Incoming from Paul Stolp: > I checked in on some bittorrent progress today at lunch, noticed my > process monitor showing full activity. Ran top, saw user "guest" logged > on, running 4 instances of a program named "t", and short term load > average over 4. AARRRRGGGHHH! > shutdown -h now ! > pull network cable > reboot > look for damage, whew, I was O.K. -- I'm sure it helps to be up to date ...................^^^^^^^^^^^^^^^^
How did you manage to verify that? Are you running chkrootkit? tripwire? Something else? (0) keeling /home/keeling_ host smenlove.home.ro smenlove.home.ro A 81.196.20.133 (0) keeling /home/keeling_ ripe 81.196.20.133 inetnum: 81.196.20.128 - 81.196.20.159 netname: RO-RDS-HOME-RO descr: Home.RO / Go.RO country: RO admin-c: HAD6-RIPE tech-c: HAD6-RIPE status: ASSIGNED PA remarks: INFRA-AW remarks: +-----------------------------------------------------------+ remarks: | ABUSE CONTACT: [EMAIL PROTECTED] IN CASE OF HACK ATTACKS, | remarks: | ILLEGAL ACTIVITY, VIOLATION, SCANS, PROBES, SPAM, ETC. | remarks: +-----------------------------------------------------------+ ... (0) keeling /home/keeling_ ripe 131.234.157.10 inetnum: 131.234.0.0 - 131.234.255.255 netname: UNIPADERBORN descr: Universitaet Paderborn country: DE ... (0) keeling /home/keeling_ host 80.110.102.105 Name: chello080110102105.508.15.vie.surfer.at Address: 80.110.102.105 (0) keeling /home/keeling_ ripe 80.110.102.105 inetnum: 80.110.48.0 - 80.110.118.255 netname: VIE-15-CUSTOMER-LANCITY descr: chello Austria descr: Lancity Customers in Vienna, Headend 15 country: AT admin-c: HMCB1-RIPE tech-c: HMCB1-RIPE status: ASSIGNED PA remarks: Contact [EMAIL PROTECTED] concerning criminal remarks: activities like spam, hacks, portscans > Jul 22 10:24:39 greta sshd[22405]: Accepted password for guest from > 156.17.99.11 > port 37228 ssh2 > Jul 22 10:24:39 greta sshd[22407]: (pam_unix) session opened for user > guest by ( > uid=0) ...^^^^^ > Jul 22 12:09:33 greta sshd[22595]: Accepted password for guest from > 80.110.102.105 port 3938 ssh2 > Jul 22 12:09:33 greta sshd[22597]: (pam_unix) session opened for user > guest by (uid=0) > Jul 22 12:12:45 greta passwd[22663]: (pam_unix) authentication failure; > logname=guest uid=1002 euid=0 tty= ruser= .........................^^^^^^ > Just wanted to share the need for strong passwords. Not to mention backups and fresh installation media? -- Any technology distinguishable from magic is insufficiently advanced. (*) http://www.spots.ab.ca/~keeling - - -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]