[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] RaQ3 - strange message from system logs, hacker??

Subject: [cobalt-users] RaQ3 - strange message from system logs, hacker??
From: "Dave" <daver1@xxxxxxxxxxxxxxx>
Date: Wed Mar 7 03:13:45 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

I have been seeing this in my logs, is this normal or could it be hacker
droppings left behind from when our server was compromised a couple of weeks
ago. I noticed this after installing port sentry and log check. The only
thing I have seen in crontab that runs at these times is SWATCH. and there
is nothing in my 'cron.quarter-hourly' directory. If anyone could shed some
light on this, it would be greatly appreciated.

Mar  2 16:15:01 www imapd[31566]: Login failure user=Active_Monitor_69
host=localhost [127.0.0.1]
Mar  2 16:30:01 www imapd[32229]: Login failure user=Active_Monitor_69
host=localhost [127.0.0.1]
Mar  2 16:45:02 www imapd[429]: Login failure user=Active_Monitor_69
host=localhost [127.0.0.1]
Mar  2 17:00:02 www imapd[1091]: Login failure user=Active_Monitor_69
host=localhost [127.0.0.1]

----------------------------------------------------------------------------
-----
Cheers, Dave Reid (Night Rider)
Engaging in a battle of wits should only be attempted when sufficiently
armed
----------------------------------------------------------------------------
-----

Follow-Ups:
- RE: [cobalt-users] RaQ3 - strange message from system logs, hacker??
  - From: Dee Dreslough

Prev by Date: RE: [cobalt-users] Chkrootkit Question
Next by Date: RE: [cobalt-users] ipchains/locked out
Previous by thread: [cobalt-users] Imagemagick Install
Next by thread: RE: [cobalt-users] RaQ3 - strange message from system logs, hacker??

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index