Next, if you really think hes an intruder, go for the source, find an admin, or a ISP admin that hosts mump.bestiary.com
I personally always investigate all hackers/attempts on a personal level, its the only way you'll get the message across to stay away. Dave ----- Original Message ----- From: "Alan Ng" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, September 25, 2002 9:43 PM Subject: [cobalt-security] Hacked? > Hi All, > > This is my first post so sorry for the newbie listing... I have a Raq4r > with updated patches > > My question is, how can I keep this from happening in the future... > > Sep 25 13:17:43 ns1 PAM_pwdb[12063]: authentication failure; (uid=0) -> > elite for ssh service > Sep 25 13:17:44 ns1 sshd[12063]: log: Rsa authentication refused for > elite: no /home/elite/.ssh directory > Sep 25 13:17:46 ns1 PAM_pwdb[12063]: (ssh) session opened for user elite > by (uid=0) > Sep 25 13:17:46 ns1 sshd[12063]: log: Password authentication for elite > accepted. > Sep 25 13:17:46 ns1 sshd[12063]: log: ROOT LOGIN as 'elite' from > mump.bestiary.com > Sep 25 15:02:21 ns1 sshd[12063]: log: Closing connection to 204.225.173.21 > Sep 25 15:02:21 ns1 PAM_pwdb[12063]: (ssh) session closed for user elite > > I've deleted the user to start off... > > Any help appreciated and thanks in advance. > > Alan > > _______________________________________________ > cobalt-security mailing list > [EMAIL PROTECTED] > http://list.cobalt.com/mailman/listinfo/cobalt-security > _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
