x13bffffff] page 2M
Jun  9 09:02:46 sd-25084 kernel: [    0.000000] BRK [0x01b13000, 0x01b13fff] PGTABLE
Jun  9 09:02:46 sd-25084 kernel: [    0.000000] init_memory_mapping: [mem 0x138000000-0x13bdfffff]
Jun  9 09:02:46 sd-25084 kernel: [    0.000000]  [mem 0x138000000-0x13bdfffff] page 2M
Jun  9 09:02:46 sd-25084 kernel: [    0.000000] init_memory_mapping: [mem 0x100000000-0x137ffffff]
Jun  9 09:02:46 sd-25084 systemd[1]: Starting system-ifup.slice.
Jun  9 09:02:46 sd-25084 kernel: [    0.000000]  [mem 0x100000000-0x137ffffff] page 2M
Jun  9 09:02:46 sd-25084 kernel: [    0.000000] init_memory_mapping: [mem 0x00100000-0xbf698fff]
Jun  9 09:02:46 sd-25084 kernel: [    0.000000]  [mem 0x00100000-0x001fffff] page 4k
Jun  9 09:02:46 sd-25084 kernel: [    0.000000]  [mem 0x00200000-0xbf5fffff] page 2M
Jun  9 09:02:46 sd-25084 kernel: [    0.000000]  [mem 0xbf600000-0xbf698fff] page 4k
Jun  9 09:02:46 sd-25084 kernel: [    0.000000] RAMDISK: [mem 0x36318000-0x37183fff]
Jun  9 09:02:46 sd-25084 systemd[1]: Created slice system-ifup.slice.
Jun  9 09:02:46 sd-25084 kernel: [    0.000000] ACPI: Early table checksum verification disabled
Jun  9 09:02:46 sd-25084 kernel: [    0.000000] ACPI: RSDP 0x00000000000F1230 000024 (v02 DELL  )
Jun  9 09:02:46 sd-25084 kernel: [    0.000000] ACPI: XSDT 0x00000000000F1330 000094 (v01 DELL   PE_SC3   00000001 DELL 00000001)
Jun  9 09:02:46 sd-25084 kernel: [    0.000000] ACPI: FACP 0x00000000BF6C3BB4 0000F4 (v03 DELL   PE_SC3   00000001 DELL 00000001)
Jun  9 09:02:46 sd-25084 kernel: [    0.000000] ACPI: DSDT 0x00000000BF6AF000 0039A4 (v01 DELL   PE_SC3   00000001 INTL 20050624)
Jun  9 09:02:46 sd-25084 kernel: [    0.000000] ACPI: FACS 0x00000000BF6C6000 000040
Jun  9 09:02:46 sd-25084 kernel: [    0.000000] ACPI: FACS 0x00000000BF6C6000 000040
Jun  9 09:02:46 sd-25084 systemd-fsck[230]: /dev/sda1: recovering journal
Jun  9 09:02:46 sd-25084 kernel: [    0.000000] ACPI: APIC 0x00000000BF6C3478 000152 (v01 DELL   PE_SC3   00000001 DELL 00000001)
Jun  9 09:02:46 sd-25084 kernel: [    0.000000] ACPI: SPCR 0x00000000BF6C35CC 000050 (v01 DELL   PE_SC3   00000001 DELL 00000001)
Jun  9 09:02:46 sd-25084 kernel: [    0.000000] ACPI: HPET 0x00000000BF6C3620 000038 (v01 DELL   PE_SC3   00000001 DELL 00000001)
Jun  9 09:02:46 sd-25084 kernel: [    0.000000] ACPI: DM__ 0x00000000BF6C365C 0000A8 (v01 DELL   PE_SC3   00000001 DELL 00000001)
Jun  9 09:02:46 sd-25084 kernel: [    0.000000] ACPI: MCFG 0x00000000BF6C3850 00003C (v01 DELL   PE_SC3   00000001 DELL 00000001)
Jun  9 09:02:46 sd-25084 kernel: [    0.000000] ACPI: WD__ 0x00000000BF6C3890 000134 (v01 DELL   PE_SC3   00000001 DELL 00000001)
Jun  9 09:02:46 sd-25084 kernel: [    0.000000] ACPI: SLIC 0x00000000BF6C39C8 000024 (v01 DELL   PE_SC3   00000001 DELL 00000001)
Jun  9 09:02:46 sd-25084 systemd[1]: Found device Virtual_Disk 2.
Jun  9 09:02:46 sd-25084 kernel: [    0.000000] ACPI: ERST 0x00000000BF6B2B24 000270 (v01 DELL   PE_SC3   00000001 DELL 00000001)
Jun  9 09:02:46 sd-25084 kernel: [    0.000000] ACPI: HEST 0x00000000BF6B2D94 0003A8 (v01 DELL   PE_SC3   00000001 DELL 00000001)
Jun  9 09:02:46 sd-25084 kernel: [    0.000000] ACPI: BERT 0x00000000BF6B29A4 000030 (v01 DELL   PE_SC3   00000001 DELL 00000001)
Jun  9 09:02:46 sd-25084 kernel: [    0.000000] ACPI: EINJ 0x00000000BF6B29D4 000150 (v01 DELL   PE_SC3   00000001 DELL 00000001)
Jun  9 09:02:46 sd-25084 kernel: [    0.000000] ACPI: TCPA 0x00000000BF6C3B4C 000064 (v02 DELL   PE_SC3   00000001 DELL 00000001)
Jun  9 09:02:46 sd-25084 kernel: [    0.000000] ACPI: SSDT 0x00000000BF6C7000 0013D4 (v01 INTEL  PPM RCM  80000001 INTL 20061109)
Jun  9 09:02:46 sd-25084 kernel: [    0.000000] ACPI: Local APIC address 0xfee00000
Jun  9 09:02:46 sd-25084 systemd[1]: Activating swap /dev/disk/by-uuid/c579bd6d-69fc-4c05-9c21-61d8a79dabb4...
Jun  9 09:02:46 sd-25084 kernel: [    0.000000] No NUMA configuration found
Jun  9 09:02:46 sd-25084 kernel: [    0.000000] Faking a node at [mem 0x0000000000000000-0x000000013bffffff]
Jun  9 09:02:46 sd-25084 kernel: [    0.000000] Initmem setup node 0 [mem 0x00000000-0x13bffffff]
Jun  9 09:02:46 sd-25084 kernel: [    0.000000]   NODE_DATA [mem 0x13bff8000-0x13bffcfff]
Jun  9 09:02:46 sd-25084 kernel: [    0.000000]  [ffffea0000000000-ffffea00045fffff] PMD -> [ffff880137600000-ffff88013adfffff] on node 0
Jun  9 09:02:46 sd-25084 kernel: [    0.000000] Zone ranges:
Jun  9 09:02:46 sd-25084 systemd-fsck[230]: /dev/sda1: clean, 328/1310720 files, 134037/5242624 blocks

mopi · 9 juin 2021

Si c'est bien le bon script ( https://github.com/mailcow/mailcow-dockerized ) il y a bien un fail2ban like d'après la doc.

Pour comprendre le auth.log , il faut bien comprendre qu'un serveur avec ssh dispo via internat va être attaqué sans arrêt par des bot, quand je dis sans arrêt c'est réel. Du coup les attaquants vont tenté plein de combinaison user/password parmis celle les plus utilisée. Donc el user paypal est un test d'attaque.

Quand tu dis que le serveur crash, c'est l'accès ssh qui plante ou c'est tout le serveur qui plante ?

jgign · 9 juin 2021

mopi C'est tout le serveur qui plante, SSH et via URL.

Aerya · 9 juin 2021

Salut, je pense que tu aurais plus vite fait de réinstaller et remettre ton backup.

C'est très compliqué de déboguer un tel crash sans accès physique (pour nous j'entends) ; ça peut être tout et n'importe quoi : hack, problème hardware, disque plein ou surchargé en I/O, MàJ kernel (ou autre) foireuse, RAM dépassée... Faut regarder les logs, faire un checkup harddware, regarder aussi les process qui tournent etc. Enfin déjà un htop serait pas mal dans ce cas je pense...

Pour info et/ou pistes => https://github.com/mailcow/mailcow-dockerized/issues?q=crash

jgign · 9 juin 2021

merci pour les réponses...
Faut que je fasse un backup après avoir redemarrer (parce que là, il ne fonctionne plus encore).
J'avais pensé à mailcow par rapport à la simplicité et le fait d'avoir également nextcloud mais là... ca m'énerve un peu...

Aerya · 9 juin 2021

Ah, oui sans backup c'est plus compliqué. Faut le rebooter en mode rescue et ce sera bon. Mais d'après les issues Github tu as des chances que ça se reproduise. Je pense que ton serveur manque de ressources (je continue de penser que regarder htop serait un bon début).

Merrick · 9 juin 2021

De même, mettre une petite solution de supervision sur un vps à part peut te donner une grand nombre d'indication (historique avec graphiques de la charge cpu, réseau, espace disque, etc...). Pour ma part, j'utilise zabbix, mais il y a plein d'outils différents pour ça.

jgign · 9 juin 2021

Mon htop est clair... pas de "sur régime".

Edit : Je n'ai pas reinstaller le serveur complétement mais désinstaller mailcow et refait une installation. Je verrais ce que ça va donner...

Edit 2 : Bon ben c'est mort quand même. Je dois faire une réinstallation totale du serveur mais j'ai un probléme pour créer le mot de passe chez oneprovider.

Edit 3 : Bon, achat d'un second serveur, et installation de nextcloud sur l'un et mailcow sur l'autre et??? ça fonctionne normalement pour le moment...

Serveur qui perd le réseau.

Jjgign

Merrick

Jjgign

spider1163

Jjgign

Whisper40

Merrick

Jjgign

Mmopi

Jjgign

Aerya

Jjgign

Aerya

Merrick

Jjgign