> Di mesin saya sering muncul kaya gini knapa yahh...ada effect nya gak > ke mesin nantinya kira2 >>>>>> > -------------------------------------------------------- ++ efeknya besar sekali nieh kayaknya ( kalo crackernya berhasil masuk )
> Apr 28 22:59:42 Rupiah sshd[3277]: Could not reverse map address > 211.139.107.139 > Apr 28 22:59:44 Rupiah sshd[3279]: Could not reverse map address > 211.139.107.139 port 57830 ssh2 > Apr 28 23:27:00 Rupiah sshd[4500]: Could not reverse map address > 202.153.41.139 > Apr 28 23:27:03 Rupiah sshd[4502]: Could not reverse map address > 202.153.41.139 > Apr 29 00:01:00 Rupiah CROND[4505]: (root) CMD (nice -n 19 run-parts > /etc/cron.hourly) > Apr 29 00:48:41 Rupiah sshd[4515]: Did not receive identification > string from 211.236.182.66 > Apr 29 01:01:00 Rupiah CROND[4517]: (root) CMD (nice -n 19 run-parts > /etc/cron.hourly) > Apr 29 01:02:57 Rupiah sshd(pam_unix)[4603]: authentication failure; > logname= ui > d=0 euid=0 tty=NODEVssh ruser= rhost=211-236-182-66.e-serverbank.com > user=lp > Apr 29 01:02:59 Rupiah sshd[4603]: Failed password for lp from > 211.236.182.66 port 35675 ssh2 ++ ada yg coba remote akses via ssh pakai user lp ?? > Apr 29 01:03:08 Rupiah sshd(pam_unix)[4609]: authentication failure; > logname= ui > d=0 euid=0 tty=NODEVssh ruser= rhost=211-236-182-66.e-serverbank.com > user=mail > Apr 29 01:03:10 Rupiah sshd[4609]: Failed password for mail from > 211.236.182.66port 35815 ssh2 ++ ada yg coba remote akses via ssh dgn user mail ?? > Apr 29 01:03:19 Rupiah sshd(pam_unix)[4615]: authentication failure; > logname= ui > d=0 euid=0 tty=NODEVssh ruser= rhost=211-236-182-66.e-serverbank.com > user=operator > Apr 29 01:03:21 Rupiah sshd[4615]: Failed password for operator from > 211.236.182.66 port 35960 ssh2 ++ ada yg coba remote akses via ssh dgn user operator?? > Apr 29 01:42:15 Rupiah sshd[4637]: Could not reverse map address > 60.8.7.19. > --------------------------------------------------- ++ sepertinya ada yg coba-coba crack utk masuk ke server anda apakai user account default bawaan distro, saya coba cek minjem tools di : http://www.apjii.or.id/tools/index.php hasilnya : 211.236.182.66 : dari korea 202.153.41.139 : dari india 211.139.107.139 : dari china 60.8.7.19 : dari china juga CMIIW. user account default bawaan yg enggak kepakai baiknya di remove aja, trus service2 yg gak kepakai di non-aktifkan bahkan kalo perlu di uninstall aja sekalian, dan service yg aktif jangan lupa dipatch atau di update pakai release yg terbaru/yg teraman utk menghindari lubang security. pasang firewall, portsentry dsb utk lebih menambah meningkatkan keamanan. salam, -rianu- -- Unsubscribe: kirim email kosong ke [EMAIL PROTECTED] Arsip, FAQ, dan info milis di http://linux.or.id/milis Tidak bisa posting? Baca: http://linux.or.id/problemmilis http://linux.or.id/tatatertibmilis
