ssh2 -Thanks to everybody
roland at cat.be
Thu Sep 25 07:46:07 UTC 2008
On Wed, 24 Sep 2008 21:39:50 +0200, Björn Persson <bjorn at rombobjörn.se>
> roland wrote:
>> This is an old version of redhat workstation, just before fedora was
> No wonder it was broken into then. Actually, if it hasn't been updated
> 2003 it's something of a wonder if you haven't had any intrusions until
> Perhaps the intruders who have been using the box before have been more
> discreet so that you haven't noticed them.
>> I just wonder why this person/hacker is still trying to login with root
>> and other names. So he must have been unsuccessful the first time.
> What makes you think it's the same person? There are bots on compromised
> computers constantly scanning the Internet and trying to access any SSH
> servers they find. It's been going on for years. Do you have proof that
> login attempts you see are something else?
>> From what you are saying I can understand that I should reinstall the
>> server, even if he is not successfully login in again?
> Yes you should. Once the system is compromised you can't trust anything
> in it.
> Unless the intruder is a complete bungler there is now a backdoor
> that lets him control the system no matter how many passwords you change.
> Your computer will be used for attacking other computers, churning out
> or any number of other shady activities.
> Install the latest version of CentOS and set it up to receive updates
> automatically. Do not transfer any kind of executable code from the old
> system to the new one.
I THANK EVERYBODY FOR THIS EXTENSIVE HELP.
And I hope next time this person-attacker will wait until after my Holiday
More information about the users