Date: Fri, 23 Feb 2001 10:33:04 -0800 (PST) From: "tjk@tksoft.com" <tjk@tksoft.com> To: slamdunk@neophile.net (slamdunk) Cc: freebsd-security@FreeBSD.ORG Subject: Re: weird login attempt Message-ID: <200102231833.KAA16516@uno.tksoft.com> In-Reply-To: <4.3.2.7.2.20010223185401.02aad2c0@pop3.neophile.net> from "slamdunk" at Feb 23, 2001 06:55:13 PM
next in thread | previous in thread | raw e-mail | index | archive | help
Jerry, Since the user is www, is it possible that the login was attempted through the web server? I.e. do you have your web server running under the username www? One theoretical possibility would be that someone was able to execute a cgi which tried to login to the system. The ttyv0 indicates a local login, not a networked (pseudo tty) login. If the cgi exec'ed code which attached to ttyv0, then this would seem consistent. Might be a good idea to see your web access logs for that particular moment in time and see if some cgi was called just then. Troy > > Nope it wont be either of these - The box is in a locked cabinet in our > datacenter. > > Ah well, seems this will remain a mystery > > Jerry > > At 13:48 23/02/2001 +0200, you wrote: > >On Fri, Feb 23, 2001 at 08:46:59AM -0300, Fernando Schapachnik wrote: > > > En un mensaje anterior, slamdunk escribio: > > > > Can anyone identify what this might be? > > > > > > Somebody laying its hand over the keyboard :) > > > > > > > > > > > Feb 23 10:41:33 www login: 1 LOGIN FAILURE ON ttyv0 > > > > Feb 23 10:41:33 www login: 1 LOGIN FAILURE ON ttyv0 > > > > Feb 23 10:41:33 www login: 1 LOGIN FAILURE ON ttyv0, > > ^[[S^[[J^[[J^[[J^[[~^[ > > > > Feb 23 10:41:33 www login: 1 LOGIN FAILURE ON ttyv0, > > ^[[S^[[J^[[J^[[J^[[~^[ > > > >Those are probably F-keys or similar.. ^[[S is F7, ^[[J is probably something > >around the numeric keypad. > > > >G'luck, > >Peter > > > >-- > >If you think this sentence is confusing, then change one pig. > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > >with "unsubscribe freebsd-security" in the body of the message > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200102231833.KAA16516>