Date: Tue, 08 Feb 2005 17:17:21 +0100 From: Phil Schulz <ph.schulz@gmx.de> To: crzdgns1@starpower.net Cc: freebsd-questions@freebsd.org Subject: Re: Newbie Security Concerns Message-ID: <4208E611.80505@gmx.de> In-Reply-To: <c5ead59.cb785457.81e0700@ms07.mrf.mail.rcn.net> References: <c5ead59.cb785457.81e0700@ms07.mrf.mail.rcn.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 02/08/05 17:01, crzdgns1@starpower.net wrote: > [...] Last night I was checking my > logs and discovered that sshd reported many illegal users. Does > that mean my system i compromised? As configured, there are only > three accounts on my system, root, toor, and one user account for > me. if the message looks like the one below, there's no need to worry: Feb 8 17:12:04 mars sshd[19022]: Illegal user foo from ::1 that just means somebody tried to get into your system using username "foo". Since the user "foo" doesn't exist the login failed and no harm was done. > [...] I suppose you need more information from me, but am not sure > what to provide. Any help would be greatly appreciated. > you might want to post the actual message you see in your auth.log. but before you post, feed it to your favourite web search engine and dig through the results for any hints -- maybe you can solve your problem alone and learn something new along the way. regards, phil.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4208E611.80505>