Breakin attempts
Steve Blackwell
zephod at cfl.rr.com
Wed Apr 21 13:58:55 UTC 2010
On Wed, 21 Apr 2010 00:33:11 -0400
Steve Blackwell <zephod at cfl.rr.com> wrote:
> I was looking at my logwatch mail and saw:
>
> Failed logins from:
> 62.39.117.140 (140.117.39-62.rev.gaoland.net): 139 times
> 220.128.67.41: 9 times
>
> Illegal users from:
> 62.39.117.140 (140.117.39-62.rev.gaoland.net): 229 times
> 220.128.67.41: 2 times
>
>
> Received disconnect:
> 11: Bye Bye : 379 Time(s)
>
> so it appears that someone was trying to break in to my machine.
>
> I googled rev.gaoland.net (http://whois.domaintools.com/gaoland.net)
> and it appears to be some kind of French ISP.
> Is there some place to report this?
>
> Steve
rkhunter is reporting this:
---------------------- Start Rootkit Hunter Scan ----------------------
Warning: Suspicious file types found in /dev:
/dev/shm/mono-shared-500-shared_fileshare-steve.blackwell-Linux-i686-36-12-0:data
/dev/shm/mono-shared-500-shared_data-steve.blackwell-Linux-i686-312-12-0:data
/dev/shm/mono.2812: data
process 2812 is tomboy so that should be OK. What are the other 2?
Normal? OK to whitelist them?
Thanks,
Steve
More information about the users
mailing list