ssh2 -Thanks to everybody

[roland]

On Wed, 24 Sep 2008 21:39:50 +0200, Björn Persson <bjorn at rombobjörn.se>  
wrote:

> roland wrote:
>> This is an old version of redhat workstation, just before fedora was
>> released.
>
> No wonder it was broken into then. Actually, if it hasn't been updated  
> since
> 2003 it's something of a wonder if you haven't had any intrusions until  
> now.
> Perhaps the intruders who have been using the box before have been more
> discreet so that you haven't noticed them.
>
>> I just wonder why this person/hacker is still trying to login with root
>> and other names. So he must have been unsuccessful the first time.
>
> What makes you think it's the same person? There are bots on compromised
> computers constantly scanning the Internet and trying to access any SSH
> servers they find. It's been going on for years. Do you have proof that  
> the
> login attempts you see are something else?
>
>>  From what you are saying I can understand that I should reinstall the
>> server, even if he is not successfully login in again?
>
> Yes you should. Once the system is compromised you can't trust anything  
> in it.
> Unless the intruder is a complete bungler there is now a backdoor  
> installed
> that lets him control the system no matter how many passwords you change.
> Your computer will be used for attacking other computers, churning out  
> spam,
> or any number of other shady activities.
>
> Install the latest version of CentOS and set it up to receive updates
> automatically. Do not transfer any kind of executable code from the old
> system to the new one.
>
I THANK EVERYBODY FOR THIS EXTENSIVE HELP.
And I hope next time this person-attacker will wait until after my Holiday

Roland