mbl-65-158-34.dsl.net.pk

**Pawel Kowalski** · 04-09-2008, 10:14 PM

When I logged in to SSH today under my root account I saw that the last login occured from mbl-65-158-34.dsl.net.pk on March 7th. I do not know anybody from pakistan and the only people I have ever given my root password to have been in JPC support. Does anyone in jag's support work from pakistan? If not anyone have any ideas what I should do? Does ssh log failed login attempts as last login? the server seems to be running fine and I don't see any signs of it being hacked, but this worries me quite a bit for obvious reasons.

**Pawel Kowalski** · 04-09-2008, 10:19 PM

Look through my jag ticket logs I did have a ticket open on march 7th where I provided my root password. But the tech that actually worked on it was steve. Maybe I'm being a little prejudice here but I really doubt steve is from pakistan.

On edit:

Last login: Fri Mar 7 01:15:20 2008 from mbl-65-158-34.dsl.net.pk

My ticket got a reply on:

2008-03-07 / 01:17:23

I wonder if steve is from pakistan then.

**JPC-Nick** · 04-09-2008, 11:12 PM

That is in fact a IP from a TSR @ jag you have nothing to worry about.

**jason** · 04-10-2008, 08:03 AM

I remember reading about Jag having Reps in Pakistan in the past.

Maybe "Steve" is a pseudonym--I know that when I've called places for support and landed in an overseas call center I am often helped by "Bob" or "Joe" or someone with another common American name. I rarely seem to talk to anyone with a name that seems to fit with the local culture of wherever he is.

--Jason

**JPC-Tracie** · 04-10-2008, 08:08 AM

We have workers from all over the globe. Even an Aussie.

**Pawel Kowalski** · 04-10-2008, 08:11 AM

Originally Posted by JPC-Tracie

We have workers from all over the globe. Even an Aussie.

Nothing wrong with that. Just a little weird to log in to SSH first time in months and see the last login was from pakistan. Sorry about the alarm.

**Spathiphyllum** · 04-10-2008, 09:27 AM

Originally Posted by thehotweb

...Just a little weird to log in to SSH first time in months and see the last login was from pakistan. Sorry about the alarm.

At least you're checking that stuff. It's too easy to become complacent on security. Following up is self-defense and good practice.

I should add, it's not bad policy to be aware of even support staff of your host checking your server/account. Just like your host doesn't want you doing anything unsavory, you don't want anything unsavory happening with your content. Consider it auditing. It must be done.

**Frank Broughton** · 04-10-2008, 11:14 AM

I thought that same thought Spath. Least he was alert!

I change my password whenever an open support ticket needing root access is closed. I also have my server email me whenever someone logs in via SSH: http://av1611.us/bb/viewtopic.php?p=287#p287

**Spathiphyllum** · 04-10-2008, 01:30 PM

Me too, Frank. Actually, no one's needed to get root yet, AFAIK, but the email tip is very useful. It even let's me known when I've checked in.

**Pawel Kowalski** · 04-10-2008, 02:17 PM

That's pretty cool Frank, I'll have to give that a try. I'm terrible with linux but that doesn't look too complicated. Thanks.

LinkBack

Thread Tools

Display

mbl-65-158-34.dsl.net.pk

Bookmarks

Bookmarks

Posting Permissions