昨天刚装的系统,debian 4.0 r3版.本。服务器也刚上线,没人.知道。但今天早上突然root密码被改了。root用了托管公司安装的默认rootroot为.密码。外贸
以下是其中一部分的a.ut..h.log ,有个叫adi的用户加入,后来又删掉了那个组。@@ 比较头疼啊。刚弄这个系统,都不知道需要注意什么。 这个log表后面我再加了一个现在的用户列表(/e.tc/passwd)的内容,希望能帮我看看里面是不是还有什么暗藏的用户(我没开新用户)。.
顺便问下,这个入侵的人是不是会放什么东西在我服务器上,然后通过这个东西再次登录我.的服务器?.谢谢大家。 女人
May 22 .16:38:12 fih sshd[6184]: pam_unix(sshd:auth): authen.tication failure; logname=. uid=0 euid=0 tty=ssh ruser= rhost=209.40.64.220. 美容
May 22 16:38:14 fih sshd[6184]: Fai.led password for invalid user erika from. 209.40.64.2.20 port 50064 ssh2[成人用品]
May 22 16:38:16 fih sshd[6186]: reverse mappin...g checking getaddrinfo for 2.09-40-64-220-wantel.net [209.40.64.220] failed - POSSIBLE BREAK-IN ATTEMPT!
May 22 16:38:16 fih sshd[6186]:. Invalid user eva from 209.40.64.2.20 美容
Ma.y 22 16:38:1.6 fih sshd[6186.]: pam_unix(sshd:auth): check pass; user unknown外贸
May 22 16:38:.16 fih sshd[6186]: pam_unix(sshd:auth): authen.tication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.09.4.0.64.220 婚庆
May 22 16:38:18 fih sshd[6186]: Failed .password for invalid user eva from .209.40.64.2.20 port 50181 ssh2 乙肝
May 22 16:38:20 fih sshd[61.88]:. reverse mapping checking getaddrinf.o for 209-40-64-220-wantel.net [209..40.64.220] failed - POSSIBLE BREAK-IN ATTEMPT!--------------彩票
May 22. 16:38:20 fih sshd[6188]: Invalid user flora .from 209.40.64.220投资
May 22 16:38:20 fih sshd[6188]: pam_unix(sshd:a.uth): .check pass; .user unknown 汽车
May. .22 16:38.:20 fih sshd[6188]: pam_unix(sshd:auth): authe.ntication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.40.64.220 .
May 22 16:38:22 fih sshd[6188]: Failed password .for in.valid use.r flora from 209.40.64.220 port 50289 ssh2
Ma.y 22 16:38:26 fih s.shd[6190]: r.everse mapping checking getaddrinfo for 209-40-64-220-wantel.net [209.40..64.220] failed - POSSIBLE BREAK-IN ATTEMPT!(广告)
May 22 16:38:26 fih. sshd[6190]: Invalid user franziska from .209.40.64.220.
May 22 16:38:26 fih sshd[6.190]: pam._unix(sshd:auth): check pas.s; user unknown外贸
May 22 16:38:26 fih sshd[6190]:. pam_unix(sshd:auth): authentication failure; logname= uid=0 euid.=0 tty=ssh ruser= rhost=209..40.64.2.20 --------------彩票
Ma.y 22 16:38:29 fih sshd[6190]: Fa.iled password for invalid user franziska from 209.40.64.220 .port 50414 ssh2 电子
May 22 16:38:30 fih sshd[6192]:. reverse mapping .checking getaddrinfo fo.r 209-.40-64-220-wantel.net [209.40.64.220] failed - POSSIBLE BREAK-IN ATTEMPT!.
May 22 16:38:30 fih ssh.d[6192]: Invalid user frauke from 209..40.64.220学习
May 22 16:38:30 fih. sshd[6192]: pam_unix(s.shd:auth): .check pass; user unknown.
May 2.2 16.:38:30 fih ssh.d[6192]: pam_unix(sshd:au.th): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.40.64.220 --------------彩票
May 22 16:38:33 fih .sshd.[6192]: Failed passwor.d for invalid user frauke from 209.40.64.220 port 50633 ssh2教育
May 22 16:39:01 fih CRON[61.96]: pam_un.ix(cron:session): session opened for us.er root by (uid=0) 乙肝
May. 22 16:39:01 fih CRON[6196]: pam_unix(cr.on:session): session closed for user r.oot电影
May 22 16:.44:47 fih passwd[6165]: pam_unix(passwd:chauthtok): .password changed for ad.i虚拟主机
May 22 1.6:45:0.7 fih chfn[6204]: changed user `adi' information 建材
May 22 16:45:07 fih u.serd.el[6206]: delete user `adi' .
May 22. 16:45:07 f.ih userdel[6206]: removed group `adi' owned by `adi' 健康
May 22. 16:5.7:29 fih sshd.[6237]: Did not receive identification string from 60.2.91.228学习
May 22 17:09:01. f.ih CRON[6238]: pam_unix(cron.:session): session opened for user root by (uid=0)投资
Ma.y 22 17:0.9:01 fih CRON[6238]: pam_unix(cron:session): session closed f.or user root域名
Ma.y 22 17:17:01 fih C.RON[6246]: pam_unix(cron:session): session o.pened for user root by (uid=0)虚拟主机
May 22 17:17:01 fih CRON.[6246]: pam_unix(cron:session): session closed fo.r use.r root健康
May 22 17:39:01 fih CRON[.6249]: pam_unix(cron:session): session opene.d for us.er root by (uid=0)(广告)
May 2.2 17:39:01 fih CRON[6249]: pam._unix.(cron:session): session closed for user root<性病>
May 22 18:09:01 fih CRON[625.7]: pam_unix(cron:sessi.on): sessi.on opened for user root by (uid=0)
May 22 1.8:09:01 fih CRON[6257]: pam_unix(cro.n:session): session closed for user .root 健康
May 22 18:17:01 fih CR.ON[6265]: pam_unix(cron:session): ses.sion op.ened for user root by (uid=0)学习
May 22 18:17:01. fih CRON[6265.]: pam_unix(cron:sessi.on): session closed for user root.
May .22 18:39:01 fih CRON[6268]: pam_unix(cron.:session): session opened for user root by. (uid=0).
May 22 18:39:01 fi.h CRON[6268]: pam_unix(cron:session): session clo.sed for user root.学习
May 22 19:05:53 fih sshd[6276]: pam_un.ix(sshd:auth): authentication failure; logname= uid=.0 euid.=0 tty=ssh ruser.= rhost=210.188.206.245 user=root电脑
May 2.2 19:05:55 fih sshd[627.6]: Fai.led password for root from 210.188.206.245 port 56773 ssh2电脑
M.ay 22 19:05:56 fih sshd[6278]: pam_.unix(sshd:auth): authentication failure; logname= uid=0 euid=0. tty=ssh ruser= rhost.=210.188.206.245 user=root.
May 22 1.9:05:58 fih ss.hd[6278]: Failed password for root from 210.188.206.245 po.rt 57344 ssh2 乙肝
M.ay 22 19:06:00 fih sshd[6280]: pam_unix(sshd:.auth): authentication fai.lure; logname= uid=0 euid=0 tty=ssh ruser= .rhost=210.188.206.245 user=root[成人用品]
May 22 19:06:01 fih sshd[6280]: Failed pas.sword for ro.ot f.rom 210.188.206.245 port 57773 ssh2.
May 22 19:06:02 fih sshd[62.82]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser.= rhost=.210.188.20.6.245 user=root.
May 22 19:06:04 fih sshd[6282]: Fai.led password for root from 210.188.2.06.245 port 58190 s.sh2 美容
May 22 19:06:05 fih. sshd[6284]: pam_unix(sshd:auth): authenticatio..n failure; logname= uid=0 euid=0 tty=ssh ruser.= rhost=210.188.206.245 user=root电影
May 22 19:06:07 fih sshd[6284]: Failed p..assword fo.r root from 210.188.206.245 port 58531 ssh2<性病>
May 22 19:06:09 fih sshd[6286]: pa.m_unix(ssh.d:auth): authentication. failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210..188.206.245 user=root 电子
May 22 19:06:1.0 fih. sshd[6286]: Failed password for root .from 210.188.206.245 port 59038 ssh2投资
May 22 19:06:11 fih sshd[6288]: pam_unix(sshd:auth): authentication .failure; logname= uid=.0 eui.d=0 tty=ssh ruser= rhost=210..188.206.245 user=root 婚庆
May 22 19:06:13 fih ssh.d[62.88]: Failed password for root from. 210.188.206.245 port 59428 ssh2 鲜花
May 22 19:0.6:14 .fih sshd[6290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruse.r= rhost=210.188.206.245. user=root.
May 22 19:06:15 fih sshd[6290]: Failed password for. root. from 210.188.206.245 po.rt 59805 ssh2.
May 22 19:06:17 fih .sshd[6292]: pam_unix(ss.hd:a.uth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= .rhost=210.188.206.245 user=root电脑
Ma.y 22 19:06:19 fih sshd[6292]: Failed p.assword for root from 210.188.206.2.45 port 60144 ssh2.
May 22 19.:06:21 fih sshd[6294]: pam._unix(sshd.:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rh.ost=210.188.206.245 user=root--------------彩票
May 22 19:06:2.3 fih sshd[6294]: .Failed password for root from 210.188.206.245 port 60632 .ssh2.
May 22 19:06:25 fih sshd[6296]: pam_unix(sshd:auth).: authentica.tion failure; logn.ame= uid=0 euid=0 tty=ssh ruser= rhost=210.188.206.245 us.er=root 杀毒
May 22 19:06:27 fih sshd[6296]: Failed p.assword fo.r root from 210.188.206.245 port .32886 ssh2 婚庆
May 22 19:06:28 fih sshd[6298]: .pam_unix(sshd:auth): authen.tication failure; logname= .uid=0 euid=0 tty=ssh ruser= rhost=21.0.188.206.245 user=root.
May 22 19:06:30 f.ih sshd[6298]: Failed password for roo.t from 210.1.88.206.245 port 33324 ssh2 电子
May 22 19:06.:31 fih sshd[6300]: pam_unix(sshd:auth): authentica.tio.n failure.; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.188.206.245 user=root 美容
May 22 .19:06:33 fih sshd[6300]: Failed passwo.rd for roo.t from 210.188.206.245 port 33802 ssh2 乙肝
May 22 19:06:35 fih sshd[6302]: pam_unix(sshd:au.th): authentication f.ailure; logname= uid=0 euid=0 tty=ssh r.user= rhost=210.188.20.6.245 user=root 婚庆
May 22 19.:06:36 fih sshd[6302]: Failed password for root. fro.m 210.188.206.245 port 34352 ssh2电脑
May 22 19:0.6:37 fih sshd[6304]: pam_unix(sshd:auth): aut.hentication failure; logname= u.id=0 euid=0 t.ty=ssh ruser= rhost=210.188.206.245 user=root(广告)
May 22 19:06:39 fih sshd[6304].: Fa.iled password for root from 210..188.206.245 port 34791 ssh2虚拟主机
May 22 19:06:40 fih sshd[6306]: pam_unix(sshd:auth): authe.nticat.ion failur.e; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.1.88.206.245 user=root虚拟主机
May 22 19:06:.43 fih sshd[6306.]: Failed password for root from 210.188.206..245 port 35245 ssh2.
May 22 19:06:44 .fih sshd[6308]: pam_unix(sshd:auth): authent.ication failure;. logname= uid=.0 euid=0 tty=ssh ruser= rhost=210.188.206.245 user=root电影
May 22 19:06:.46 fih sshd[6308]: Failed password for root from 2.10.188.206.245 port 35751. ssh2 女人
May 22 19:06:47 fih sshd[6310]: .pam_unix(sshd:auth): authentication failur.e; l.ogname= uid=0 euid=0 tty=.ssh ruser= rhost=210.188.206.245 user=root<性病>
May 22 19:06:48 fih sshd.[6310]: Fai.led password for root from 210.188.206..245 port 36206 ssh2投资
May 22 19:06:50 fih sshd[6312]:. pam_unix(sshd:auth): authe.ntication fai.lure; logname= uid=0 euid=0 tty=ssh ruser= rhost=.210.188.206.245 user=root<性病>
May 22 19:06:51 fih ss.hd[6312]:. Failed password for root from 210.188.206.245 port 36585 .ssh2( 游戏 )
May 22 19:06:52 fi..h sshd[6314]: pam_unix(sshd:auth): authentication failure; l.o.gname= uid=0 euid=0 tty=ssh ruser= rhost=210.188.206.245 user=root--- 印刷
May 22 19:06:54 fih sshd[631.4].: Failed pas.sword for root from 210.188.206.245 port 36945 ssh2电脑
May 22 19:06:56 fih sshd[6316]: pam_unix(sshd:auth): authentication failure; logname= u.id=0 euid=0 tty=ssh .ruser= rhost=210.188..20.6.245 user=root虚拟主机
May 22 19:06:57 fih sshd[6316]:. Failed password for root fro.m 210.188.206.245 port .37448 ssh2 婚庆
May 22 19:06:58 fih sshd[.6318]: pam_unix(sshd:a.uth): authentication failure; logname= uid=0 euid=0 t.ty=ssh ruser.= rhost=210.188.206.245 user=root.
Ma.y 22 19:07:00 fih sshd[6318]: Failed password f.or root from 210.188.206.245 po.rt 37832 ssh2电脑
May 22 19.:07:01 fih sshd[632.0]: pam_unix(sshd:auth): authentication failure; logname= uid=.0 euid=0 tty=ssh ruser= rhost=210.188.206.2.45 user=root投资
May 22 19:07:03 fih sshd[6320]: Failed password for r..oot from 210.188.206.245 port 3.8212 ssh2健康
以下是/etc/passwd
root:0:0:root:/root:/bin/bashhttp://upload.bbs.csuboy.com/Mon_1004/126_7036_df017f5679398c9.gif[/img]服务器
daemon:1:1:daemon:/usr/sbin:/bin/shhttp://upload.bbs.csuboy.com/Mon_1004/126_7036_df017f5679398c9.gif[/img].
bin:2:2:bin:/bin:/bin/shhttp://upload.bbs.csuboy.com/Mon_1004/126_7036_df017f5679398c9.gif[/img] 汽车
sys:3:3:sys:/dev:/bin/shhttp://upload.bbs.csuboy.com/Mon_1004/126_7036_df017f5679398c9.gif[/img]健康
sync:4:65534:sync:/bin:/bin/synchttp://upload.bbs.csuboy.com/Mon_1004/126_7036_df017f5679398c9.gif[/img]电脑
games:5:60:games:/usr/games:/bin/shhttp://upload.bbs.csuboy.com/Mon_1004/126_7036_df017f5679398c9.gif[/img][成人用品]
man:6:12:man:/var/cache/man:/bin/shhttp://upload.bbs.csuboy.com/Mon_1004/126_7036_df017f5679398c9.gif[/img].
lp:7:7:lp:/var/spool/lpd:/bin/shhttp://upload.bbs.csuboy.com/Mon_1004/126_7036_df017f5679398c9.gif[/img] 美容
mail:8:8:mail:/var/mail:/bin/shhttp://upload.bbs.csuboy.com/Mon_1004/126_7036_df017f5679398c9.gif[/img]健康
news:9:9:news:/var/spool/news:/bin/shhttp://upload.bbs.csuboy.com/Mon_1004/126_7036_df017f5679398c9.gif[/img]健康
uucp:x:10:.10:uucp:/var/spool/uucp:/bin/.sh.
proxy:x:13:13:proxy:/bi.n:/bin./sh 建材
www-.data:x:33:33:
www.-data:/var/www:/bin/sh 鲜花
backup.:x:34:34:ba.ckup:/var/backups:/bin/sh 婚庆
list:x.:38:38:Mailing List Manager:/var/list:/bin/s.h<性病>
irc:x:39:.39:ircd:/var/run/ir.cd:/bin/sh 鲜花
gnats:x:41:41:Gnats Bug.-Reporting System (admin):/var/li.b/gnats:/bin/sh
nobody:x:65534:65534:nobody:./no.nexistent:/bin/sh.
root.1:x:1000:1000:root1,,,:/home/root1:/bi.n/bash( 游戏 )
sshd:x:100:65534::/var/run/sshd:/usr/sb..in/nologin 美容
libuuid:x:101.:103::/var/li.b/libuuid:/bin/sh 电子
mysql:x:102:104:MySQL Server,,,:/var/l.ib/mysql:/bin/false.电影
