由买买提看人间百态

boards

本页内容为未名空间相应帖子的节选和存档,一周内的贴子最多显示50字,超过一周显示500字 访问原贴
SanFrancisco版 - 急问:我的机器被 hack 了吗? (转载)
相关主题
软件问题求助[合集] 不如说说ld做过最让你感动的事情吧
小心骗子[合集] 有人用comcast的internet吗?
超级资本主义对超级共产主义[合集] 退税小扫盲
Roth IRA帐号没有任何好处[合集] (求助) 麻辣诱惑真的很糟糕吗?
An email template to help contact your local assembly man - VOTE NO on SCA 5![合集] yahoo首页上这个活动硬盘看着挺漂亮么
克林顿说,AA不是QUATA[合集] 为什么trader joe人那么多?
玩飞盘的请进 (转载)[合集] sausalito附近有什么不错的餐馆么?
[合集] 年糕切好,小圆子搓好[合集] 砍院子里的树
相关话题的讨论汇总
话题: dmjuser话题: feb话题: cron话题: 01话题: session
进入SanFrancisco版参与讨论
1 (共1页)
d*j
发帖数: 756
1
【 以下文字转载自 BuildingWeb 讨论区 】
发信人: dmj (大马甲), 信区: BuildingWeb
标 题: 急问:我的机器被 hack 了吗?
发信站: BBS 未名空间站 (Tue Feb 11 01:10:30 2014, 美东)
(1)在 syslog 里面有一大堆这个东西:
Feb 10 01:15:02 dmjuser syslogd 1.5.0#6ubuntu1: restart.
Feb 10 01:20:01 dmjuser CRON[8164]: (smmsp) CMD (test -x /etc/init.d/
sendmail && /usr/share/sendmail/sendmail cron-msp)
Feb 10 01:20:01 dmjuser sm-msp-queue[8179]: My unqualified host name (
dmjuser) unknown; sleeping for retry
Feb 10 01:21:01 dmjuser sm-msp-queue[8179]: unable to qualify my own domain
name (dmjuser) -- using short name
Feb 10 01:22:50 dmjuser ntpd[611]: step-systime: Operation not permitted
Feb 10 01:37:42 dmjuser -- MARK --
Feb 10 01:38:01 dmjuser CRON[8196]: (root) CMD (cd / && run-parts --report /
etc/cron.hourly)
Feb 10 01:38:20 dmjuser ntpd[611]: step-systime: Operation not permitted
Feb 10 01:40:01 dmjuser CRON[8199]: (smmsp) CMD (test -x /etc/init.d/
sendmail && /usr/share/sendmail/sendmail cron-msp)
Feb 10 01:40:01 dmjuser sm-msp-queue[8214]: My unqualified host name (
dmjuser) unknown; sleeping for retry
Feb 10 01:41:01 dmjuser sm-msp-queue[8214]: unable to qualify my own domain
name (dmjuser) -- using short name
Feb 10 01:53:32 dmjuser ntpd[611]: step-systime: Operation not permitted
Feb 10 02:00:01 dmjuser CRON[8231]: (smmsp) CMD (test -x /etc/init.d/
sendmail && /usr/share/sendmail/sendmail cron-msp)
Feb 10 02:00:01 dmjuser sm-msp-queue[8246]: My unqualified host name (
dmjuser) unknown; sleeping for retry
Feb 10 02:01:01 dmjuser sm-msp-queue[8246]: unable to qualify my own domain
name (dmjuser) -- using short name
Feb 10 02:08:56 dmjuser ntpd[611]: step-systime: Operation not permitted
Feb 10 02:20:01 dmjuser CRON[8272]: (smmsp) CMD (test -x /etc/init.d/
sendmail && /usr/share/sendmail/sendmail cron-msp)
Feb 10 02:20:01 dmjuser sm-msp-queue[8287]: My unqualified host name (
dmjuser) unknown; sleeping for retry
Feb 10 02:21:02 dmjuser sm-msp-queue[8287]: unable to qualify my own domain
name (dmjuser) -- using short name
Feb 10 02:24:18 dmjuser ntpd[611]: step-systime: Operation not permitted
Feb 10 02:28:35 dmjuser named[453]: client 46.105.111.230#42233: query (
cache) 'pddos.com/ANY/IN' denied
Feb 10 02:38:01 dmjuser CRON[8304]: (root) CMD (cd / && run-parts --report /
etc/cron.hourly)
Feb 10 02:39:55 dmjuser ntpd[611]: step-systime: Operation not permitted
Feb 10 02:40:01 dmjuser CRON[8307]: (smmsp) CMD (test -x /etc/init.d/
sendmail && /usr/share/sendmail/sendmail cron-msp)
Feb 10 02:40:01 dmjuser sm-msp-queue[8322]: My unqualified host name (
dmjuser) unknown; sleeping for retry
Feb 10 02:41:01 dmjuser sm-msp-queue[8322]: unable to qualify my own domain
name (dmjuser) -- using short name
Feb 10 02:55:27 dmjuser ntpd[611]: step-systime: Operation not permitted
Feb 10 03:00:01 dmjuser CRON[8343]: (smmsp) CMD (test -x /etc/init.d/
sendmail && /usr/share/sendmail/sendmail cron-msp)
Feb 10 03:00:01 dmjuser sm-msp-queue[8358]: My unqualified host name (
dmjuser) unknown; sleeping for retry
Feb 10 03:01:01 dmjuser sm-msp-queue[8358]: unable to qualify my own domain
name (dmjuser) -- using short name
Feb 10 03:11:00 dmjuser ntpd[611]: step-systime: Operation not permitted
Feb 10 03:20:01 dmjuser CRON[8379]: (smmsp) CMD (test -x /etc/init.d/
sendmail && /usr/share/sendmail/sendmail cron-msp)
Feb 10 03:20:01 dmjuser sm-msp-queue[8394]: My unqualified host name (
dmjuser) unknown; sleeping for retry
Feb 10 03:21:01 dmjuser sm-msp-queue[8394]: unable to qualify my own domain
name (dmjuser) -- using short name
Feb 10 03:27:39 dmjuser ntpd[611]: step-systime: Operation not permitted
Feb 10 03:37:42 dmjuser -- MARK --
Feb 10 03:38:01 dmjuser CRON[8411]: (root) CMD (cd / && run-parts --report /
etc/cron.hourly)
Feb 10 03:40:01 dmjuser CRON[8414]: (smmsp) CMD (test -x /etc/init.d/
sendmail && /usr/share/sendmail/sendmail cron-msp)
Feb 10 03:40:01 dmjuser sm-msp-queue[8429]: My unqualified host name (
dmjuser) unknown; sleeping for retry
Feb 10 03:41:01 dmjuser sm-msp-queue[8429]: unable to qualify my own domain
name (dmjuser) -- using short name
Feb 10 03:45:36 dmjuser ntpd[611]: step-systime: Operation not permitted
Feb 10 03:57:42 dmjuser -- MARK --
Feb 10 04:00:01 dmjuser CRON[8450]: (smmsp) CMD (test -x /etc/init.d/
sendmail && /usr/share/sendmail/sendmail cron-msp)
Feb 10 04:00:01 dmjuser sm-msp-queue[8465]: My unqualified host name (
dmjuser) unknown; sleeping for retry
Feb 10 04:01:01 dmjuser sm-msp-queue[8465]: unable to qualify my own domain
name (dmjuser) -- using short name
Feb 10 04:01:18 dmjuser ntpd[611]: step-systime: Operation not permitted
Feb 10 04:16:56 dmjuser ntpd[611]: step-systime: Operation not permitted
Feb 10 04:20:01 dmjuser CRON[8482]: (smmsp) CMD (test -x /etc/init.d/
sendmail && /usr/share/sendmail/sendmail cron-msp)
Feb 10 04:20:01 dmjuser sm-msp-queue[8497]: My unqualified host name (
dmjuser) unknown; sleeping for retry
Feb 10 04:21:01 dmjuser sm-msp-queue[8497]: unable to qualify my own domain
name (dmjuser) -- using short name
Feb 10 04:32:18 dmjuser ntpd[611]: step-systime: Operation not permitted
Feb 10 04:38:01 dmjuser CRON[8518]: (root) CMD (cd / && run-parts --report /
etc/cron.hourly)
Feb 10 04:40:01 dmjuser CRON[8521]: (smmsp) CMD (test -x /etc/init.d/
sendmail && /usr/share/sendmail/sendmail cron-msp)
Feb 10 04:40:02 dmjuser sm-msp-queue[8536]: My unqualified host name (
dmjuser) unknown; sleeping for retry
Feb 10 04:41:02 dmjuser sm-msp-queue[8536]: unable to qualify my own domain
name (dmjuser) -- using short name
Feb 10 04:47:48 dmjuser ntpd[611]: step-systime: Operation not permitted
(2)在 auth.log 里面也有一堆东西:
Feb 4 01:15:05 dmjuser CRON[19995]: pam_unix(cron:session): session closed
for user root
Feb 4 01:20:01 dmjuser CRON[20143]: pam_env(cron:session): Unable to open
env file: /etc/default/locale: No such file or directory
Feb 4 01:20:01 dmjuser CRON[20143]: pam_unix(cron:session): session opened
for user smmsp by (uid=0)
Feb 4 01:21:01 dmjuser CRON[20143]: pam_unix(cron:session): session closed
for user smmsp
Feb 4 01:24:18 dmjuser sshd[20166]: User root from 211.143.33.81 not
allowed because not listed in AllowUsers
Feb 4 01:24:18 dmjuser sshd[20166]: input_userauth_request: invalid user
root [preauth]
Feb 4 01:24:18 dmjuser sshd[20166]: Received disconnect from 211.143.33.81:
11: Bye Bye [preauth]
Feb 4 01:24:30 dmjuser sshd[20168]: Connection closed by 211.143.33.81 [
preauth]
Feb 4 01:38:01 dmjuser CRON[20179]: pam_env(cron:session): Unable to open
env file: /etc/default/locale: No such file or directory
Feb 4 01:38:01 dmjuser CRON[20179]: pam_unix(cron:session): session opened
for user root by (uid=0)
Feb 4 01:38:01 dmjuser CRON[20179]: pam_unix(cron:session): session closed
for user root
Feb 4 01:40:01 dmjuser CRON[20182]: pam_env(cron:session): Unable to open
env file: /etc/default/locale: No such file or directory
Feb 4 01:40:01 dmjuser CRON[20182]: pam_unix(cron:session): session opened
for user smmsp by (uid=0)
Feb 4 01:41:01 dmjuser CRON[20182]: pam_unix(cron:session): session closed
for user smmsp
Feb 4 01:44:09 dmjuser sshd[20205]: User root from 222.186.62.75 not
allowed because not listed in AllowUsers
Feb 4 01:44:09 dmjuser sshd[20205]: input_userauth_request: invalid user
root [preauth]
Feb 4 01:44:09 dmjuser sshd[20205]: Connection closed by 222.186.62.75 [
preauth]
Feb 4 01:44:53 dmjuser sshd[20207]: fatal: Read from socket failed:
Connection reset by peer [preauth]
Feb 4 02:00:02 dmjuser CRON[20218]: pam_env(cron:session): Unable to open
env file: /etc/default/locale: No such file or directory
Feb 4 02:00:02 dmjuser CRON[20218]: pam_unix(cron:session): session opened
for user smmsp by (uid=0)
Feb 4 02:01:02 dmjuser CRON[20218]: pam_unix(cron:session): session closed
for user smmsp
Feb 4 02:20:01 dmjuser CRON[20250]: pam_env(cron:session): Unable to open
env file: /etc/default/locale: No such file or directory
Feb 4 02:20:01 dmjuser CRON[20250]: pam_unix(cron:session): session opened
for user smmsp by (uid=0)
Feb 4 02:21:01 dmjuser CRON[20250]: pam_unix(cron:session): session closed
for user smmsp
Feb 4 02:38:01 dmjuser CRON[20282]: pam_env(cron:session): Unable to open
env file: /etc/default/locale: No such file or directory
Feb 4 02:38:01 dmjuser CRON[20282]: pam_unix(cron:session): session opened
for user root by (uid=0)
Feb 4 02:38:01 dmjuser CRON[20282]: pam_unix(cron:session): session closed
for user root
Feb 4 02:40:01 dmjuser CRON[20285]: pam_env(cron:session): Unable to open
env file: /etc/default/locale: No such file or directory
Feb 4 02:40:01 dmjuser CRON[20285]: pam_unix(cron:session): session opened
for user smmsp by (uid=0)
Feb 4 02:41:02 dmjuser CRON[20285]: pam_unix(cron:session): session closed
for user smmsp
Feb 4 02:56:50 dmjuser sshd[20327]: User root from 218.2.22.149 not allowed
because not listed in AllowUsers
Feb 4 02:56:50 dmjuser sshd[20327]: input_userauth_request: invalid user
root [preauth]
Feb 4 02:56:50 dmjuser sshd[20327]: Connection closed by 218.2.22.149 [
preauth]
Feb 4 02:59:49 dmjuser sshd[20329]: User root from 218.2.22.149 not allowed
because not listed in AllowUsers
Feb 4 02:59:49 dmjuser sshd[20329]: input_userauth_request: invalid user
root [preauth]
Feb 4 02:59:49 dmjuser sshd[20329]: Connection closed by 218.2.22.149 [
preauth]
Feb 4 03:00:01 dmjuser CRON[20331]: pam_env(cron:session): Unable to open
env file: /etc/default/locale: No such file or directory
Feb 4 03:00:01 dmjuser CRON[20331]: pam_unix(cron:session): session opened
for user smmsp by (uid=0)
Feb 4 03:01:01 dmjuser CRON[20331]: pam_unix(cron:session): session closed
for user smmsp
Feb 4 03:04:24 dmjuser sshd[20354]: User root from 222.186.62.9 not allowed
because not listed in AllowUsers
Feb 4 03:04:24 dmjuser sshd[20354]: input_userauth_request: invalid user
root [preauth]
Feb 4 03:04:24 dmjuser sshd[20354]: Connection closed by 222.186.62.9 [
preauth]
Feb 4 03:05:27 dmjuser sshd[20356]: User root from 222.186.62.9 not allowed
because not listed in AllowUsers
Feb 4 03:05:27 dmjuser sshd[20356]: input_userauth_request: invalid user
root [preauth]
Feb 4 03:05:27 dmjuser sshd[20356]: Connection closed by 222.186.62.9 [
preauth]
Feb 4 03:12:36 dmjuser sshd[20365]: reverse mapping checking getaddrinfo
for 179.89.26.218.internet.sx.cn [218.26.89.179] failed - POSSIBLE BREAK-IN
ATTEMPT!
Feb 4 03:12:36 dmjuser sshd[20365]: User root from 218.26.89.179 not
allowed because not listed in AllowUsers
Feb 4 03:12:36 dmjuser sshd[20365]: input_userauth_request: invalid user
root [preauth]
Feb 4 03:12:36 dmjuser sshd[20365]: Connection closed by 218.26.89.179 [
preauth]
Feb 4 03:20:01 dmjuser CRON[20369]: pam_env(cron:session): Unable to open
env file: /etc/default/locale: No such file or directory
Feb 4 03:20:01 dmjuser CRON[20369]: pam_unix(cron:session): session opened
for user smmsp by (uid=0)
Feb 4 03:21:01 dmjuser CRON[20369]: pam_unix(cron:session): session closed
for user smmsp
Feb 4 03:38:01 dmjuser CRON[20401]: pam_env(cron:session): Unable to open
env file: /etc/default/locale: No such file or directory
Feb 4 03:38:01 dmjuser CRON[20401]: pam_unix(cron:session): session opened
for user root by (uid=0)
Feb 4 03:38:01 dmjuser CRON[20401]: pam_unix(cron:session): session closed
for user root
Feb 4 03:40:01 dmjuser CRON[20404]: pam_env(cron:session): Unable to open
env file: /etc/default/locale: No such file or directory
Feb 4 03:40:01 dmjuser CRON[20404]: pam_unix(cron:session): session opened
for user smmsp by (uid=0)
Feb 4 03:41:02 dmjuser CRON[20404]: pam_unix(cron:session): session closed
for user smmsp
其中 dmjuser 是我的用户名。我的机器是不是被hack了?还是只是被hack但是还没成
功?
smmsp user 是不是尝试 CRON job 发邮件么? 这个该怎么处理呢?
谢谢!
1 (共1页)
进入SanFrancisco版参与讨论
相关主题
[合集] 砍院子里的树An email template to help contact your local assembly man - VOTE NO on SCA 5!
[合集] 请推荐川菜或湖南菜馆克林顿说,AA不是QUATA
[合集] 请教大家一些清洁浴室的经验?玩飞盘的请进 (转载)
[合集] 真心求教:costco这个床垫怎么样?是memory foam的。[合集] 年糕切好,小圆子搓好
软件问题求助[合集] 不如说说ld做过最让你感动的事情吧
小心骗子[合集] 有人用comcast的internet吗?
超级资本主义对超级共产主义[合集] 退税小扫盲
Roth IRA帐号没有任何好处[合集] (求助) 麻辣诱惑真的很糟糕吗?
相关话题的讨论汇总
话题: dmjuser话题: feb话题: cron话题: 01话题: session

未名新帖统计// 7月16日

#版面帖数(主题数)
-全站4871 (796)
1Military3777 (569)
2Stock341 (51)
3Joke117 (17)
4History116 (3)
5Automobile100 (9)
6USANews55 (9)
7Midlife45 (1)
8Headline41 (41)
9Dreamer33 (13)
10FleaMarket32 (20)
11Living30 (7)

* 这里只显示发帖超过25的版面,努力灌水吧:-)

历史上的今天

  1. faintcat妹妹看进来~~ 发表于12年前.
  2. NSC, PD 1/7/2007, EB2, ... 发表于11年前.
  3. [FBA求购]MJVE2 758 MJVM2 ... 发表于6年前.
  4. 老生常谈,归与不归 发表于10年前.
  5. 【申请】Seattle西雅图 版版主——申请人... 发表于9年前.
  6. 宝宝出生,头骨骨折,求祝福 发表于9年前.
  7. 求推荐舒缓优美的古典音乐 发表于11年前.
  8. 百分之一的北京人上北大 中国网友愤怒(转载) 发表于10年前.
  9. 新人带狗狗Bailey来报道 发表于12年前.
  10. 全世界最有价值的运动队 发表于10年前.
  11. 请问大切诺基的质量如何 发表于6年前.
  12. TNND,军版全是BKC 发表于15年前.
  13. Inception 发表于12年前.
  14. 微软的有些家属可真恶心,为了卖保险脸都不要了 发表于10年前.
  15. 每周坐高铁的苦逼来说说感受吧!! 发表于9年前.
除非另有声明,本站内容采用Creative Commons BY-NC-SA 3.0协议进行许可,转载请注明来自未名观察 - 隐私政策2011-07-24 10:06:12由admin编辑