Jump to content

Log Watch

- - - - -
Started by Guest_Jordan_* , Dec 09 2006 09:23 AM

This topic has been archived. This means that you cannot reply to this topic.
11 replies to this topic

#1
Guest_Jordan_*
Posted 09 December 2006 - 09:23 AM

Guest_Jordan_*
  • Guests
Interestingly, I received a report from the server company that a brute force attempt was originating from this server. The user attempted to login to another server 802 times but failed. I couldn't find any information on who was attempting the attack so I handed it off to the guys that own the data center.

While looking through my logs (btw, I had logwatch set to email root and I had system mail going to null :eek:) I found that there were hundreds of attempts by different IP addresses to login as root on this server.

Any of you that own a server, take some time and look through. I'm going to be reporting these attempts and I'll keep you guys updated on the process for any who would like to report similar attempts.

#2
xXHalfSliceXx
Posted 10 December 2006 - 06:06 PM

xXHalfSliceXx

    Speaks fluent binary

  • Moderators
  • 1,694 posts
I will, once I know where to look!

Posted Image
Posted Image

#3
Guest_Jordan_*
Posted 10 December 2006 - 06:07 PM

Guest_Jordan_*
  • Guests
/var/log/messages

Could be /var/log/messages.x where x is 1-anything (usually 4).

#4
TkTech
Posted 10 December 2006 - 07:20 PM

TkTech

    The Crazy One

  • Moderators
  • 1,396 posts
Dammit! Whos keeps trying this? More importantly, WHY???

#5
Guest_Jordan_*
Posted 11 December 2006 - 05:45 AM

Guest_Jordan_*
  • Guests
No idea but I have to come up with an answer today. They want to know who and why.....

#6
TcM
Posted 11 December 2006 - 09:57 AM

TcM

    Writes binary right handed and hex left handed

  • Members
  • PipPipPipPipPipPipPipPipPip
  • 11,147 posts
So someone hacked this server and tried to hack other servers? ( using this as a 'firewall' or 'tunnel'? )
Wew that sux!

#7
Guest_Jordan_*
Posted 12 December 2006 - 02:29 PM

Guest_Jordan_*
  • Guests
No need to cuss Tcm. And no, someone that already had access to the server was trying to hack another server. We've determined which account it came from but I spoke with the guy (and he is a member of this forum) and he said it wasn't him. I have his two IPs that he uses so I need to figure out who it was that actually logged in.

#8
TcM
Posted 12 December 2006 - 02:35 PM

TcM

    Writes binary right handed and hex left handed

  • Members
  • PipPipPipPipPipPipPipPipPip
  • 11,147 posts
Access.. you mean just an account? in here? and he had the access to hack here? :S
Duh sorry sometimes I get too excited lol and 'vulgarity' is its effect!

#9
dirkfirst
Posted 14 December 2006 - 06:13 AM

dirkfirst

    Programming Expert

  • Members
  • PipPipPipPipPipPip
  • 354 posts
Did the user get in any trouble?

#10
Guest_Jordan_*
Posted 21 December 2006 - 04:09 PM

Guest_Jordan_*
  • Guests
No. This matter wasn't pursued at all.

#11
DevilsCharm
Posted 21 December 2006 - 06:49 PM

DevilsCharm

    Programming God

  • Members
  • PipPipPipPipPipPipPip
  • 884 posts
That would've sucked if the hacker actually got in. Then we would have some problems.

#12
Guest_littlefranciscan_*
Posted 30 December 2006 - 01:08 PM

Guest_littlefranciscan_*
  • Guests
That is terrible that someone is hacking into your server..Maybe you need a better firewall?? I wouldn't even know how to tell if someone was hacking into my computer other then the fact at times I can't get into certain places that I usually have a password
Back to Technology Ramble




  1. CODECALL Programming Forum
  2. General Discussion
  3. Technology Ramble
IPB skins by Skinbox