Newbie Security Concerns
Phil Schulz
ph.schulz at gmx.de
Tue Feb 8 08:17:54 PST 2005
On 02/08/05 17:01, crzdgns1 at starpower.net wrote:
> [...] Last night I was checking my
> logs and discovered that sshd reported many illegal users. Does
> that mean my system i compromised? As configured, there are only
> three accounts on my system, root, toor, and one user account for
> me.
if the message looks like the one below, there's no need to worry:
Feb 8 17:12:04 mars sshd[19022]: Illegal user foo from ::1
that just means somebody tried to get into your system using username
"foo". Since the user "foo" doesn't exist the login failed and no harm
was done.
> [...] I suppose you need more information from me, but am not sure
> what to provide. Any help would be greatly appreciated.
>
you might want to post the actual message you see in your auth.log. but
before you post, feed it to your favourite web search engine and dig
through the results for any hints -- maybe you can solve your problem
alone and learn something new along the way.
regards,
phil.
More information about the freebsd-questions
mailing list