Re: OT: Strange message in root e-mail possiablly hacked!!! Not sure??

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



>> So I started looking around in /var/log.  I looked at my secure logs and 
>> saw nothing out of the ordinary.  I looked in samba and found a log file 
>> 58.239.84.158.log.  I opened it up and it said the following:
>>
>> [2009/08/15 06:31:34, 0] lib/access.c:check_access(327)
>>   Denied connection from  (58.239.84.158)
>> [2009/08/15 06:31:34, 1] smbd/process.c:process_smb(1062)
>>   Connection denied from 58.239.84.15
> I don't think you got hacked.  You might want to check your firewall
> settings though.  It *looks* like your firewall is letting netbios
> connections from off your LAN -- you should not be allowing this!
>   
He can do better. Why is samba bound to an Internet facing interface at 
all? Unless you have a need to allow smb/cifs connections over the 
Internet, samba should never ever be allowed to bind to an interface 
with an Internet ip.

> It does look like someone from 58.239.84.158 (SK Broadband Co Ltd in
> Seoul) tried to check out your samba shares, but was denied access.
>
>   
Yea for tcp wrappers...
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux