-   Linux - Security (
-   -   compromised by SSH login (

phennon 09-19-2004 07:53 PM

SSH login attempts must have succeeded
OK. I'm a TOTAL newbie.

My machine has been compromised in this way. I use ssh to connect ot school and work from home, mostly to move data around.
Right now there's a server listening on port 22 (well actually I've unplugged the box from the wall so no one is actually listening...)

Where do I start????

Thanks in advance.


Capt_Caveman 09-19-2004 07:58 PM

What makes you think you've been compromised? Please provide as much detail as possible.

Note: I'm making this into it's own thread, since the original is more of an info thread rather than forensics.

servnov 09-19-2004 09:03 PM

your box, like most by unix/linux is running ssh on port 22. This is so you can connect to port 22 on your machine...this is a service for you--thus its a server. You can drop/reject connections to your machine in a firewall/router, turn it off, or delete it. You will still have the ssh client which allows you to connect to other ssh servers. I doubt you have been 'hacked'.

All times are GMT -5. The time now is 01:23 PM.