Date: Thu, 7 Mar 2002 20:01:30 -0800 (PST) From: krzysztof Strzelczyk <cs052279@yahoo.com> To: freebsd-security@freebsd.org Subject: suspicious ssh logs Message-ID: <20020308040130.88177.qmail@web14803.mail.yahoo.com>
next in thread | raw e-mail | index | archive | help
Hello, I am getting some suspicious logs in /var/log/messages and also in my httpd logs. Since the ssh exploit went public today this worries me. Here are the logs, can anyone clarify. messages: Mar 7 17:58:10 server sshd[8783]: fatal: Local: Corrupted check bytes on input. Mar 7 17:58:21 server sshd[8786]: fatal: Local: Corrupted check bytes on input. Mar 7 17:58:36 server sshd[8791]: fatal: Local: Corrupted check bytes on input. Mar 7 17:58:51 server sshd[8798]: fatal: Local: Corrupted check bytes on input. httpd log: (It looks like maybe someone is trying to run scripts that aren't really there?) [Thu Mar 7 22:04:02 2002] [error] [client 195.252.149.234] File does not exist: /usr/local/www/data/default.ida [Thu Mar 7 22:18:41 2002] [error] [client 144.134.227.126] File does not exist: /usr/local/www/data/gall/kellyashton/gall1.shtml [Thu Mar 7 22:23:05 2002] [error] [client 67.201.235.198] File does not exist: /usr/local/www/data/gall/nia/gall1.shtml [Thu Mar 7 22:36:08 2002] [error] [client 68.60.16.31] File does not exist: /usr/local/www/data/default.ida Thanks -Chris __________________________________________________ Do You Yahoo!? Try FREE Yahoo! Mail - the world's greatest free email! http://mail.yahoo.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020308040130.88177.qmail>