got hacked ??

**ptl2** · 11-13-2008, 09:53 AM

Hello

I saw this in my secure log file
Accepted password for root from 123.23.48.143 port 1051 ssh2

but my default ssh port is 3345, so I got hacked ??

thanks

**Ron** · 11-13-2008, 10:57 AM

It doesn't sound good to me...

Change the password FIRST, just in case it was only a probe.
(Where there a bunch of tries from the same IP address or a bunch of different IPs just before the intrusion?)

Can you roll back your VPS to a point before the intrusion and change your password to something more difficult?

You may also want to open a ticket and ask for advice there.
Good luck.

**JPC-Jawad** · 11-13-2008, 10:59 AM

Please open a support ticket and provide us the login details of your server. I suggest that you also request a security hardening procedure in that ticket.

**Gwaihir** · 11-13-2008, 01:25 PM

Originally Posted by ptl2

but my default ssh port is 3345, so I got hacked ??

Not necessarily. You probably mean you log in to SSH on port 3345, however the port shown in the log is the one the login attempt came from. AFAIK these are picked at random by the software.

See if the IP address means anything to you (i.e. yours or a support tech's who has worked on it recently). Whatever port it came from is, to my knowledge, not very relevant.

**Ron** · 11-13-2008, 01:46 PM

It is an address from Viet Nam. Are there any support techs working for JAG from Viet Nam?

**JPC-Rizwan** · 11-13-2008, 01:54 PM

No , we do not have any techs in our team working from Veitnam.

**ptl2** · 11-13-2008, 04:24 PM

I belive some one want control my life on the internet, plz tell me how can I kill them

.

the hackers hacked my site seem are Vietnamese .

I have send $$ to rebuild the server
JPC-Howard please take care my ticket

thanks alot .

**thecoalman** · 11-13-2008, 11:50 PM

Step one to prevent this in the future is to use a very hard password: https://www.grc.com/passwords.htm

Step two is to make sure your local machine hasn't been compromised.

Step 3 through ~ ... You need layered security, you only need a single point of failure and you're done.

**ptl2** · 11-14-2008, 01:41 AM

thanks thecoalman

I alway use a hard password for every account, maybe my pc have some security issue, now I am running on linux CD, no hard disk , using open DNS .
Try to use https on any site visit (if have https supported)

3. I need help from Jaguarpc setup a secure VPS,

that's all I can do, if I have hacked again, I will stop working on the Internet forever : (

thanks

LinkBack

Thread Tools

Display

got hacked ??

Bookmarks

Bookmarks

Posting Permissions