해킹으로 생각되는데 확인 부탁드립니다.
작성자 정보
- 김진민 작성
- 작성일
컨텐츠 정보
- 3,040 조회
- 0 추천
- 목록
본문
May 8 04:02:27 dctl syslogd 1.4.1: restart.
May 8 04:02:27 dctl su(pam_unix)[31142]: session opened for user news by (uid=0)
May 8 04:02:27 dctl su(pam_unix)[31142]: session closed for user news
May 8 04:14:19 dctl sshd(pam_unix)[31216]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=211.169.117.119 user=root
May 8 04:14:22 dctl sshd(pam_unix)[31218]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=211.169.117.119 user=root
May 8 04:14:24 dctl sshd(pam_unix)[31220]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=211.169.117.119 user=root
May 8 07:49:47 dctl sshd(pam_unix)[13314]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=211.157.108.19 user=root
May 8 07:49:50 dctl sshd(pam_unix)[13316]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=211.157.108.19 user=root
May 8 07:49:54 dctl sshd(pam_unix)[13318]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=211.157.108.19 user=root
May 8 14:31:08 dctl sshd(pam_unix)[14178]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=usermail.chinacomm.com.cn user=root
May 8 14:31:13 dctl sshd(pam_unix)[14184]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=usermail.chncomm.com.102.157.211.in-addr.arpa user=root
May 8 14:31:18 dctl sshd(pam_unix)[14190]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=usermail.chncomm.com.102.157.211.in-addr.arpa user=root
May 8 14:31:23 dctl sshd(pam_unix)[14196]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=usermail.chncomm.com.102.157.211.in-addr.arpa user=root
May 8 14:31:28 dctl sshd(pam_unix)[14202]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=usermail.chinacomm.com.cn user=root
May 8 16:31:24 dctl vsftpd: warning: can't get client address: Bad file descriptor
May 8 18:56:12 dctl sshd(pam_unix)[14970]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=linuxtcx.yuntech.edu.tw user=root
May 8 18:56:20 dctl sshd(pam_unix)[14972]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=linuxtcx.yuntech.edu.tw user=root
May 8 18:56:29 dctl sshd(pam_unix)[14974]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=linuxtcx.yuntech.edu.tw user=root
May 8 19:04:18 dctl sshd(pam_unix)[15009]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=usermail.chncomm.com.102.157.211.in-addr.arpa user=root
May 8 19:04:21 dctl sshd(pam_unix)[15011]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=usermail.chncomm.com.102.157.211.in-addr.arpa user=root
May 8 19:04:25 dctl sshd(pam_unix)[15013]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=usermail.chinacomm.com.cn user=root
May 8 19:04:28 dctl sshd(pam_unix)[15015]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=usermail.chncomm.com.102.157.211.in-addr.arpa user=root
May 8 19:46:41 dctl sshd(pam_unix)[15127]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=211.157.108.19 user=root
May 8 19:46:44 dctl sshd(pam_unix)[15132]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=211.157.108.19 user=root
May 8 19:46:48 dctl sshd(pam_unix)[15134]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=211.157.108.19 user=root
May 8 14:31:13 dctl sshd(pam_unix)[14184]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=usermail.chncomm.com.102.157.211.in-addr.arpa user=root
May 8 14:31:18 dctl sshd(pam_unix)[14190]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=usermail.chncomm.com.102.157.211.in-addr.arpa user=root
May 8 14:31:23 dctl sshd(pam_unix)[14196]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=usermail.chncomm.com.102.157.211.in-addr.arpa user=root
May 8 14:31:28 dctl sshd(pam_unix)[14202]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=usermail.chinacomm.com.cn user=root
May 8 16:31:24 dctl vsftpd: warning: can't get client address: Bad file descriptor
May 8 18:56:12 dctl sshd(pam_unix)[14970]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=linuxtcx.yuntech.edu.tw user=root
May 8 18:56:20 dctl sshd(pam_unix)[14972]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=linuxtcx.yuntech.edu.tw user=root
May 8 18:56:29 dctl sshd(pam_unix)[14974]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=linuxtcx.yuntech.edu.tw user=root
May 8 19:04:18 dctl sshd(pam_unix)[15009]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=usermail.chncomm.com.102.157.211.in-addr.arpa user=root
May 8 19:04:21 dctl sshd(pam_unix)[15011]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=usermail.chncomm.com.102.157.211.in-addr.arpa user=root
May 8 19:04:25 dctl sshd(pam_unix)[15013]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=usermail.chinacomm.com.cn user=root
May 8 19:04:28 dctl sshd(pam_unix)[15015]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=usermail.chncomm.com.102.157.211.in-addr.arpa user=root
May 8 19:46:41 dctl sshd(pam_unix)[15127]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=211.157.108.19 user=root
May 8 19:46:44 dctl sshd(pam_unix)[15132]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=211.157.108.19 user=root
May 8 19:46:48 dctl sshd(pam_unix)[15134]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=211.157.108.19 user=root
May 8 21:29:33 dctl sshd(pam_unix)[15611]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=usermail.chinacomm.com.cn user=root
May 8 21:29:38 dctl sshd(pam_unix)[15617]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=usermail.chinacomm.com.cn user=root
May 8 22:11:10 dctl vsftpd: warning: can't get client address: Bad file descriptor
May 8 23:49:47 dctl sshd(pam_unix)[16619]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=211.157.25.189 user=root
May 8 23:49:51 dctl sshd(pam_unix)[16621]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=211.157.25.189 user=root
May 8 23:49:54 dctl sshd(pam_unix)[16626]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=211.157.25.189 user=root
May 9 04:02:19 dctl su(pam_unix)[17410]: session opened for user news by (uid=0)
May 9 04:02:19 dctl su(pam_unix)[17410]: session closed for user news
/var/log/message 파일에 이런 로그가 남았구요.
tomcat 웹서버를 돌리고 있는데 웹서버 데몬이 죽어있었던것 빼고는 다른 이상은 없는것 같습니다만
ssh를 이용한 계속적인 접근시도가 있었다고 보아지고 마지막에 나온
May 9 04:02:19 dctl su(pam_unix)[17410]: session opened for user news by (uid=0)
이 메세지를 보니까 news라는 계정이 뚫린것으로 생각되는데 크래킹 당한것이 맞는지요?
관련자료
-
이전
-
다음
