Over the past few days my firewall and server have been scanned numerous times... I was not too worried since I keep an eye on my systems and the router and firewall were denying request as they should. However, today I ssh'd into my box and notice something disturbing "Last login: Sun Nov 14 14:44:38 2004 from user-12l27n9.cable.mindspring.com" (THIS WAS NOT ME!)
I'm not a mindspring customer and considering I'm the only user that has ssh access to my server this is very worrisome to me. Is there anyway I can verify if my servers been accessed and what they might have done??? (running SME Server 6.0.1-01)
I also have many failed login/password and illegal user's attempts in my messages log. They were logged from the IP's of 203.150.17.44, 210.124.74.102, 212.244.229.130. Traceroutes didn't turn up much useful info. The only successful sshd connections are mine...
1 Replies
665 Views