[mythtv-users] OT. Have I been hacked? IRCD?

Steven mythmail at richardstraat.homedns.org
Tue Dec 14 11:37:51 UTC 2004


mark at onnow.net wrote:
> Found a nasty little script in my /tmp dir called d0s3.txt

my guess is that you have ssh open on port 22 and there is a 
user=password combination (like test/test) that will give you access.

There are a few scripts out there that do nothing but scan for open ssh 
ports.

You'll probably see these in your messages or secure log : (cat 
/var/log/messages | grep ssh)

Dec 13 10:56:50 server sshd[8013]: Failed password for root from 
66.41.137.42 por
t 55881 ssh2
Dec 13 10:56:51 server sshd[8015]: Illegal user cip52 from 66.41.137.42
Dec 13 10:56:51 server sshd[8015]: Failed password for illegal user 
cip52 from 66
.41.137.42 port 55884 ssh2
Dec 13 10:56:52 server sshd[8017]: Illegal user cip51 from 66.41.137.42
Dec 13 10:56:52 server sshd[8017]: Failed password for illegal user 
cip51 from 66
.41.137.42 port 55889 ssh2
Dec 13 10:56:53 server sshd[8019]: Failed password for root from 
66.41.137.42 por
t 55892 ssh2
Dec 13 10:56:54 server sshd[8021]: Illegal user noc from 66.41.137.42
Dec 13 10:56:54 server sshd[8021]: Failed password for illegal user noc 
from 66.4
1.137.42 port 55895 ssh2




More information about the mythtv-users mailing list