LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page /var/log/auth.log entries
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 04-23-2005, 04:28 PM   #1
buehler
LQ Newbie
 
Registered: Apr 2001
Location: Chicago
Distribution: Mandrake 10.0
Posts: 24

Rep: Reputation: 15
/var/log/auth.log entries

somebody is obviously trying to hack into my machine,
which has out-of-the box Mandrake 10.0 installed.
these are some of the entries from /var/log/auth.log:

sshd[11714]: Failed password for nobody from ::ffff:12.155.199.50 port 57729
sshd[11716]: Illegal user patrick from ::ffff:12.155.199.50
sshd(pam_unix)[11716]: check pass; user unknown
sshd(pam_unix)[11716]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=webhost2.ocsonline.com
Failed password for root from ::ffff:12.155.199.50 port 58055 ssh2
sshd(pam_unix)[11723]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=webhost2.ocsonline.com user=root

and a lot of similar messages for other usernames that don't exist
on my machine.

as far as i can tell, so far they haven't been able to get in (i checked
with 'last', and also ran chkrootkit and rkhunter).

what measures should i take to tighten security?
 
Old 04-23-2005, 04:45 PM   #2
buehler
LQ Newbie
 
Registered: Apr 2001
Location: Chicago
Distribution: Mandrake 10.0
Posts: 24

Original Poster
Rep: Reputation: 15
ok. i just saw Capt_Caveman's post at the top of the forum.
looks like it's the same malware attack ...
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
/var/log/messages weird entries blizunt7 Linux - Security 5 11-01-2005 05:56 PM
suspicious entry in /var/log/auth.log buehler Linux - Security 5 04-27-2005 05:11 PM
weird stuff in /var/log/auth.log bschiett Linux - Security 3 03-12-2005 08:29 AM
Understanding var/log entries Boss Hoss Linux - Hardware 14 10-14-2004 02:20 PM
entries in /var/log/secure zepplin611 Linux - Newbie 1 07-20-2004 05:57 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:20 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration