[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Hacked?
- Subject: Re: [cobalt-security] Hacked?
- From: "David Smulsky" <dave@xxxxxxxxxxxxxxxx>
- Date: Wed, 25 Sep 2002 21:48:01 -0400
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Next, if you really think hes an intruder, go for the source, find an admin,
or a ISP admin that hosts mump.bestiary.com
I personally always investigate all hackers/attempts on a personal level,
its the only way you'll get the message across to stay away.
Dave
----- Original Message -----
From: "Alan Ng" <alan@xxxxxxxxxxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Wednesday, September 25, 2002 9:43 PM
Subject: [cobalt-security] Hacked?
> Hi All,
>
> This is my first post so sorry for the newbie listing... I have a Raq4r
> with updated patches
>
> My question is, how can I keep this from happening in the future...
>
> Sep 25 13:17:43 ns1 PAM_pwdb[12063]: authentication failure; (uid=0) ->
> elite for ssh service
> Sep 25 13:17:44 ns1 sshd[12063]: log: Rsa authentication refused for
> elite: no /home/elite/.ssh directory
> Sep 25 13:17:46 ns1 PAM_pwdb[12063]: (ssh) session opened for user elite
> by (uid=0)
> Sep 25 13:17:46 ns1 sshd[12063]: log: Password authentication for elite
> accepted.
> Sep 25 13:17:46 ns1 sshd[12063]: log: ROOT LOGIN as 'elite' from
> mump.bestiary.com
> Sep 25 15:02:21 ns1 sshd[12063]: log: Closing connection to 204.225.173.21
> Sep 25 15:02:21 ns1 PAM_pwdb[12063]: (ssh) session closed for user elite
>
> I've deleted the user to start off...
>
> Any help appreciated and thanks in advance.
>
> Alan
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>