From owner-freebsd-questions@FreeBSD.ORG Sat Apr 28 16:34:47 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 0E4B216A401 for ; Sat, 28 Apr 2007 16:34:47 +0000 (UTC) (envelope-from maximo4k@gmail.com) Received: from an-out-0708.google.com (an-out-0708.google.com [209.85.132.251]) by mx1.freebsd.org (Postfix) with ESMTP id BF02113C44B for ; Sat, 28 Apr 2007 16:34:46 +0000 (UTC) (envelope-from maximo4k@gmail.com) Received: by an-out-0708.google.com with SMTP id c24so934220ana for ; Sat, 28 Apr 2007 09:34:46 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:date:from:x-mailer:reply-to:x-priority:message-id:to:subject:mime-version:content-type:content-transfer-encoding; b=rSjgqiuL/R7thfQaVBPyvbMiUVbp/vzEzpUtFNrlmXrQBFgeMF3gfdPoXQIPwXZX0DCds5z+I+0opEH4fnbpiOOMKgIIHccL/CtTcfHdrEBfQ1Y2pN6S+RrX/QaV3l4OwGBVv3nEhmgug2JG2P9F8Wa8+5dLdmSicTW6+mnIUgM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:date:from:x-mailer:reply-to:x-priority:message-id:to:subject:mime-version:content-type:content-transfer-encoding; b=unvn6Tpaa0ruhi3sDcYrE/OV7QXsNZr7MnTNqGZTJsobPlaVyxJI3Twz55LFl7fx84L1FvLkcsATaS5KPg6/H1Hl20UgYLAaAlfrxg/kwAAuZzqU6Ep5Qhc6drfwTrz5009/oV3LMebHHznnobVr75tHW2/T7bFJ6WliXx5py5o= Received: by 10.100.153.17 with SMTP id a17mr2878013ane.1177776555088; Sat, 28 Apr 2007 09:09:15 -0700 (PDT) Received: from ?10.3.7.11? ( [207.101.72.98]) by mx.google.com with ESMTP id c13sm5609298anc.2007.04.28.09.09.14; Sat, 28 Apr 2007 09:09:14 -0700 (PDT) Date: Sat, 28 Apr 2007 12:09:55 -0700 From: maximo4k X-Mailer: The Bat! (v3.85.03) Professional X-Priority: 3 (Normal) Message-ID: <1514709144.20070428120955@gmail.com> To: freebsd-questions@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: Subject: Need your help X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: maximo4k List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 28 Apr 2007 16:34:47 -0000 Hello freebsd-questions, From: Maksym Kuvyklin Subject: I have suspicion that somebody use my server like zombie server. Environment:FreeBSD mail.ukremb.com 5.5-RELEASE FreeBSD 5.5-RELEASE #6: Mon Apr 23 14:41:21 EDT 2007 root@mail.ukremb.com:/usr/obj/usr/src/sys/MYKERNEL i386 Description: Sorry for my pure English. I am new in this community. I had detected that somebody tryed to penetrate via ssh into my server. When I had changed the port all this attempts were finished. Then server notified me about that somebody use my IP address and after that my network adapter had down. I had changed it to another one and the server had started work again. I have static IP address. But, now my connection is very slow. I have looked throught the logs and I had not found any tracks of penetration. Please, help me to solve this problem. -- Best regards, maximo4k mailto:maximo4k@gmail.com