Mohon bantuannya, beberapa waktu yang lalu website saya loadingnya sangat lambat. Ketika saya cek di log manager bagian Secure muncul log seperti berikut:
Jun 8 03:38:46 vps sshd[3998]: refused connect from 95.253.198.178 (95.253.198.178)
Jun 8 03:39:38 vps Rootkit Hunter: Rootkit hunter check started (version 1.4.0)
Jun 8 03:46:21 vps sshd[7763]: refused connect from 95.253.198.178 (95.253.198.178)
Jun 8 03:46:35 vps Rootkit Hunter: Scanning took 6 minutes and 55 seconds
Jun 8 03:46:35 vps Rootkit Hunter: Please inspect this machine, because it may be infected.
Jun 8 03:53:55 vps sshd[10427]: refused connect from 95.253.198.178 (95.253.198.178)
Jun 8 04:01:42 vps sshd[10469]: refused connect from 95.253.198.178 (95.253.198.178)
Jun 8 04:16:50 vps sshd[10590]: refused connect from 95.253.198.178 (95.253.198.178)
Jun 8 04:24:24 vps sshd[10647]: refused connect from 95.253.198.178 (95.253.198.178)
Jun 8 04:32:06 vps sshd[10665]: refused connect from 95.253.198.178 (95.253.198.178)
Jun 8 04:39:46 vps sshd[10692]: refused connect from 95.253.198.178 (95.253.198.178)
Jun 8 04:47:16 vps sshd[10714]: refused connect from 95.253.198.178 (95.253.198.178)
Jun 8 04:53:54 vps sshd[10730]: refused connect from 116.10.191.169 (116.10.191.169)
Jun 8 04:54:31 vps sshd[10733]: refused connect from 95.253.198.178 (95.253.198.178)
Jun 8 05:02:16 vps sshd[10768]: refused connect from 95.253.198.178 (95.253.198.178)
Jun 8 05:09:54 vps sshd[10790]: refused connect from 95.253.198.178 (95.253.198.178)
Jun 8 05:17:19 vps sshd[10820]: refused connect from 95.253.198.178 (95.253.198.178)
Jun 8 05:25:29 vps sshd[10859]: refused connect from 116.10.191.166 (116.10.191.166)
Jun 8 05:32:03 vps sshd[10891]: refused connect from 95.253.198.178 (95.253.198.178)
Jun 8 05:39:45 vps sshd[10927]: refused connect from 95.253.198.178 (95.253.198.178)
Jun 8 05:46:15 vps sshd[1617]: Received disconnect from 125.164.2.161: 11: User exit
Jun 8 05:46:15 vps sshd[1617]: pam_unix(sshd:session): session closed for user root
Jun 8 05:46:16 vps sshd[979]: Received signal 15; terminating.
Jun 8 05:46:16 vps sshd[10969]: Server listening on 0.0.0.0 port 22000.
Jun 8 05:46:16 vps sshd[10969]: Server listening on :: port 22000.
Jun 8 05:46:32 vps sshd[10972]: reverse mapping checking getaddrinfo for 161.subnet125-164-2.speedy.telkom.net.id [125.164.2.161] failed - POSSIBLE BREAK-IN ATTEMPT!
Jun 8 05:46:32 vps sshd[10972]: Accepted password for root from 125.164.2.161 port 54370 ssh2
Jun 8 05:46:32 vps sshd[10972]: pam_unix(sshd:session): session opened for user root by (uid=0)
Jun 8 05:46:32 vps sshd[10972]: subsystem request for sftp
Jun 8 05:46:32 vps sshd[10972]: subsystem request for sftp
Jun 8 05:46:32 vps sshd[10976]: lastlog_openseek: Couldn't stat /var/log/lastlog: No such file or directory
Jun 8 05:46:32 vps sshd[10976]: lastlog_openseek: Couldn't stat /var/log/lastlog: No such file or directory
Jun 8 06:46:44 vps sshd[10972]: Received disconnect from 125.164.2.161: 11: User exit
Jun 8 06:46:44 vps sshd[10972]: pam_unix(sshd:session): session closed for user root
Jun 8 07:18:03 vps sshd[11571]: reverse mapping checking getaddrinfo for 161.subnet125-164-2.speedy.telkom.net.id [125.164.2.161] failed - POSSIBLE BREAK-IN ATTEMPT!
Jun 8 07:18:06 vps sshd[11571]: Accepted password for root from 125.164.2.161 port 60346 ssh2
Jun 8 07:18:08 vps sshd[11571]: pam_unix(sshd:session): session opened for user root by (uid=0)
Jun 8 07:18:08 vps sshd[11571]: subsystem request for sftp
Jun 8 07:18:08 vps sshd[11574]: lastlog_openseek: Couldn't stat /var/log/lastlog: No such file or directory
Jun 8 07:18:08 vps sshd[11574]: lastlog_openseek: Couldn't stat /var/log/lastlog: No such file or directory
Jun 8 07:21:38 vps sshd[11571]: Received disconnect from 125.164.2.161: 11: User exit
Jun 8 07:21:38 vps sshd[11571]: pam_unix(sshd:session): session closed for user root
Jun 8 07:22:28 vps sshd[11663]: reverse mapping checking getaddrinfo for 161.subnet125-164-2.speedy.telkom.net.id [125.164.2.161] failed - POSSIBLE BREAK-IN ATTEMPT!
Jun 8 07:22:28 vps sshd[11663]: Accepted password for root from 125.164.2.161 port 60595 ssh2
Jun 8 07:22:28 vps sshd[11663]: pam_unix(sshd:session): session opened for user root by (uid=0)
Jun 8 07:22:29 vps sshd[11663]: subsystem request for sftp
Jun 8 07:22:29 vps sshd[11666]: lastlog_openseek: Couldn't stat /var/log/lastlog: No such file or directory
Jun 8 07:22:29 vps sshd[11666]: lastlog_openseek: Couldn't stat /var/log/lastlog: No such file or directory
Jun 8 07:23:00 vps sshd[11663]: Received disconnect from 125.164.2.161: 11: User exit
Jun 8 07:23:00 vps sshd[11663]: pam_unix(sshd:session): session closed for user root
Jun 9 03:43:47 vps Rootkit Hunter: Rootkit hunter check started (version 1.4.0)
Jun 9 03:47:45 vps Rootkit Hunter: Scanning took 3 minutes and 57 seconds
Jun 9 03:47:45 vps Rootkit Hunter: Please inspect this machine, because it may be infected.