LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   security problem (https://www.linuxquestions.org/questions/linux-security-4/security-problem-622828/)

ayush1440 02-21-2008 11:48 AM
security problem
 
hello frends..

I m using Fedora core 6 and currelty dns, apache, Samba-window server, mail server are running on this server.
Yesterday i use bittorrent downloader. Now today may be somebody try to login in my pc. Here is log file

--------------------- pam_unix Begin ------------------------

runuser:
Unknown Entries:
session closed for user beaglidx: 4 Time(s)
session opened for user beaglidx by (uid=0): 4 Time(s)

runuser-l:
Unknown Entries:
session closed for user postgres: 1 Time(s)
session opened for user postgres by (uid=0): 1 Time(s)

sshd:
Authentication Failures:
unknown (122x212x230x101.ap122.ftth.ucom.ne.jp): 93 Time(s)
unknown (75.146.23.92): 93 Time(s)
unknown (128.134.101.39): 66 Time(s)
root (75.146.23.92): 39 Time(s)
root (128.134.101.39): 15 Time(s)
unknown (84.200.228.50): 11 Time(s)
admin (128.134.101.39): 7 Time(s)
admin (75.146.23.92): 4 Time(s)
unknown (211.41.128.92): 4 Time(s)
amanda (75.146.23.92): 3 Time(s)
root (211.41.128.92): 3 Time(s)
admin (211.41.128.92): 2 Time(s)
root (202.103.25.139): 2 Time(s)
adm (128.134.101.39): 1 Time(s)
admin (220.225.20.66): 1 Time(s)
admin (84.200.228.50): 1 Time(s)
amavis (61.47.2.168): 1 Time(s)
apache (128.134.101.39): 1 Time(s)
apache (75.146.23.92): 1 Time(s)
ftp (122x212x230x101.ap122.ftth.ucom.ne.jp): 1 Time(s)
ftp (128.134.101.39): 1 Time(s)
ftp (84.200.228.50): 1 Time(s)
games (128.134.101.39): 1 Time(s)
gopher (122x212x230x101.ap122.ftth.ucom.ne.jp): 1 Time(s)
ident (128.134.101.39): 1 Time(s)
mail (128.134.101.39): 1 Time(s)
mysql (128.134.101.39): 1 Time(s)
mysql (84.200.228.50): 1 Time(s)
named (128.134.101.39): 1 Time(s)
news (128.134.101.39): 1 Time(s)
nobody (128.134.101.39): 1 Time(s)
pcap (122x212x230x101.ap122.ftth.ucom.ne.jp): 1 Time(s)
postfix (128.134.101.39): 1 Time(s)
postgres (128.134.101.39): 1 Time(s)
root (211.182.46.119): 1 Time(s)
root (220.225.20.66): 1 Time(s)
root (84.200.228.50): 1 Time(s)
tomcat (128.134.101.39): 1 Time(s)
unknown (122.212.230.101): 1 Time(s)
webalizer (122x212x230x101.ap122.ftth.ucom.ne.jp): 1 Time(s)
Invalid Users:
Unknown Account: 268 Time(s)

su-l:
Unknown Entries:
session closed for user tomcat: 1 Time(s)
session opened for user tomcat by (uid=0): 1 Time(s)


Now what should i do to prevent this.

thank you

unixfool 02-21-2008 11:54 AM
Most of that looks normal to me.

If it really concerns you, read this sticky thread:

http://www.linuxquestions.org/questi...tempts-340366/

Now, is postgresql accessible from the internet? Is Beaglidx?

Lastly, that su-l/tomcat issue might need to be investigated, unless you're positive that it was you or someone you trust.


All times are GMT -5. The time now is 06:07 AM.