security problem
hello frends..
I m using Fedora core 6 and currelty dns, apache, Samba-window server, mail server are running on this server. Yesterday i use bittorrent downloader. Now today may be somebody try to login in my pc. Here is log file --------------------- pam_unix Begin ------------------------ runuser: Unknown Entries: session closed for user beaglidx: 4 Time(s) session opened for user beaglidx by (uid=0): 4 Time(s) runuser-l: Unknown Entries: session closed for user postgres: 1 Time(s) session opened for user postgres by (uid=0): 1 Time(s) sshd: Authentication Failures: unknown (122x212x230x101.ap122.ftth.ucom.ne.jp): 93 Time(s) unknown (75.146.23.92): 93 Time(s) unknown (128.134.101.39): 66 Time(s) root (75.146.23.92): 39 Time(s) root (128.134.101.39): 15 Time(s) unknown (84.200.228.50): 11 Time(s) admin (128.134.101.39): 7 Time(s) admin (75.146.23.92): 4 Time(s) unknown (211.41.128.92): 4 Time(s) amanda (75.146.23.92): 3 Time(s) root (211.41.128.92): 3 Time(s) admin (211.41.128.92): 2 Time(s) root (202.103.25.139): 2 Time(s) adm (128.134.101.39): 1 Time(s) admin (220.225.20.66): 1 Time(s) admin (84.200.228.50): 1 Time(s) amavis (61.47.2.168): 1 Time(s) apache (128.134.101.39): 1 Time(s) apache (75.146.23.92): 1 Time(s) ftp (122x212x230x101.ap122.ftth.ucom.ne.jp): 1 Time(s) ftp (128.134.101.39): 1 Time(s) ftp (84.200.228.50): 1 Time(s) games (128.134.101.39): 1 Time(s) gopher (122x212x230x101.ap122.ftth.ucom.ne.jp): 1 Time(s) ident (128.134.101.39): 1 Time(s) mail (128.134.101.39): 1 Time(s) mysql (128.134.101.39): 1 Time(s) mysql (84.200.228.50): 1 Time(s) named (128.134.101.39): 1 Time(s) news (128.134.101.39): 1 Time(s) nobody (128.134.101.39): 1 Time(s) pcap (122x212x230x101.ap122.ftth.ucom.ne.jp): 1 Time(s) postfix (128.134.101.39): 1 Time(s) postgres (128.134.101.39): 1 Time(s) root (211.182.46.119): 1 Time(s) root (220.225.20.66): 1 Time(s) root (84.200.228.50): 1 Time(s) tomcat (128.134.101.39): 1 Time(s) unknown (122.212.230.101): 1 Time(s) webalizer (122x212x230x101.ap122.ftth.ucom.ne.jp): 1 Time(s) Invalid Users: Unknown Account: 268 Time(s) su-l: Unknown Entries: session closed for user tomcat: 1 Time(s) session opened for user tomcat by (uid=0): 1 Time(s) Now what should i do to prevent this. thank you |
Most of that looks normal to me.
If it really concerns you, read this sticky thread: http://www.linuxquestions.org/questi...tempts-340366/ Now, is postgresql accessible from the internet? Is Beaglidx? Lastly, that su-l/tomcat issue might need to be investigated, unless you're positive that it was you or someone you trust. |
All times are GMT -5. The time now is 06:07 AM. |