Hi , My server is hacked on 25th when i cam to office i was not able to telnet the server, can you guess how it might hacked, i could find ssh was the port attaceked but how???
Pl. reply.... Regards Rocky Following is extracted from .. /varlog/messages..... Jul 25 05:12:32 seagate sshd[613]: Generating new 768 bit RSA key. Jul 25 05:12:32 seagate sshd[613]: RSA key generation complete. Jul 25 05:14:57 seagate sshd[2308]: Disconnecting: crc32 compensation attack: network attack detected Jul 25 05:15:12 seagate sshd[2309]: Disconnecting: crc32 compensation attack: network attack detected Jul 25 05:15:27 seagate sshd[2329]: Disconnecting: crc32 compensation attack: network attack detected Jul 25 05:15:43 seagate sshd[2330]: Disconnecting: crc32 compensation attack: network attack detected Jul 25 05:15:58 seagate sshd[2331]: Disconnecting: crc32 compensation attack: network attack detected Jul 25 05:16:14 seagate sshd[2332]: Disconnecting: crc32 compensation attack: network attack detected Jul 25 05:16:44 seagate sshd[2334]: Disconnecting: crc32 compensation attack: network attack detected Jul 25 05:16:59 seagate sshd[2335]: Disconnecting: crc32 compensation attack: network attack detected Jul 25 05:17:15 seagate sshd[2336]: Disconnecting: crc32 compensation attack: network attack detected Jul 25 05:17:30 seagate sshd[2337]: Disconnecting: crc32 compensation attack: network attack detected Jul 25 05:17:46 seagate sshd[2338]: Disconnecting: crc32 compensation attack: network attack detected Jul 25 05:18:01 seagate sshd[2344]: Disconnecting: crc32 compensation attack: network attack detected Jul 25 05:18:16 seagate sshd[2347]: Disconnecting: crc32 compensation attack: network attack detected Jul 25 05:18:32 seagate sshd[2348]: Disconnecting: crc32 compensation attack: network attack detected Jul 25 05:21:52 seagate sshd[2438]: Disconnecting: Corrupted check bytes on input. Jul 25 05:23:35 seagate sshd[2470]: Disconnecting: Corrupted check bytes on input. Jul 25 05:25:47 seagate adduser[2500]: new group: name=csaba, gid=502 Jul 25 05:25:47 seagate adduser[2500]: new user: name=csaba, uid=502, gid=502, home=/home/csaba, shell=/bin/bash Jul 25 05:26:06 seagate adduser[2504]: new user: name=csaba1, uid=0, gid=0, home=/home/csaba1, shell=/bin/bash Jul 25 05:26:41 seagate sshd[2508]: Accepted password for csaba from 217.10.210.213 port 62964 Jul 25 05:26:41 seagate sshd[2508]: Could not reverse map address 217.10.210.213. Jul 25 05:26:44 seagate PAM_unix[2508]: (system-auth) session opened for user csaba by (uid=0) Jul 25 05:28:34 seagate PAM_unix[2534]: (system-auth) session opened for user csaba1 by csaba(uid=502) Jul 25 05:30:00 seagate CROND[2556]: (root) CMD ( /sbin/rmmod -as) Jul 25 05:30:00 seagate CROND[2557]: (root) CMD (/usr/local/mrtg/getinfo) Jul 25 05:33:04 seagate syslogd 1.3-3: restart. Jul 25 05:33:04 seagate xinetd[2775]: finger disabled, removing Jul 25 05:33:04 seagate xinetd[2775]: ftp disabled, removing Jul 25 05:33:04 seagate xinetd[2775]: tftp disabled, removing Jul 25 05:33:04 seagate xinetd[2775]: linuxconf disabled, removing Jul 25 05:33:04 seagate xinetd[2775]: talk disabled, removing Jul 25 05:33:04 seagate xinetd[2775]: shell disabled, removing Jul 25 05:33:04 seagate xinetd[2775]: login disabled, removing Jul 25 05:33:04 seagate xinetd[2775]: exec disabled, removing Jul 25 05:33:04 seagate xinetd[2775]: ntalk disabled, removing Jul 25 05:33:04 seagate xinetd[2775]: xinetd Version 2.1.8.9pre9 started with Jul 25 05:33:04 seagate xinetd[2775]: libwrap Jul 25 05:33:04 seagate xinetd[2775]: options compiled in. Jul 25 05:33:04 seagate xinetd[2775]: Started working: 2 available services Jul 25 05:34:00 seagate PAM_unix[2534]: (system-auth) session closed for user csaba1 Jul 25 05:34:04 seagate PAM_unix[2508]: (system-auth) session closed for user csaba Jul 25 05:36:05 seagate syslogd 1.3-3: restart. Jul 25 05:36:05 seagate xinetd[2999]: finger disabled, removing Jul 25 05:36:05 seagate xinetd[2999]: ftp disabled, removing Jul 25 05:36:05 seagate xinetd[2999]: tftp disabled, removing Jul 25 05:36:05 seagate xinetd[2999]: linuxconf disabled, removing Jul 25 05:36:05 seagate xinetd[2999]: talk disabled, removing Jul 25 05:36:05 seagate xinetd[2999]: shell disabled, removing Jul 25 05:36:05 seagate xinetd[2999]: login disabled, removing Jul 25 05:36:05 seagate xinetd[2999]: exec disabled, removing Jul 25 05:36:05 seagate xinetd[2999]: ntalk disabled, removing Jul 25 05:36:05 seagate xinetd[2999]: xinetd Version 2.1.8.9pre9 started with Jul 25 05:36:05 seagate xinetd[2999]: libwrap __________________________________________________ Do You Yahoo!? Yahoo! Health - Feel better, live better http://health.yahoo.com ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ linux-india-help mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/linux-india-help
