Hacked?
David Rankin
drankin at cox-internet.com
Thu May 3 14:04:56 GMT 2001
I found a weird log entry in my system check for 4/27. Someone from a
Korean site was able to ftp into my server for 41 seconds. The log
entries are as follows:
Apr 27 13:14:43 Nemesis xinetd[620]: START: ftp pid=17845
from=210.119.103.190
Apr 27 13:14:43 Nemesis xinetd[17845]: USERID: ftp OTHER :root
Apr 27 13:15:23 Nemesis xinetd[620]: EXIT: ftp pid=17845
duration=41(sec)
What does it look like to you guys? What are your suggestions for fixing
it so it doesn't happen again? Where do I report this unauthorized use?
--
David C. Rankin
Nacogdoches, Texas
More information about the samba
mailing list