Re: Breakin attempts

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 21 Apr 2010 00:33:11 -0400
Steve Blackwell <zephod@xxxxxxxxxx> wrote:

> I was looking at my logwatch mail and saw:
> 
>  Failed logins from:
>     62.39.117.140 (140.117.39-62.rev.gaoland.net): 139 times
>     220.128.67.41: 9 times
>  
>  Illegal users from:
>     62.39.117.140 (140.117.39-62.rev.gaoland.net): 229 times
>     220.128.67.41: 2 times
>  
>  
>  Received disconnect:
>     11: Bye Bye : 379 Time(s)
> 
> so it appears that someone was trying to break in to my machine.
> 
> I googled rev.gaoland.net (http://whois.domaintools.com/gaoland.net)
> and it appears to be some kind of French ISP.
> Is there some place to report this?
> 
> Steve

rkhunter is reporting this:

---------------------- Start Rootkit Hunter Scan ----------------------
Warning: Suspicious file types found in /dev:

/dev/shm/mono-shared-500-shared_fileshare-steve.blackwell-Linux-i686-36-12-0:data 
/dev/shm/mono-shared-500-shared_data-steve.blackwell-Linux-i686-312-12-0:data 
/dev/shm/mono.2812: data

process 2812 is tomboy so that should be OK. What are the other 2?
Normal? OK to whitelist them?

Thanks,
Steve
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux