SSH login attempts must have succeeded
OK. I'm a TOTAL newbie.
My machine has been compromised in this way. I use ssh to connect ot school and work from home, mostly to move data around.
Right now there's a server listening on port 22 (well actually I've unplugged the box from the wall so no one is actually listening...)
Where do I start????
Thanks in advance.
What makes you think you've been compromised? Please provide as much detail as possible.
Note: I'm making this into it's own thread, since the original is more of an info thread rather than forensics.
your box, like most by unix/linux is running ssh on port 22. This is so you can connect to port 22 on your machine...this is a service for you--thus its a server. You can drop/reject connections to your machine in a firewall/router, turn it off, or delete it. You will still have the ssh client which allows you to connect to other ssh servers. I doubt you have been 'hacked'.
|All times are GMT -5. The time now is 11:19 AM.|