혹시 해킹의 흔적인가요? 노이로제걸릴지경임...
작성자 정보
- 김형준 작성
- 작성일
컨텐츠 정보
- 3,369 조회
- 0 추천
- 목록
본문
어느 부분을 공격한 건지..제 서버가 어디가 취약한지..혹시 아시는 분 귀뜸좀
해주세요...
첫번째 서버 /var/log/messages 내용입니다.t.t
Jun 7 03:46:44 linux9 rpc.statd[2858]: gethostbyname error for ^X??X??Z??Z??8x%8x%8x%8x%8x%8x%8x%8x%8x%62716x%hn%51859x%hn220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220220
Jun 7 04:09:58 linux9 su(pam_unix)[14107]: session opened for user news by (uid=0)
Jun 7 04:09:58 linux9 su(pam_unix)[14107]: session closed for user news
두번째 서버 /var/log/messages입니다(->이 서버는 해킹이 확실한듯 합니다)
Jun 4 11:26:11 내호스트명 kernel: write uses obsolete (PF_INET,SOCK_PACKET)
Jun 4 11:26:11 내호스트명 kernel: eth0: Promiscuous mode enabled.
Jun 4 11:26:11 내호스트명 kernel: device eth0 entered promiscuous mode
Jun 4 11:26:11 내호스트명 kflushd[23746]: log: Server listening on port 122.
Jun 4 11:26:11 내호스트명 kflushd[23746]: log: Generating 768 bit RSA key.
Jun 4 11:26:11 내호스트명 kflushd[23746]: log: RSA key generation complete.
Jun 4 11:26:12 내호스트명modprobe: modprobe: Can't locate module ppp0
Jun 4 11:26:12 내호스트명 kernel: eth0: Promiscuous mode enabled.
Jun 4 11:27:42 내호스트명 kflushd[23777]: log: Connection from 80.96.75.61 port 1404
Jun 4 11:27:43 내호스트명 kflushd[23777]: log: Could not reverse map address 80.96.75.61.
Jun 4 11:27:58 내호스트명 kflushd[23777]: log: Closing connection to 80.96.75.61
Jun 4 11:29:25 내호스트명 6월 4 11:29:25 su(pam_unix)[23840]: session opened for user nobody by (uid=0)
Jun 4 11:29:25 내호스트명 6월 4 11:29:25 su(pam_unix)[23840]: session closed for user nobody
Jun 4 11:29:34 내호스트명kflushd[23843]: log: Connection from 80.96.75.61 port 1413
Jun 4 11:29:34 내호스트명 kflushd[23843]: log: Could not reverse map address 80.96.75.61.
Jun 4 11:29:37 내호스트명 kflushd[23777]: fatal: Connection closed by remote host.
Jun 4 11:29:53 내호스트명 kflushd[23843]: log: Closing connection to 80.96.75.61
Jun 4 11:30:26 내호스트명 6월 4 11:30:26 su(pam_unix)[23906]: session opened for user mysql by (uid=0)
Jun 4 11:30:26 내호스트명 6월 4 11:30:26 su(pam_unix)[23906]: session closed for user mysql
Jun 4 11:30:31 내호스트명 6월 4 11:30:31 su(pam_unix)[23911]: session opened for user mysql by (uid=0)
Jun 4 11:30:31 내호스트명 6월 4 11:30:31 su(pam_unix)[23911]: session closed for user mysql
Jun 4 11:30:32 내호스트명 6월 4 11:30:32 su(pam_unix)[23915]: session opened for user mysql by (uid=0)
Jun 4 11:30:32 내호스트명 6월 4 11:30:32 su(pam_unix)[23915]: session closed for user mysql
Jun 4 11:30:47 내호스트명 6월 4 11:30:47 su(pam_unix)[23920]: session opened for user apache by (uid=0)
Jun 4 11:30:47 내호스트명 6월 4 11:30:47 su(pam_unix)[23920]: session closed for user apache
Jun 4 11:30:56 내호스트명 6월 4 11:30:56 su(pam_unix)[23924]: session opened for user ld by (uid=0)
Jun 4 11:36:17 내호스트명 named[10731]: lame server resolving 'eu.undernet.org' (in 'undernet.ORG'?): 64.71.180.170#53
Jun 4 11:38:56 내호스트명 6월 4 11:38:56 su(pam_unix)[23924]: session closed for user ld
Jun 4 11:41:41 내호스트명 modprobe: modprobe: Can't locate module ppp0
--------------------------------------------------------------------------------
Jun 4 12:04:21 내호스트명 kflushd[32048]: log: Connection from 80.96.75.61 port 1580
Jun 4 12:04:21 내호스트명 kflushd[32048]: log: Could not reverse map address 80.96.75.61.
Jun 4 12:04:37 내호스트명 kflushd[32048]: log: Closing connection to 80.96.75.61
Jun 4 12:25:23 내호스트명 kernel: 218.47.148.126 sent an invalid ICMP error to a broadcast.
Jun 4 12:25:26 내호스트명 kernel: 218.47.148.126 sent an invalid ICMP error to a broadcast.
Jun 4 12:26:09 내호스트명 kernel: 218.47.168.63 sent an invalid ICMP error to a broadcast.
Jun 4 12:26:11 내호스트명 kflushd[23746]: log: Generating new 768 bit RSA key.
Jun 4 12:26:11 내호스트명 kflushd[23746]: log: RSA key generation complete.
Jun 4 12:52:58 내호스트명 kflushd[32048]: fatal: Connection closed by remote host.
Jun 4 12:53:15 내호스트명 kflushd[23843]: fatal: Connection closed by remote host.
관련자료
-
이전
-
다음