Re: My Linux server got hacked last night -- please help!
From: Joe (sfjoe_at_BOUNCEspamcop.net)
Date: 11/30/04
- Previous message: Richard Smith: "Re: Locking down ssh commands, while using rsync."
- In reply to: sarah chang: "My Linux server got hacked last night -- please help!"
- Next in thread: Darren Tucker: "Re: My Linux server got hacked last night -- please help!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 29 Nov 2004 20:04:21 -0800
In article <24d1fc75.0411291116.57cfad5b@posting.google.com>,
sarahd00d@yahoo.co.uk says...
> The following is in my /var/log/secure from last night:
>
> Nov 29 04:55:02 andromeda sshd[32300]: Invalid user admin from
> ::ffff:210.212.85.11
> Nov 29 04:55:02 andromeda sshd[32300]: error: Could not get shadow
> information
> for NOUSER
> Nov 29 04:55:02 andromeda sshd[32300]: Failed password for invalid
> user admin
> from ::ffff:210.212.85.11 port 58496 ssh2
> Nov 29 04:55:09 andromeda sshd[32304]: Invalid user admin from
> ::ffff:210.212.85.11
> Nov 29 04:55:09 andromeda sshd[32304]: error: Could not get shadow
I don't see anything that indicates a break-in. I do see things that
might indicate a filesystem problem, though.
If you want ti reinstall, you have to format and reinstall everything.
If your system trully is compromised, you have no way of knowing what is
and isn't safe.
- Previous message: Richard Smith: "Re: Locking down ssh commands, while using rsync."
- In reply to: sarah chang: "My Linux server got hacked last night -- please help!"
- Next in thread: Darren Tucker: "Re: My Linux server got hacked last night -- please help!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
