There are all sorts of reasons why something might be going wrong that are not
hack related, so I always start with my log files.
Look at /var/log/messages, concentrating on the time between your last successful
ftp session and your first unsuccessful one. That might also give you clues
about why your ftp sessions are being denied. Based on that, look further.
Portscan the box. nmap (available at http://www.insecure.org/nmap) is a really,
really good tool for this.
In the longer term, get rid of telnet and (if at all possible) ftp; from the
context of your posting I gather that these machines are on the open internet,
and passing unencrypted user authentication information across the open Net is
asking for incidents like this. There are secure alternatives.
-m
Scott Skrogstad wrote:
>
> I might have been hacked but I am not sure. I have two servers that I
> have been able to ftp into now all of a sudden I connect give it my user
> name and password and it says invalid password and drops me. I can turn
> around and telnet in just fine. I thought it was a problem only on one
> server and now I find it has just happen to a server that I have always
> been able to ftp into.
>
> What the heck to I check?
>
> Scott Skrogstad
> Computer Integration Inc,
> [EMAIL PROTECTED]
> 800-522-3475 Phone
>
> _______________________________________________
> Redhat-list mailing list
> [EMAIL PROTECTED]
> https://listman.redhat.com/mailman/listinfo/redhat-list
--
Michael Jinks, IB // Technical Entity // Saecos Corporation
"No one speaks English and everything's broken." -- T. Waits
"Tom Waits would have made a decent sysadmin." -- M. Jinks
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
