/var/log/auth.log entries
somebody is obviously trying to hack into my machine,
which has out-of-the box Mandrake 10.0 installed. these are some of the entries from /var/log/auth.log: sshd[11714]: Failed password for nobody from ::ffff:12.155.199.50 port 57729 sshd[11716]: Illegal user patrick from ::ffff:12.155.199.50 sshd(pam_unix)[11716]: check pass; user unknown sshd(pam_unix)[11716]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=webhost2.ocsonline.com Failed password for root from ::ffff:12.155.199.50 port 58055 ssh2 sshd(pam_unix)[11723]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=webhost2.ocsonline.com user=root and a lot of similar messages for other usernames that don't exist on my machine. as far as i can tell, so far they haven't been able to get in (i checked with 'last', and also ran chkrootkit and rkhunter). what measures should i take to tighten security? |
ok. i just saw Capt_Caveman's post at the top of the forum.
looks like it's the same malware attack ... |
All times are GMT -5. The time now is 09:36 AM. |