⬆️ ⬇️

Absolutely gone

Found now in logs of some psycho who breaks on my server from the domain mail.cp.government.bg





user139:/var/log# netstat -a | grep mail.cp

tcp 0 0 user139.host.ru:ssh mail.cp.governmen:46226 TIME_WAIT

tcp 16 0 user139.host.ru:ssh mail.cp.governmen:47154 ESTABLISHED



user139:/var/log# cat auth.log | grep 'government.bg' | wc -l

465



Mar 20 23:41:24 user139 sshd[9733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=mail.cp.government.bg




And what to do with this abnormal?


')

Source: https://habr.com/ru/post/55101/



All Articles