Re: Can't tell if I have been hacked :(

[Joel Rees <joel_rees sannet ne jp>]

As I recall, the problem was that the file system suddenly looked 
messed up?

Somebody mentioned that they had had the same problem, but the disks 
themselves were okay (although  would hope he backed up the data and 
scrubbed software and settings just in case).

Suggestion from way out in left field, but have you checked that 
something like $LANG and/or the locale settings have not changed to 
something incompatible with the file name encodings and fonts you are 
using?


On 2006.3.21, at 10:36 PM, Claude Jones wrote:

> On Tue March 21 2006 7:54 am, Chasecreek Systemhouse wrote:
> > On 3/20/06, Claude Jones <claude_jones levitjames com> wrote:
> > > Just to add something to this discussion. Today, I've just noticed 
> > > that
> > > ssh has become disabled on two separate machines, one at home, and 
> > > one at
> > > my (snip) ...
> >
> > As root does the command `lastb` show that you've had tens of
> > thousands of attempted log ins?
> >
> > The only recorded successful FC4 ssh break-in on a system I built
> > showed up as tens of thousands of random ssh log-in failures within an
> > hour.  When they hit 90,000 per hour the attacker got in.  They tried
> > to install a ebay spammer and some other code they had ftp'ed in from
> > S.America somewhere...
> >
> > Of course, the system was reformatted that same day.
>
> Nope, but thanks for the suggestion. It was one of the first things I 
> checked.
> I did have a fair number of log-in attempts, but, denyhosts kicks in 
> after
> five unsuccessful user tries from an ip, and lists the intruder in 
> hosts.deny
> - I have it configured to deny all to such intruders, not just ssh.
> When I say "fair number", I'm talking in the tens - not hundreds, not
> thousands...
> --
> Claude Jones
> Bluemont, VA, USA
>
> --
> fedora-list mailing list
> fedora-list redhat com
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list