hacking attempt
F 10
lip at lip.net.ua
Sat May 7 05:59:08 EST 2011
Hello,
today I find in my logs
May 6 01:36:14 xxx sshd[27880]: Address x.x.x.x maps to xxx.com, but this
does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
May 6 01:36:15 xxx sshd[27880]: *Accepted publickey* for root from x.x.x.x
port 55707 ssh2
May 6 01:36:15 xxx sshd[27880]: pam_unix(sshd:session): session opened for
user root by (uid=0)
May 6 01:36:15 xxx sshd[27880]: subsystem request for sftp
In the sshd_config was always PermitRootLogin no
/root/.ssh always was empty
md5sum /usr/sbin/sshd
f8c11462e8f2a7bf80e212e06041492b /usr/sbin/sshd
md5sum sshd #binary from .deb
f8c11462e8f2a7bf80e212e06041492b sshd
OS Debian GNU/Linux 6.0
SSH-2.0-OpenSSH_5.5p1 Debian-6
How it's possible?
More information about the openssh-unix-dev
mailing list