ssh2 -Thanks to everybody

roland roland at
Thu Sep 25 07:46:07 UTC 2008

On Wed, 24 Sep 2008 21:39:50 +0200, Björn Persson <bjorn at rombobjö>  

> roland wrote:
>> This is an old version of redhat workstation, just before fedora was
>> released.
> No wonder it was broken into then. Actually, if it hasn't been updated  
> since
> 2003 it's something of a wonder if you haven't had any intrusions until  
> now.
> Perhaps the intruders who have been using the box before have been more
> discreet so that you haven't noticed them.
>> I just wonder why this person/hacker is still trying to login with root
>> and other names. So he must have been unsuccessful the first time.
> What makes you think it's the same person? There are bots on compromised
> computers constantly scanning the Internet and trying to access any SSH
> servers they find. It's been going on for years. Do you have proof that  
> the
> login attempts you see are something else?
>>  From what you are saying I can understand that I should reinstall the
>> server, even if he is not successfully login in again?
> Yes you should. Once the system is compromised you can't trust anything  
> in it.
> Unless the intruder is a complete bungler there is now a backdoor  
> installed
> that lets him control the system no matter how many passwords you change.
> Your computer will be used for attacking other computers, churning out  
> spam,
> or any number of other shady activities.
> Install the latest version of CentOS and set it up to receive updates
> automatically. Do not transfer any kind of executable code from the old
> system to the new one.
And I hope next time this person-attacker will wait until after my Holiday


More information about the users mailing list