RE: Possibly Hacked

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> >
> >Actually, it sounds to me like one or more of your partitions are full.
> >
> >
> >
> I was able to ftp to this box without any issues, so that just might be
> true.  Not sure why the root partition would fill up since there was a
> lot of space when I left and this box only runs a web server and a dns
> server whose files don't grow that much.  Could possibly be the logs but
> not sure.  What would be the best way to free up some space.  Do I still
> need to boot into single user mode using the cdrom or is there another
> way I can fix this?  Any ideas?

Strange things about partitions filling up.  I had this happen once with two
misconfigured mail servers (a long time ago) (and yes one of them was mine)
where the two were bouncing vacation messages back and forth filling up my
/var (I may be dating myself there.  I think either sendmail or vacation
fixed those problems long ago)

Anyway ... Best way to free up space is to find files that are too big :D
Seriously, it's much easier if you can boot up into single user and do it.
No CDrom handy, I guess you can do it via ftp but that only works if you
know FOR SURE a filesystem has filled up.  It'd be better to log in single
user to browse around to see
1)if your filesystem is full
2)if any system files had been compromised (e.g /etc/passwd for non-valid
shells)

Something interesting is that your local login error might not be tied to
yor remote login.  You mentioned that your local login returned with no
errors .  Your remote logins are being reset which to me means the two
things are separate.   Were you able to log in from console before ? If not,
then probably logins are disabled

I read once some time ago on groups.google.com that a guy had that problem
becuse he ssh'd in from machine that had a dynamic ip.  He went on vacation.
He didn't close the ssh but turned off his computer.  And then when he came
back and tried to ssh again the srever got confused and started resetting
his connection.  Unfortunately I don't remember what he did to solve it.
You might search "groups.google.com" for "Connection reset by peer login" or
"Connection reset by peer ssh" and see if youcan find the article.

Good luck
ben y





-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux