由买买提看人间百态

boards

本页内容为未名空间相应帖子的节选和存档,一周内的贴子最多显示50字,超过一周显示500字 访问原贴
BuildingWeb版 - 急问:我的机器被 hack 了吗?
相关主题
sendmail挺难配置的呀【紧急提醒】Synology box 被hack!快检查你的 (转载)
[转载] SSH与MySQL冲突?用netstat查看发现连了60.12.109.16这个ip
回国要翻墙,我有个hosting的机器,装点啥可以帮我翻墙呢?从WINDOWS登录LINUX
菜鸟再问:php如何判断页面过期他妈的, 有人好想登入我家里的服务器,
请问如何在Apache周期性运行一个服务?[转载] ft,看看这什么意思啊
ASP.NET 如何在 Shared Hosting 上发自动邮件?软件问题求助
Godaddy的asp.net hosting怎样? (转载)请问有没有自动发送IP地址的程序
急问:我的机器被 hack 了吗? (转载)遇到黑客了!
相关话题的讨论汇总
话题: dmjuser话题: feb话题: cron话题: 01话题: session
进入BuildingWeb版参与讨论
1 (共1页)
d*j
发帖数: 756
1
(1)在 syslog 里面有一大堆这个东西:
Feb 10 01:15:02 dmjuser syslogd 1.5.0#6ubuntu1: restart.
Feb 10 01:20:01 dmjuser CRON[8164]: (smmsp) CMD (test -x /etc/init.d/
sendmail && /usr/share/sendmail/sendmail cron-msp)
Feb 10 01:20:01 dmjuser sm-msp-queue[8179]: My unqualified host name (
dmjuser) unknown; sleeping for retry
Feb 10 01:21:01 dmjuser sm-msp-queue[8179]: unable to qualify my own domain
name (dmjuser) -- using short name
Feb 10 01:22:50 dmjuser ntpd[611]: step-systime: Operation not permitted
Feb 10 01:37:42 dmjuser -- MARK --
Feb 10 01:38:01 dmjuser CRON[8196]: (root) CMD (cd / && run-parts --report /
etc/cron.hourly)
Feb 10 01:38:20 dmjuser ntpd[611]: step-systime: Operation not permitted
Feb 10 01:40:01 dmjuser CRON[8199]: (smmsp) CMD (test -x /etc/init.d/
sendmail && /usr/share/sendmail/sendmail cron-msp)
Feb 10 01:40:01 dmjuser sm-msp-queue[8214]: My unqualified host name (
dmjuser) unknown; sleeping for retry
Feb 10 01:41:01 dmjuser sm-msp-queue[8214]: unable to qualify my own domain
name (dmjuser) -- using short name
Feb 10 01:53:32 dmjuser ntpd[611]: step-systime: Operation not permitted
Feb 10 02:00:01 dmjuser CRON[8231]: (smmsp) CMD (test -x /etc/init.d/
sendmail && /usr/share/sendmail/sendmail cron-msp)
Feb 10 02:00:01 dmjuser sm-msp-queue[8246]: My unqualified host name (
dmjuser) unknown; sleeping for retry
Feb 10 02:01:01 dmjuser sm-msp-queue[8246]: unable to qualify my own domain
name (dmjuser) -- using short name
Feb 10 02:08:56 dmjuser ntpd[611]: step-systime: Operation not permitted
Feb 10 02:20:01 dmjuser CRON[8272]: (smmsp) CMD (test -x /etc/init.d/
sendmail && /usr/share/sendmail/sendmail cron-msp)
Feb 10 02:20:01 dmjuser sm-msp-queue[8287]: My unqualified host name (
dmjuser) unknown; sleeping for retry
Feb 10 02:21:02 dmjuser sm-msp-queue[8287]: unable to qualify my own domain
name (dmjuser) -- using short name
Feb 10 02:24:18 dmjuser ntpd[611]: step-systime: Operation not permitted
Feb 10 02:28:35 dmjuser named[453]: client 46.105.111.230#42233: query (
cache) 'pddos.com/ANY/IN' denied
Feb 10 02:38:01 dmjuser CRON[8304]: (root) CMD (cd / && run-parts --report /
etc/cron.hourly)
Feb 10 02:39:55 dmjuser ntpd[611]: step-systime: Operation not permitted
Feb 10 02:40:01 dmjuser CRON[8307]: (smmsp) CMD (test -x /etc/init.d/
sendmail && /usr/share/sendmail/sendmail cron-msp)
Feb 10 02:40:01 dmjuser sm-msp-queue[8322]: My unqualified host name (
dmjuser) unknown; sleeping for retry
Feb 10 02:41:01 dmjuser sm-msp-queue[8322]: unable to qualify my own domain
name (dmjuser) -- using short name
Feb 10 02:55:27 dmjuser ntpd[611]: step-systime: Operation not permitted
Feb 10 03:00:01 dmjuser CRON[8343]: (smmsp) CMD (test -x /etc/init.d/
sendmail && /usr/share/sendmail/sendmail cron-msp)
Feb 10 03:00:01 dmjuser sm-msp-queue[8358]: My unqualified host name (
dmjuser) unknown; sleeping for retry
Feb 10 03:01:01 dmjuser sm-msp-queue[8358]: unable to qualify my own domain
name (dmjuser) -- using short name
Feb 10 03:11:00 dmjuser ntpd[611]: step-systime: Operation not permitted
Feb 10 03:20:01 dmjuser CRON[8379]: (smmsp) CMD (test -x /etc/init.d/
sendmail && /usr/share/sendmail/sendmail cron-msp)
Feb 10 03:20:01 dmjuser sm-msp-queue[8394]: My unqualified host name (
dmjuser) unknown; sleeping for retry
Feb 10 03:21:01 dmjuser sm-msp-queue[8394]: unable to qualify my own domain
name (dmjuser) -- using short name
Feb 10 03:27:39 dmjuser ntpd[611]: step-systime: Operation not permitted
Feb 10 03:37:42 dmjuser -- MARK --
Feb 10 03:38:01 dmjuser CRON[8411]: (root) CMD (cd / && run-parts --report /
etc/cron.hourly)
Feb 10 03:40:01 dmjuser CRON[8414]: (smmsp) CMD (test -x /etc/init.d/
sendmail && /usr/share/sendmail/sendmail cron-msp)
Feb 10 03:40:01 dmjuser sm-msp-queue[8429]: My unqualified host name (
dmjuser) unknown; sleeping for retry
Feb 10 03:41:01 dmjuser sm-msp-queue[8429]: unable to qualify my own domain
name (dmjuser) -- using short name
Feb 10 03:45:36 dmjuser ntpd[611]: step-systime: Operation not permitted
Feb 10 03:57:42 dmjuser -- MARK --
Feb 10 04:00:01 dmjuser CRON[8450]: (smmsp) CMD (test -x /etc/init.d/
sendmail && /usr/share/sendmail/sendmail cron-msp)
Feb 10 04:00:01 dmjuser sm-msp-queue[8465]: My unqualified host name (
dmjuser) unknown; sleeping for retry
Feb 10 04:01:01 dmjuser sm-msp-queue[8465]: unable to qualify my own domain
name (dmjuser) -- using short name
Feb 10 04:01:18 dmjuser ntpd[611]: step-systime: Operation not permitted
Feb 10 04:16:56 dmjuser ntpd[611]: step-systime: Operation not permitted
Feb 10 04:20:01 dmjuser CRON[8482]: (smmsp) CMD (test -x /etc/init.d/
sendmail && /usr/share/sendmail/sendmail cron-msp)
Feb 10 04:20:01 dmjuser sm-msp-queue[8497]: My unqualified host name (
dmjuser) unknown; sleeping for retry
Feb 10 04:21:01 dmjuser sm-msp-queue[8497]: unable to qualify my own domain
name (dmjuser) -- using short name
Feb 10 04:32:18 dmjuser ntpd[611]: step-systime: Operation not permitted
Feb 10 04:38:01 dmjuser CRON[8518]: (root) CMD (cd / && run-parts --report /
etc/cron.hourly)
Feb 10 04:40:01 dmjuser CRON[8521]: (smmsp) CMD (test -x /etc/init.d/
sendmail && /usr/share/sendmail/sendmail cron-msp)
Feb 10 04:40:02 dmjuser sm-msp-queue[8536]: My unqualified host name (
dmjuser) unknown; sleeping for retry
Feb 10 04:41:02 dmjuser sm-msp-queue[8536]: unable to qualify my own domain
name (dmjuser) -- using short name
Feb 10 04:47:48 dmjuser ntpd[611]: step-systime: Operation not permitted
(2)在 auth.log 里面也有一堆东西:
Feb 4 01:15:05 dmjuser CRON[19995]: pam_unix(cron:session): session closed
for user root
Feb 4 01:20:01 dmjuser CRON[20143]: pam_env(cron:session): Unable to open
env file: /etc/default/locale: No such file or directory
Feb 4 01:20:01 dmjuser CRON[20143]: pam_unix(cron:session): session opened
for user smmsp by (uid=0)
Feb 4 01:21:01 dmjuser CRON[20143]: pam_unix(cron:session): session closed
for user smmsp
Feb 4 01:24:18 dmjuser sshd[20166]: User root from 211.143.33.81 not
allowed because not listed in AllowUsers
Feb 4 01:24:18 dmjuser sshd[20166]: input_userauth_request: invalid user
root [preauth]
Feb 4 01:24:18 dmjuser sshd[20166]: Received disconnect from 211.143.33.81:
11: Bye Bye [preauth]
Feb 4 01:24:30 dmjuser sshd[20168]: Connection closed by 211.143.33.81 [
preauth]
Feb 4 01:38:01 dmjuser CRON[20179]: pam_env(cron:session): Unable to open
env file: /etc/default/locale: No such file or directory
Feb 4 01:38:01 dmjuser CRON[20179]: pam_unix(cron:session): session opened
for user root by (uid=0)
Feb 4 01:38:01 dmjuser CRON[20179]: pam_unix(cron:session): session closed
for user root
Feb 4 01:40:01 dmjuser CRON[20182]: pam_env(cron:session): Unable to open
env file: /etc/default/locale: No such file or directory
Feb 4 01:40:01 dmjuser CRON[20182]: pam_unix(cron:session): session opened
for user smmsp by (uid=0)
Feb 4 01:41:01 dmjuser CRON[20182]: pam_unix(cron:session): session closed
for user smmsp
Feb 4 01:44:09 dmjuser sshd[20205]: User root from 222.186.62.75 not
allowed because not listed in AllowUsers
Feb 4 01:44:09 dmjuser sshd[20205]: input_userauth_request: invalid user
root [preauth]
Feb 4 01:44:09 dmjuser sshd[20205]: Connection closed by 222.186.62.75 [
preauth]
Feb 4 01:44:53 dmjuser sshd[20207]: fatal: Read from socket failed:
Connection reset by peer [preauth]
Feb 4 02:00:02 dmjuser CRON[20218]: pam_env(cron:session): Unable to open
env file: /etc/default/locale: No such file or directory
Feb 4 02:00:02 dmjuser CRON[20218]: pam_unix(cron:session): session opened
for user smmsp by (uid=0)
Feb 4 02:01:02 dmjuser CRON[20218]: pam_unix(cron:session): session closed
for user smmsp
Feb 4 02:20:01 dmjuser CRON[20250]: pam_env(cron:session): Unable to open
env file: /etc/default/locale: No such file or directory
Feb 4 02:20:01 dmjuser CRON[20250]: pam_unix(cron:session): session opened
for user smmsp by (uid=0)
Feb 4 02:21:01 dmjuser CRON[20250]: pam_unix(cron:session): session closed
for user smmsp
Feb 4 02:38:01 dmjuser CRON[20282]: pam_env(cron:session): Unable to open
env file: /etc/default/locale: No such file or directory
Feb 4 02:38:01 dmjuser CRON[20282]: pam_unix(cron:session): session opened
for user root by (uid=0)
Feb 4 02:38:01 dmjuser CRON[20282]: pam_unix(cron:session): session closed
for user root
Feb 4 02:40:01 dmjuser CRON[20285]: pam_env(cron:session): Unable to open
env file: /etc/default/locale: No such file or directory
Feb 4 02:40:01 dmjuser CRON[20285]: pam_unix(cron:session): session opened
for user smmsp by (uid=0)
Feb 4 02:41:02 dmjuser CRON[20285]: pam_unix(cron:session): session closed
for user smmsp
Feb 4 02:56:50 dmjuser sshd[20327]: User root from 218.2.22.149 not allowed
because not listed in AllowUsers
Feb 4 02:56:50 dmjuser sshd[20327]: input_userauth_request: invalid user
root [preauth]
Feb 4 02:56:50 dmjuser sshd[20327]: Connection closed by 218.2.22.149 [
preauth]
Feb 4 02:59:49 dmjuser sshd[20329]: User root from 218.2.22.149 not allowed
because not listed in AllowUsers
Feb 4 02:59:49 dmjuser sshd[20329]: input_userauth_request: invalid user
root [preauth]
Feb 4 02:59:49 dmjuser sshd[20329]: Connection closed by 218.2.22.149 [
preauth]
Feb 4 03:00:01 dmjuser CRON[20331]: pam_env(cron:session): Unable to open
env file: /etc/default/locale: No such file or directory
Feb 4 03:00:01 dmjuser CRON[20331]: pam_unix(cron:session): session opened
for user smmsp by (uid=0)
Feb 4 03:01:01 dmjuser CRON[20331]: pam_unix(cron:session): session closed
for user smmsp
Feb 4 03:04:24 dmjuser sshd[20354]: User root from 222.186.62.9 not allowed
because not listed in AllowUsers
Feb 4 03:04:24 dmjuser sshd[20354]: input_userauth_request: invalid user
root [preauth]
Feb 4 03:04:24 dmjuser sshd[20354]: Connection closed by 222.186.62.9 [
preauth]
Feb 4 03:05:27 dmjuser sshd[20356]: User root from 222.186.62.9 not allowed
because not listed in AllowUsers
Feb 4 03:05:27 dmjuser sshd[20356]: input_userauth_request: invalid user
root [preauth]
Feb 4 03:05:27 dmjuser sshd[20356]: Connection closed by 222.186.62.9 [
preauth]
Feb 4 03:12:36 dmjuser sshd[20365]: reverse mapping checking getaddrinfo
for 179.89.26.218.internet.sx.cn [218.26.89.179] failed - POSSIBLE BREAK-IN
ATTEMPT!
Feb 4 03:12:36 dmjuser sshd[20365]: User root from 218.26.89.179 not
allowed because not listed in AllowUsers
Feb 4 03:12:36 dmjuser sshd[20365]: input_userauth_request: invalid user
root [preauth]
Feb 4 03:12:36 dmjuser sshd[20365]: Connection closed by 218.26.89.179 [
preauth]
Feb 4 03:20:01 dmjuser CRON[20369]: pam_env(cron:session): Unable to open
env file: /etc/default/locale: No such file or directory
Feb 4 03:20:01 dmjuser CRON[20369]: pam_unix(cron:session): session opened
for user smmsp by (uid=0)
Feb 4 03:21:01 dmjuser CRON[20369]: pam_unix(cron:session): session closed
for user smmsp
Feb 4 03:38:01 dmjuser CRON[20401]: pam_env(cron:session): Unable to open
env file: /etc/default/locale: No such file or directory
Feb 4 03:38:01 dmjuser CRON[20401]: pam_unix(cron:session): session opened
for user root by (uid=0)
Feb 4 03:38:01 dmjuser CRON[20401]: pam_unix(cron:session): session closed
for user root
Feb 4 03:40:01 dmjuser CRON[20404]: pam_env(cron:session): Unable to open
env file: /etc/default/locale: No such file or directory
Feb 4 03:40:01 dmjuser CRON[20404]: pam_unix(cron:session): session opened
for user smmsp by (uid=0)
Feb 4 03:41:02 dmjuser CRON[20404]: pam_unix(cron:session): session closed
for user smmsp
其中 dmjuser 是我的用户名。我的机器是不是被hack了?还是只是被hack但是还没成
功?
smmsp user 是不是尝试 CRON job 发邮件么? 这个该怎么处理呢?
谢谢!
g****z
发帖数: 1135
2
dmjuser 是你的 hostname吧?
1 (共1页)
进入BuildingWeb版参与讨论
相关主题
遇到黑客了!请问如何在Apache周期性运行一个服务?
cannot run "ls" from dos window after cygwin installedASP.NET 如何在 Shared Hosting 上发自动邮件?
小心骗子Godaddy的asp.net hosting怎样? (转载)
卡被盗 被刷爆了急问:我的机器被 hack 了吗? (转载)
sendmail挺难配置的呀【紧急提醒】Synology box 被hack!快检查你的 (转载)
[转载] SSH与MySQL冲突?用netstat查看发现连了60.12.109.16这个ip
回国要翻墙,我有个hosting的机器,装点啥可以帮我翻墙呢?从WINDOWS登录LINUX
菜鸟再问:php如何判断页面过期他妈的, 有人好想登入我家里的服务器,
相关话题的讨论汇总
话题: dmjuser话题: feb话题: cron话题: 01话题: session

未名新帖统计// 7月16日

#版面帖数(主题数)
-全站4871 (796)
1Military3777 (569)
2Stock341 (51)
3Joke117 (17)
4History116 (3)
5Automobile100 (9)
6USANews55 (9)
7Midlife45 (1)
8Headline41 (41)
9Dreamer33 (13)
10FleaMarket32 (20)
11Living30 (7)

* 这里只显示发帖超过25的版面,努力灌水吧:-)

历史上的今天

  1. faintcat妹妹看进来~~ 发表于12年前.
  2. NSC, PD 1/7/2007, EB2, ... 发表于11年前.
  3. [FBA求购]MJVE2 758 MJVM2 ... 发表于6年前.
  4. 老生常谈,归与不归 发表于10年前.
  5. 【申请】Seattle西雅图 版版主——申请人... 发表于9年前.
  6. 宝宝出生,头骨骨折,求祝福 发表于9年前.
  7. 求推荐舒缓优美的古典音乐 发表于11年前.
  8. 百分之一的北京人上北大 中国网友愤怒(转载) 发表于10年前.
  9. 新人带狗狗Bailey来报道 发表于12年前.
  10. 全世界最有价值的运动队 发表于10年前.
  11. 请问大切诺基的质量如何 发表于6年前.
  12. TNND,军版全是BKC 发表于15年前.
  13. Inception 发表于12年前.
  14. 微软的有些家属可真恶心,为了卖保险脸都不要了 发表于10年前.
  15. 每周坐高铁的苦逼来说说感受吧!! 发表于9年前.
除非另有声明,本站内容采用Creative Commons BY-NC-SA 3.0协议进行许可,转载请注明来自未名观察 - 隐私政策2011-07-24 10:06:12由admin编辑