From owner-freebsd-questions@FreeBSD.ORG  Tue Feb  8 16:17:54 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3AC0716A4CE
	for <freebsd-questions@freebsd.org>;
	Tue,  8 Feb 2005 16:17:54 +0000 (GMT)
Received: from mail.gmx.net (imap.gmx.net [213.165.64.20])
	by mx1.FreeBSD.org (Postfix) with SMTP id 2367E43D45
	for <freebsd-questions@freebsd.org>;
	Tue,  8 Feb 2005 16:17:51 +0000 (GMT)
	(envelope-from ph.schulz@gmx.de)
Received: (qmail invoked by alias); 08 Feb 2005 16:17:49 -0000
Received: from dsl-084-056-226-177.arcor-ip.net (EHLO [192.168.1.5])
	(84.56.226.177)
	by mail.gmx.net (mp013) with SMTP; 08 Feb 2005 17:17:49 +0100
X-Authenticated: #1954550
Message-ID: <4208E611.80505@gmx.de>
Date: Tue, 08 Feb 2005 17:17:21 +0100
From: Phil Schulz <ph.schulz@gmx.de>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.5) Gecko/20050123
X-Accept-Language: de, en-us, en
MIME-Version: 1.0
To: crzdgns1@starpower.net
References: <c5ead59.cb785457.81e0700@ms07.mrf.mail.rcn.net>
In-Reply-To: <c5ead59.cb785457.81e0700@ms07.mrf.mail.rcn.net>
X-Enigmail-Version: 0.89.5.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Y-GMX-Trusted: 0
cc: freebsd-questions@freebsd.org
Subject: Re: Newbie Security Concerns
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Feb 2005 16:17:54 -0000

On 02/08/05 17:01, crzdgns1@starpower.net wrote:
> [...] Last night I was checking my 
> logs and discovered  that sshd reported many illegal users.  Does 
> that mean my system i compromised?  As configured, there are only 
> three accounts on my system, root, toor, and one user account for 
> me.  

if the message looks like the one below, there's no need to worry:

Feb  8 17:12:04 mars sshd[19022]: Illegal user foo from ::1

that just means somebody tried to get into your system using username 
"foo". Since the user "foo" doesn't exist the login failed and no harm 
was done.

> [...] I suppose you need more information from me, but am not sure 
> what to provide.  Any help would be greatly appreciated.
> 

you might want to post the actual message you see in your auth.log. but 
before you post, feed it to your favourite web search engine and dig 
through the results for any hints -- maybe you can solve your problem 
alone and learn something new along the way.

regards,

phil.