Hallo,
ich bin heute opfer eines Hackerangriffes geworden,
nun hab ich das Rootpasswort zurückgestzt und konnte mich wieder einloggen, ich habe mir gleich die log datei heruntergeladen.
Und versucht diese nach einem Angriff zu durchsuchen, leider kann ich logdatein nicht so gut lesen. Ich habe hier einmal einen kleinen ausschnitt:
Invalid user admin from ***.***.***.***
May 18 14:32:01 w240 /usr/sbin/cron[20171]: (root) CMD (/root/confixx/confixx_counterscript.pl)
May 18 14:32:10 w240 su: (to ts) root on /dev/pts/0
May 18 14:33:01 w240 /usr/sbin/cron[20188]: (root) CMD (/root/confixx/confixx_counterscript.pl)
May 18 14:34:01 w240 /usr/sbin/cron[20192]: (root) CMD (/root/confixx/confixx_counterscript.pl)
May 18 14:35:01 w240 /usr/sbin/cron[20198]: (root) CMD (/root/confixx/confixx_counterscript.pl)
May 18 14:36:01 w240 /usr/sbin/cron[20208]: (root) CMD (/root/confixx/confixx_counterscript.pl)
May 18 14:36:58 w240 su: FAILED SU (to ts) root on /dev/pts/0
May 18 14:37:01 w240 /usr/sbin/cron[20220]: (root) CMD (/root/confixx/confixx_counterscript.pl)
May 18 14:37:56 w240 sshd[20224]: Accepted keyboard-interactive/pam for root from **.***.**.** port 3305 ssh2
May 18 14:37:56 w240 sshd[20227]: lastlog_filetype: Couldn't stat /var/log/lastlog: No such file or directory
May 18 14:37:56 w240 sshd[20227]: lastlog_openseek: /var/log/lastlog is not a file or directory!
May 18 14:37:56 w240 sshd[20227]: lastlog_filetype: Couldn't stat /var/log/lastlog: No such file or directory
May 18 14:37:56 w240 sshd[20227]: lastlog_openseek: /var/log/lastlog is not a file or directory!
May 18 14:38:01 w240 /usr/sbin/cron[20248]: (root) CMD (/root/confixx/confixx_counterscript.pl)
May 18 14:38:16 w240 su: (to ts) root on /dev/pts/0
May 18 14:39:01 w240 /usr/sbin/cron[20265]: (root) CMD (/root/confixx/confixx_counterscript.pl)
May 18 14:40:01 w240 /usr/sbin/cron[20298]: (root) CMD (/root/confixx/confixx_counterscript.pl)
May 18 14:41:01 w240 /usr/sbin/cron[20307]: (root) CMD (/root/confixx/confixx_counterscript.pl)
May 18 14:42:01 w240 /usr/sbin/cron[20322]: (root) CMD (/root/confixx/confixx_counterscript.pl)
May 18 14:43:01 w240 /usr/sbin/cron[20328]: (root) CMD (/root/confixx/confixx_counterscript.pl)
May 18 14:44:01 w240 /usr/sbin/cron[20331]: (root) CMD (/root/confixx/confixx_counterscript.pl)
May 18 14:44:27 w240 sshd[20333]: Accepted keyboard-interactive/pam for root from ***.***.***.*** port 3390 ssh2
May 18 14:44:27 w240 sshd[20336]: lastlog_filetype: Couldn't stat /var/log/lastlog: No such file or directory
May 18 14:44:27 w240 sshd[20336]: lastlog_openseek: /var/log/lastlog is not a file or directory!
May 18 14:44:27 w240 sshd[20336]: lastlog_filetype: Couldn't stat /var/log/lastlog: No such file or directory
May 18 14:44:27 w240 sshd[20336]: lastlog_openseek: /var/log/lastlog is not a file or directory!
May 18 14:44:30 w240 sshd[20333]: subsystem request for sftp
May 18 14:45:01 w240 /usr/sbin/cron[20364]: (root) CMD (/root/confixx/confixx_counterscript.pl)
May 18 14:45:15 w240 sshd[20333]: Received disconnect from ***.***.***.**: 11: Disconnect requested by Windows SSH Client.
.....................................
Did not receive identification string from ***.***.***.***
May 18 18:05:01 w240 /usr/sbin/cron[22374]: (root) CMD (/root/confixx/confixx_counterscript.pl)
May 18 18:06:01 w240 /usr/sbin/cron[22380]: (root) CMD (/root/confixx/confixx_counterscript.pl)
May 18 18:07:01 w240 /usr/sbin/cron[22389]: (root) CMD (/root/confixx/confixx_counterscript.pl)
May 18 18:08:01 w240 /usr/sbin/cron[22394]:
Das war ein kleiner Ausschnitt.
Vielen Dank für eure Hilfe!
MFG.
DK-Serv
ich bin heute opfer eines Hackerangriffes geworden,
nun hab ich das Rootpasswort zurückgestzt und konnte mich wieder einloggen, ich habe mir gleich die log datei heruntergeladen.
Und versucht diese nach einem Angriff zu durchsuchen, leider kann ich logdatein nicht so gut lesen. Ich habe hier einmal einen kleinen ausschnitt:
Invalid user admin from ***.***.***.***
May 18 14:32:01 w240 /usr/sbin/cron[20171]: (root) CMD (/root/confixx/confixx_counterscript.pl)
May 18 14:32:10 w240 su: (to ts) root on /dev/pts/0
May 18 14:33:01 w240 /usr/sbin/cron[20188]: (root) CMD (/root/confixx/confixx_counterscript.pl)
May 18 14:34:01 w240 /usr/sbin/cron[20192]: (root) CMD (/root/confixx/confixx_counterscript.pl)
May 18 14:35:01 w240 /usr/sbin/cron[20198]: (root) CMD (/root/confixx/confixx_counterscript.pl)
May 18 14:36:01 w240 /usr/sbin/cron[20208]: (root) CMD (/root/confixx/confixx_counterscript.pl)
May 18 14:36:58 w240 su: FAILED SU (to ts) root on /dev/pts/0
May 18 14:37:01 w240 /usr/sbin/cron[20220]: (root) CMD (/root/confixx/confixx_counterscript.pl)
May 18 14:37:56 w240 sshd[20224]: Accepted keyboard-interactive/pam for root from **.***.**.** port 3305 ssh2
May 18 14:37:56 w240 sshd[20227]: lastlog_filetype: Couldn't stat /var/log/lastlog: No such file or directory
May 18 14:37:56 w240 sshd[20227]: lastlog_openseek: /var/log/lastlog is not a file or directory!
May 18 14:37:56 w240 sshd[20227]: lastlog_filetype: Couldn't stat /var/log/lastlog: No such file or directory
May 18 14:37:56 w240 sshd[20227]: lastlog_openseek: /var/log/lastlog is not a file or directory!
May 18 14:38:01 w240 /usr/sbin/cron[20248]: (root) CMD (/root/confixx/confixx_counterscript.pl)
May 18 14:38:16 w240 su: (to ts) root on /dev/pts/0
May 18 14:39:01 w240 /usr/sbin/cron[20265]: (root) CMD (/root/confixx/confixx_counterscript.pl)
May 18 14:40:01 w240 /usr/sbin/cron[20298]: (root) CMD (/root/confixx/confixx_counterscript.pl)
May 18 14:41:01 w240 /usr/sbin/cron[20307]: (root) CMD (/root/confixx/confixx_counterscript.pl)
May 18 14:42:01 w240 /usr/sbin/cron[20322]: (root) CMD (/root/confixx/confixx_counterscript.pl)
May 18 14:43:01 w240 /usr/sbin/cron[20328]: (root) CMD (/root/confixx/confixx_counterscript.pl)
May 18 14:44:01 w240 /usr/sbin/cron[20331]: (root) CMD (/root/confixx/confixx_counterscript.pl)
May 18 14:44:27 w240 sshd[20333]: Accepted keyboard-interactive/pam for root from ***.***.***.*** port 3390 ssh2
May 18 14:44:27 w240 sshd[20336]: lastlog_filetype: Couldn't stat /var/log/lastlog: No such file or directory
May 18 14:44:27 w240 sshd[20336]: lastlog_openseek: /var/log/lastlog is not a file or directory!
May 18 14:44:27 w240 sshd[20336]: lastlog_filetype: Couldn't stat /var/log/lastlog: No such file or directory
May 18 14:44:27 w240 sshd[20336]: lastlog_openseek: /var/log/lastlog is not a file or directory!
May 18 14:44:30 w240 sshd[20333]: subsystem request for sftp
May 18 14:45:01 w240 /usr/sbin/cron[20364]: (root) CMD (/root/confixx/confixx_counterscript.pl)
May 18 14:45:15 w240 sshd[20333]: Received disconnect from ***.***.***.**: 11: Disconnect requested by Windows SSH Client.
.....................................
Did not receive identification string from ***.***.***.***
May 18 18:05:01 w240 /usr/sbin/cron[22374]: (root) CMD (/root/confixx/confixx_counterscript.pl)
May 18 18:06:01 w240 /usr/sbin/cron[22380]: (root) CMD (/root/confixx/confixx_counterscript.pl)
May 18 18:07:01 w240 /usr/sbin/cron[22389]: (root) CMD (/root/confixx/confixx_counterscript.pl)
May 18 18:08:01 w240 /usr/sbin/cron[22394]:
Das war ein kleiner Ausschnitt.
Vielen Dank für eure Hilfe!
MFG.
DK-Serv