Date: Sat, 15 Nov 2008 09:02:53 +0100 (CET) From: Wojciech Puchar <wojtek@wojtek.tensor.gdynia.pl> To: Lisa Casey <lisa@jellico.com> Cc: freebsd-questions@freebsd.org Subject: Re: Question about entry in auth.log Message-ID: <20081115090130.X19870@wojtek.tensor.gdynia.pl> In-Reply-To: <B8B09B39A8884900970CF2434D40F6C4@CaseyHome> References: <B8B09B39A8884900970CF2434D40F6C4@CaseyHome>
next in thread | previous in thread | raw e-mail | index | archive | help
> Nov 12 15:44:29 mail sshd[30160]: Accepted keyboard-interactive/pam for > michael from 89.123.165.3 po > rt 55185 ssh2 > > There is a user michael on the system, but whoever was doing this was not > him. > > I am assuming someone tried to break in using a valid username (michael) but > with an incorrect password. it was VALID password. he successfully logged change password now, look what the intruder messed and tell michael to be care more about his password next time. if intruder wasn't very smart, he may not deleted .history, look what he/she did.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20081115090130.X19870>