Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 08 Feb 2005 17:17:21 +0100
From:      Phil Schulz <ph.schulz@gmx.de>
To:        crzdgns1@starpower.net
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Newbie Security Concerns
Message-ID:  <4208E611.80505@gmx.de>
In-Reply-To: <c5ead59.cb785457.81e0700@ms07.mrf.mail.rcn.net>
References:  <c5ead59.cb785457.81e0700@ms07.mrf.mail.rcn.net>

next in thread | previous in thread | raw e-mail | index | archive | help
On 02/08/05 17:01, crzdgns1@starpower.net wrote:
> [...] Last night I was checking my 
> logs and discovered  that sshd reported many illegal users.  Does 
> that mean my system i compromised?  As configured, there are only 
> three accounts on my system, root, toor, and one user account for 
> me.  

if the message looks like the one below, there's no need to worry:

Feb  8 17:12:04 mars sshd[19022]: Illegal user foo from ::1

that just means somebody tried to get into your system using username 
"foo". Since the user "foo" doesn't exist the login failed and no harm 
was done.

> [...] I suppose you need more information from me, but am not sure 
> what to provide.  Any help would be greatly appreciated.
> 

you might want to post the actual message you see in your auth.log. but 
before you post, feed it to your favourite web search engine and dig 
through the results for any hints -- maybe you can solve your problem 
alone and learn something new along the way.

regards,

phil.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4208E611.80505>