/var/log/secure , hacked ?

**htonline** · 10-09-2008, 06:03 PM

Hi !

I saw in my log file /var/log/secure some login from India, Is my VPS hacked again ??

Oct 9 07:20:01 vps sshd[30703]: Accepted password for root from 220.226.6.159 port 1553 ssh2

ct 9 07:20:01 vps sshd[30703]: Accepted password for root from xxxxxxxxxxxxxxxxxxxx port 1553 ssh2
Oct 9 07:20:01 vps sshd[30703]: Accepted password for root from xxxxxxxxxxxxxxxxxxxx port 1553 ssh2
Oct 9 07:00:30 vps sshd[18105]: pam_unix(sshd:session): session opened for user root by (uid=0)

I reinstalled VPS yesterday, change the ssh port, disable root login, and now still see that log : (, the IP from India

thanks

**htonline** · 10-09-2008, 06:13 PM

[root@vps /]# iptables -A INPUT -s xxxxxxxxxxxxxxxx -j DROP
bash: iptables: command not found

, iptables is there before, but where is it now ?

**JPC-Bilal** · 10-09-2008, 06:18 PM

Please login into your client area and open a support ticket. We will investigate it. Thank you.

--
Bilal. B.
Technical Support Dept.
JaguarPC LLC.

**JPC-NickO** · 10-09-2008, 06:51 PM

Originally Posted by htonline

[root@vps /]# iptables -A INPUT -s xxxxxxxxxxxxxxxxxxxxxx -j DROP
bash: iptables: command not found

, iptables is there before, but where is it now ?

If you used su to change to the root user make sure you type

Code:

su -

if that doesn't work try

Code:

/sbin/iptables -A INPUT -s xxxxxxxxxxxxxx -j DROP

Please note that some of our technicians do work out of India and if you gave us the new password and login information to troubleshoot an issue that may be why you see that login.

**htonline** · 10-10-2008, 03:58 AM

Please help remove the IP address above

thanks

**Ron** · 10-10-2008, 06:14 AM

I think I got them all...

LinkBack

Thread Tools

Display

/var/log/secure , hacked ?

Bookmarks

Bookmarks

Posting Permissions