Re: "Session closed for user news" .. hacked?
From: Sundial Services (info_ns5@sundialservices.com)Date: 10/14/02
- Next message: : "Adobe GoLive speaks only FTP .. suggestions?"
- Previous message: : ""Session closed for user news" .. hacked?"
- In reply to: : ""Session closed for user news" .. hacked?"
- Next in thread: : "Re: "Session closed for user news" .. hacked?"
- Reply: : "Re: "Session closed for user news" .. hacked?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Sundial Services <info_ns5@sundialservices.com> Date: Mon, 14 Oct 2002 09:57:19 -0700
Sundial Services wrote:
> Reviewing my system logs I see...
>
>>Sep 26 04:10:50 166-170 su(pam_unix)[16327]: session opened for user news
>> by (uid=0)
>>Sep 26 04:10:51 166-170 su(pam_unix)[16327]: session closed for user news
>
> Am I correct to assume that a breakin has occurred?
Hmm... there is an "/etc/rc.news" file which _appears_ to be legitimate and
which says "su news" is used in it.
My fears of a breakin being somewhat reduced... what is this?
Do I need to change all the daemon passwords anyway? What are they to begin
with? Are there a bunch of "public passwords" out there that anyone could
know?
- Next message: : "Adobe GoLive speaks only FTP .. suggestions?"
- Previous message: : ""Session closed for user news" .. hacked?"
- In reply to: : ""Session closed for user news" .. hacked?"
- Next in thread: : "Re: "Session closed for user news" .. hacked?"
- Reply: : "Re: "Session closed for user news" .. hacked?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
