LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 04-23-2005, 05:28 PM   #1
buehler
LQ Newbie
 
Registered: Apr 2001
Location: Chicago
Distribution: Mandrake 10.0
Posts: 24

Rep: Reputation: 15
/var/log/auth.log entries


somebody is obviously trying to hack into my machine,
which has out-of-the box Mandrake 10.0 installed.
these are some of the entries from /var/log/auth.log:

sshd[11714]: Failed password for nobody from ::ffff:12.155.199.50 port 57729
sshd[11716]: Illegal user patrick from ::ffff:12.155.199.50
sshd(pam_unix)[11716]: check pass; user unknown
sshd(pam_unix)[11716]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=webhost2.ocsonline.com
Failed password for root from ::ffff:12.155.199.50 port 58055 ssh2
sshd(pam_unix)[11723]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=webhost2.ocsonline.com user=root

and a lot of similar messages for other usernames that don't exist
on my machine.

as far as i can tell, so far they haven't been able to get in (i checked
with 'last', and also ran chkrootkit and rkhunter).

what measures should i take to tighten security?
 
Old 04-23-2005, 05:45 PM   #2
buehler
LQ Newbie
 
Registered: Apr 2001
Location: Chicago
Distribution: Mandrake 10.0
Posts: 24

Original Poster
Rep: Reputation: 15
ok. i just saw Capt_Caveman's post at the top of the forum.
looks like it's the same malware attack ...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
/var/log/messages weird entries blizunt7 Linux - Security 5 11-01-2005 06:56 PM
suspicious entry in /var/log/auth.log buehler Linux - Security 5 04-27-2005 06:11 PM
weird stuff in /var/log/auth.log bschiett Linux - Security 3 03-12-2005 09:29 AM
Understanding var/log entries Boss Hoss Linux - Hardware 14 10-14-2004 03:20 PM
entries in /var/log/secure zepplin611 Linux - Newbie 1 07-20-2004 06:57 PM


All times are GMT -5. The time now is 05:00 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration