[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Possible Hack inprogress.... Help

Subject: Re: [cobalt-users] Possible Hack inprogress.... Help
From: "Vic Chisnell" <vic@xxxxxxxxxxxxxxx>
Date: Thu Sep 14 19:20:58 2000

On 14 Sep 2000, at 21:04, Lennie Core wrote:

> I have a client that is apparently attempting to ftp download and 
> upload to their domain on my RAQ3..  Where can I find the 
> immediate ftp.log's ?  The logs on their domains are 5 days old.
> The access log shows nothing relative to ftp..
> 
> Kind asistance appreciated..
> 
> Lennie Core

the way I watch my logs for ftp is telnet or ssh into the server

then 
su

then 
tail -f /var/log/messages

I just leave the window open to observe the log 24/7
shows the end of the access log as it is being written too

if in fact you do have someone attempting to hack your machine I would 
highly suggest portsentry, and ipchains.  

there are references to both in the user list database.

hope that helps,

Vic Chisnell

References:
- [cobalt-users] Qube2 catch-all is gone
  - From: LinuxMan
- Re: [cobalt-users] Possible Hack inprogress.... Help
  - From: Lennie Core

Prev by Date: Re: [cobalt-users] Macintosh clients with Qube2
Next by Date: [cobalt-users] php packages
Previous by thread: Re: [cobalt-users] Possible Hack inprogress.... Help
Next by thread: Re: [cobalt-users] Stat Analysis

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index