From owner-freebsd-questions@FreeBSD.ORG Sun Oct 17 11:14:24 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D4DE1106564A for ; Sun, 17 Oct 2010 11:14:24 +0000 (UTC) (envelope-from frederic.praca@freebsd-fr.org) Received: from smtp4-g21.free.fr (smtp4-g21.free.fr [212.27.42.4]) by mx1.freebsd.org (Postfix) with ESMTP id 1B76A8FC18 for ; Sun, 17 Oct 2010 11:14:21 +0000 (UTC) Received: from coruscant.dnsalias.net (unknown [88.169.125.217]) by smtp4-g21.free.fr (Postfix) with ESMTP id DFD4C4C806C for ; Sun, 17 Oct 2010 13:14:15 +0200 (CEST) Date: Sun, 17 Oct 2010 13:16:46 +0200 From: Frederic Praca To: freebsd-questions@freebsd.org Message-ID: <20101017131646.514aea0f@coruscant.dnsalias.net> In-Reply-To: References: <20101016124725.63a7ac5a@coruscant.dnsalias.net> X-Mailer: Claws Mail 3.7.6 (GTK+ 2.20.1; i386-portbld-freebsd8.1) Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Subject: Re: Strange PAM message X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Oct 2010 11:14:24 -0000 Well in fact, I guess this is an automated break-in attempt coming from a virus or troyan. But, I already got such attacks in the past and never had this strange PAM message. > You probably have somebody trying (succeeding?, I have no idea,) to > break in. >=20 > I have one machine for the net, but none of the machines I do my work > in ever get connected to the internet. It's like the old west, still > -- there really is no law enforcement. >=20 > --jg >=20 >=20 >=20 >=20 > On Sat, Oct 16, 2010 at 6:47 AM, Frederic Praca < > frederic.praca@freebsd-fr.org> wrote: >=20 > > Hello guys, > > has anyone got these messages : > > Oct 16 11:24:54 coruscant sshd[2690]: User root from 89.211.244.245 > > not allowed because none of user's groups are listed in AllowGroups > > Oct 16 11:24:55 coruscant sshd[2690]: fatal: Internal error: PAM > > auth succeeded when it should have failed > > > > FYI, I have a sshd server prohibiting root logins so the second log > > made me think about a possible break-in attempt and maybe a > > succeeding one :-( > > > > Any idea about what these messages mean ? > > > > Fred > > -- > > Ce serait beau, l'honnetet=E9 d'un avocat qui demanderait la > > condamnation de son client ! > > -+- Jules Renard -+- > > _______________________________________________ > > freebsd-questions@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to " > > freebsd-questions-unsubscribe@freebsd.org" > > --=20 Voici nos mythes, nos erreurs que nous e=FBmes tant de peine =E0 dresser contre les pr=E9c=E9dentes ! ... Tout n'est pas faux dans ce qui fut abandonn=E9. Tout n'est pas vrai dans ce qui se r=E9v=E8le. -+- Paul Val=E9ry -+-