Strange PAM message

Frederic Praca frederic.praca at freebsd-fr.org
Sun Oct 17 11:14:24 UTC 2010


Well in fact, I guess this is an automated break-in attempt coming from
a virus or troyan.
But, I already got such attacks in the past and never had this strange
PAM message.

> You probably have somebody trying (succeeding?, I have no idea,) to
> break in.
> 
> I have one machine for the net, but none of the machines I do my work
> in ever get connected to the internet.  It's like the old west, still
> -- there really is no law enforcement.
> 
> --jg
> 
> 
> 
> 
> On Sat, Oct 16, 2010 at 6:47 AM, Frederic Praca <
> frederic.praca at freebsd-fr.org> wrote:
> 
> > Hello guys,
> > has anyone got these messages :
> > Oct 16 11:24:54 coruscant sshd[2690]: User root from 89.211.244.245
> > not allowed because none of user's groups are listed in AllowGroups
> > Oct 16 11:24:55 coruscant sshd[2690]: fatal: Internal error: PAM
> > auth succeeded when it should have failed
> >
> > FYI, I have a sshd server prohibiting root logins so the second log
> > made me think about a possible break-in attempt and maybe a
> > succeeding one :-(
> >
> > Any idea about what these messages mean ?
> >
> > Fred
> > --
> > Ce serait beau, l'honneteté d'un avocat qui demanderait la
> > condamnation de son client !
> >        -+- Jules Renard -+-
> > _______________________________________________
> > freebsd-questions at freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > To unsubscribe, send any mail to "
> > freebsd-questions-unsubscribe at freebsd.org"
> >


-- 
Voici nos mythes, nos erreurs que nous eûmes tant
de peine à dresser contre les précédentes !
... Tout n'est pas faux dans ce qui fut abandonné.
Tout n'est pas vrai dans ce qui se révèle.
	-+- Paul Valéry -+-


More information about the freebsd-questions mailing list