Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 11 May 2008 13:49:57 -0600
From:      Chad Perrin <perrin@apotheon.com>
To:        freebsd-questions@freebsd.org
Subject:   Re: root login stops working
Message-ID:  <20080511194957.GA81732@demeter.hydra>
In-Reply-To: <200805102300.41775.fbsd.questions@rachie.is-a-geek.net>
References:  <812883.11120.qm@web54010.mail.re2.yahoo.com> <200805102300.41775.fbsd.questions@rachie.is-a-geek.net>
next in thread | previous in thread | raw e-mail | index | archive | help 

--ew6BAiZeqk4r7MaW
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, May 10, 2008 at 11:00:41PM +0200, Mel wrote:
> On Saturday 10 May 2008 20:50:46 Dennis Flynn wrote:
> > I'm running FreeBSD wx.dennis-flynn.net 7.0-RELEASE FreeBSD 7.0-RELEASE=
 #0:
> > Sun Feb 24 19:59:52 UTC 2008   =20
> > root@logan.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  i386
> >
> > About a day after install root login no longer works - even on the cons=
ole.
> >
> > I see the following in /var/log/auth.log:
> > May 10 14:22:37 wx sshd[86223]: Accepted password for root from
> > 10.11.12.104 port 1492 ssh2 May 10 14:22:37 wx sshd[86223]: Received
> > disconnect from 10.11.12.104: 0:
> >
> > And in /var/log/messages:
> > May 10 14:27:51 wx kernel: pid 86237 (csh), uid 0: exited on signal 11
> > (core dumped)
>=20
> Looks like you got hacked, the tell-tale being "ip port ####".
> http://security.freebsd.org/advisories/FreeBSD-SA-08:05.openssh.asc

=2E . . unless that's part of Dennins' network setup.

--=20
CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ]
McCloctnick the Lucid: "The first rule of magic is simple. Don't waste your
time waving your hands and hopping when a rock or a club will do."

--ew6BAiZeqk4r7MaW
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.8 (FreeBSD)

iEYEARECAAYFAkgnTeUACgkQ9mn/Pj01uKVCtwCfdPIDGA0CnxivvShQ9ryGmKv2
D+0Anj6iTnTP2bjYcZ0Mr+oDEgXUYIW5
=+t6y
-----END PGP SIGNATURE-----

--ew6BAiZeqk4r7MaW--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080511194957.GA81732>