Hi yah again,
Another question :>
With Telnet/Shell deactivated from GUI I noticed this in my logs this
afternoon...has this been an attempt to access via ssh or has the user
actually managed to get in as it has accepted a password?? The account has
now been suspended but curious as to how he can manage when GUI telnet/shell
is deactivated (xxx.xxx.xxx.xxx denotes our IP)
Aug 29 09:27:57 ns sshd[16229]: PAM pam_set_item: NULL pam handle passed
Aug 29 09:28:16 ns sshd[16229]: PAM pam_set_item: NULL pam handle passed
Aug 29 09:28:16 ns sshd[16229]: Failed password for illegal user Cameron
Hart from 172.189.130.184 port 1732
Aug 29 09:28:16 ns sshd[16229]: Connection closed by 172.189.130.184
Aug 29 09:28:45 ns sshd[16250]: Accepted password for cameron from
172.189.130.184 port 1734
Aug 29 09:28:46 ns PAM_pwdb[16250]: (sshd) session opened for user cameron
by (uid=0)
Aug 29 09:28:46 ns PAM_pwdb[16250]: (sshd) session closed for user cameron
Last login: Wed Aug 29 09:28:46 2001 from acbd82b8.ipt.aol.com <---- from
ssh logs
Aug 29 10:00:33 ns proftpd[16290]: xxx.xxx.xxx.xxx
(ACBD82B8.ipt.aol.com[172.189.130.184]) - FTP no transfer timeout,
disconnected.
Regards
Chae