Topic: Login Incorrect

[Tim Jabaut]

I have been getting a Login Incorrect at sporadic intervals lately. If I reboot the box all is fine, but sometime during the evening, something happens (possible cron job) that makes logins impossible.

I am suspecting that I may have been hacked or had a rogue rootkit installed.

The problems, that I was experiencing were as follows:

Running in Gateway/Server mode is was still able to get out to the internet (named was working)
I was still able to get into eMail and webmail
I was still able to view my web page

I could not SSH into the box anymore, nor could I directly login at the console.
It did not matter what username/password combination I choose I would simply get:

username: root
password: *****

login incorrect

it would then do a clear screen and present me with another login prompt.

I thought this was a little strange as it normally appends the screen with multiple failed attempts, but does not perform a clear screen.

Any ideas would be greatly appreaciated as I no longer trust this box, as I feel it may have been compromised.

[Rok Debeljak]

I have the same problem but I'm only unable to connect via SSH.
I can user server-manager, mail, ftp, ... only SSH returns "login incorrect"
I'm running 5.6.

[Rok Debeljak]

I believe that problem occured after I've upgraded glibc
(cause there were problems connecting to mysql cause of bug in glibc)

After the upgrade I couldn't login to ssh but mysql worked fine.
After reboot SSH works fine but mysql doesn't.