[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] RE: Help suspect hacked system

I just did a lastlog command myself to see what it resulted and for some
reason it does not contain any data after June? Does this file after it gets
to a certain point just stop logging to it? I just renamed the file and
created a new one to start logging again and it is working. Just wondering
if I should be concerned about this?

Jim

----- Original Message -----
From: "David" <david_dean@xxxxxxx>
To: "Cobalt User Group" <cobalt-users@xxxxxxxxxxxxxxx>
Sent: Tuesday, October 17, 2000 12:24 AM
Subject: [cobalt-users] RE: Help suspect hacked system


> >>The reason i think the system was hacked is that logcheck
> >>reported a port scan then not long after i had a
> >>ftp sesion closed message from a user not on my system.?
>
> Chances are you've *not* been hacked (been there).. That ftp session
closed
> message appears even if they don't get in/succeed at their connect
attempt.
> *Unless* you've got anonymous FTP enabled on your sites (still slim chance
you
> were hacked)... If you *do* have anon FTP enabled, and don't really use
it..
> DISABLE IT!!
>
> Type in "last" from a command prompt to see a list of all the previous
logins
> to your machine. If you were hacked, chances are they wiped this file and
it
> will only go back to the time of the hack... If it's logins only go back a
few
> hours (not several days/weeks or months), you might have concerns..
>
> Good Luck!
> -David
>
> ____________________________________________________________________
> Get free email and a permanent address at http://www.netaddress.com/?N=1
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>