[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] Hacked?
- Subject: [cobalt-security] Hacked?
- From: Alan Ng <alan@xxxxxxxxxxxxxxxxx>
- Date: Wed, 25 Sep 2002 18:43:49 -0700
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi All,
This is my first post so sorry for the newbie listing... I have a Raq4r
with updated patches
My question is, how can I keep this from happening in the future...
Sep 25 13:17:43 ns1 PAM_pwdb[12063]: authentication failure; (uid=0) ->
elite for ssh service
Sep 25 13:17:44 ns1 sshd[12063]: log: Rsa authentication refused for
elite: no /home/elite/.ssh directory
Sep 25 13:17:46 ns1 PAM_pwdb[12063]: (ssh) session opened for user elite
by (uid=0)
Sep 25 13:17:46 ns1 sshd[12063]: log: Password authentication for elite
accepted.
Sep 25 13:17:46 ns1 sshd[12063]: log: ROOT LOGIN as 'elite' from
mump.bestiary.com
Sep 25 15:02:21 ns1 sshd[12063]: log: Closing connection to 204.225.173.21
Sep 25 15:02:21 ns1 PAM_pwdb[12063]: (ssh) session closed for user elite
I've deleted the user to start off...
Any help appreciated and thanks in advance.
Alan