Re: some kind of attack. i need some help here!

From: Matt (news@mattNOSPAMjackets.8m.com)
Date: 01/11/02


From: Matt <news@mattNOSPAMjackets.8m.com>
Date: Fri, 11 Jan 2002 12:08:00 -0600

ok, here's that info for both accounts...
user=sbin, uid=1003
user=scrap, uid=1001
both use bash as the shell

as for the 'last' command, it says the wtmp log started on the same date and
time as the last time 'sbin' logged in.......this is getting real fun

what can you tell from the uid anyway?
thanks,
-m

Kasper Dupont wrote:

> Matt wrote:
> >
> > --to any debian guru's out there....a user account is on my system that
> > i don't think is meant to be there. the username is 'scrap' and so is
> > the password!!!!!!! i'v disabled this account, but is it one of those
> > accounts used by the system, or can i get rid of it?
>
> I don't know debian systems, but I have never seen that username
> on any other systems. Sounds spurious to me. What is the UID and
> default shell of that account?
>
> > how can i find out when the account was last accessed?
>
> You could use the last command, unless that command or the logs
> has been compromised. If your box has been compromised you
> really cannot know that for sure.
>
> --
> Kasper Dupont
> For sending spam use mailto:u972183+6138@daimi.au.dk



Relevant Pages

  • Re: [opensuse] Post installation queries (FIRST successful installation of Linux)
    ... The easiest way to manage users on opensuse is with yast. ... You can also do the same with the command line commands of: useradd userdel and usermod. ... -c comment Set the GECOS field for the new account ... One more note -- and I hate this about the recent openSuSE installs -- you must tell the installer to set a traditional root account and password during setup or it just creates a 'Super User' out of the user account used during install. ...
    (SuSE)
  • Re: Home Wireless Networking and File Sharing
    ... Browstat and run it but it just shows the command prompt for a sec and then ... Then I put in net config workstation and got ... You do not need to be logged into the same account ... and Vista:" I have done that on all of the laptops and main PC and called ...
    (microsoft.public.windowsxp.network_web)
  • Re: Debug the skipping of .bashrc when bang out from vim PC version
    ... gvim from my Administrator account. ... shell return 127 bash: cat: command not found ... Does Windows set $HOME? ...
    (comp.unix.shell)
  • Re: Local System Account
    ... I checked on Windows Server 2003 and Vista Beta 2. ... run following command from command line: ... one can specify it to run as localsystem account. ... administrator is not same as Local System. ...
    (microsoft.public.win2000.security)
  • Re: su -c user command not working
    ... the -c flag passes a command to the shell of the user you are su'ing to, ... to su) supposed to interpret the command 'catman' and execute it, ... message "This account is currently unavailable" ...
    (FreeBSD-Security)