Date: Sun, 11 May 2008 13:49:57 -0600 From: Chad Perrin <perrin@apotheon.com> To: freebsd-questions@freebsd.org Subject: Re: root login stops working Message-ID: <20080511194957.GA81732@demeter.hydra> In-Reply-To: <200805102300.41775.fbsd.questions@rachie.is-a-geek.net> References: <812883.11120.qm@web54010.mail.re2.yahoo.com> <200805102300.41775.fbsd.questions@rachie.is-a-geek.net>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] On Sat, May 10, 2008 at 11:00:41PM +0200, Mel wrote: > On Saturday 10 May 2008 20:50:46 Dennis Flynn wrote: > > I'm running FreeBSD wx.dennis-flynn.net 7.0-RELEASE FreeBSD 7.0-RELEASE #0: > > Sun Feb 24 19:59:52 UTC 2008 > > root@logan.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 > > > > About a day after install root login no longer works - even on the console. > > > > I see the following in /var/log/auth.log: > > May 10 14:22:37 wx sshd[86223]: Accepted password for root from > > 10.11.12.104 port 1492 ssh2 May 10 14:22:37 wx sshd[86223]: Received > > disconnect from 10.11.12.104: 0: > > > > And in /var/log/messages: > > May 10 14:27:51 wx kernel: pid 86237 (csh), uid 0: exited on signal 11 > > (core dumped) > > Looks like you got hacked, the tell-tale being "ip port ####". > http://security.freebsd.org/advisories/FreeBSD-SA-08:05.openssh.asc . . . unless that's part of Dennins' network setup. -- CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ] McCloctnick the Lucid: "The first rule of magic is simple. Don't waste your time waving your hands and hopping when a rock or a club will do." [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.8 (FreeBSD) iEYEARECAAYFAkgnTeUACgkQ9mn/Pj01uKVCtwCfdPIDGA0CnxivvShQ9ryGmKv2 D+0Anj6iTnTP2bjYcZ0Mr+oDEgXUYIW5 =+t6y -----END PGP SIGNATURE-----help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080511194957.GA81732>