제서버가 해킹을 당했습니다..
작성자 정보
- 김석훈 작성
- 작성일
컨텐츠 정보
- 1,699 조회
- 0 추천
- 목록
본문
로그파일을 보니까...이런메시지가 있더라구요..
제가 봤을때는 해킹인거 같습니다...pstree 라는 명령도 안 먹구요.
[root@www chkrootkit-0.40]# pstree
Segmentation fault (core dumped)
이렇게 나와버리더라구요.. 외국에서 해킹한거 같은데요...
.bash_history 파일도 없구....어떤게 대처해야할지 잘 모르겠습니다.
아래 내용 설명부탁드리구요...대처방안을 알려주시면.감사하겠습니다..
그럼..감사합니다...
----/var/log/secure----
microsoft.com: no such user found from ANancy-104-1-2-65.w81-49.abo.wanadoo.fr [81.49.238.65] to 211.251.xx.xx:21
May 29 01:24:03 aaa proftpd[14191]: aaa.co.kr(ANancy-104-1-3-167.w81-49.abo.wanadoo.fr[81.49.239.167]) - USER anonymous: n
o such user found from ANancy-104-1-3-167.w81-49.abo.wanadoo.fr [81.49.239.167] to 211.251.72.66:21
-----/var/log/message-------
May 28 22:28:18 aaa proftpd[14133]: aaa.co.kr(ANancy-104-1-2-65.w81-49.abo.wanadoo.fr[81.49.238.65]) - FTP session opened.
May 28 22:28:24 aaa proftpd[14133]: aaa.co.kr(ANancy-104-1-2-65.w81-49.abo.wanadoo.fr[81.49.238.65]) - no such user 'anonymous@ftp.microsoft.com'
May 28 22:28:25 aaa last message repeated 4 times
May 28 22:33:19 aaa proftpd[14133]: aaa.co.kr(ANancy-104-1-2-65.w81-49.abo.wanadoo.fr[81.49.238.65]) - FTP login timed out
, disconnected.
May 29 01:24:02 aaa proftpd[14191]: aaa.co.kr(ANancy-104-1-3-167.w81-49.abo.wanadoo.fr[81.49.239.167]) - FTP session opene
d.
May 29 01:24:03 aaa proftpd[14191]: aaa.co.kr(ANancy-104-1-3-167.w81-49.abo.wanadoo.fr[81.49.239.167]) - no such user 'ano
nymous'
May 29 01:24:03 aaa last message repeated 4 times
May 29 01:24:04 aaa proftpd[14191]: aaa.co.kr(ANancy-104-1-3-167.w81-49.abo.wanadoo.fr[81.49.239.167]) - FTP session close
d.
May 29 09:56:05 aaa named[671]: lame server on '233.106.230.155.in-addr.arpa' (in '230.155.in-addr.arpa'?): 134.75.30.1#53
May 29 09:56:13 aaa proftpd[14549]: aaa.co.kr(155.230.106.233[155.230.106.233]) - FTP session opened.
May 29 09:56:13 aaa proftpd[14549]: aaa.co.kr(155.230.106.233[155.230.106.233]) - FTP session closed.
May 29 09:56:13 aaa named[671]: lame server on '233.106.230.155.in-addr.arpa' (in '230.155.in-addr.arpa'?): 155.230.20.10#53
May 29 11:03:42 aaa proftpd[14616]: aaa.co.kr(211.54.184.170[211.54.184.170]) - FTP session opened.
May 29 11:03:42 aaa proftpd[14616]: aaa.co.kr(211.54.184.170[211.54.184.170]) - FTP session closed.
May 29 20:01:10 aaa proftpd[14816]: aaa.co.kr(62.1.94.20[62.1.94.20]) - FTP session opened.
May 29 20:01:11 aaa proftpd[14816]: aaa.co.kr(62.1.94.20[62.1.94.20]) - no such user 'anonymous'
May 29 20:01:12 aaa last message repeated 4 times
May 29 20:01:13 aaa proftpd[14816]: aaa.co.kr(62.1.94.20[62.1.94.20]) - FTP session closed.
관련자료
-
이전
-
다음
