[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Strange logs for connection



Hi

I receive this log by mail from my server but dont understand
 
In my /etc/hosts.deny i have :
--------------------------------------------
 
ALL:ALL:spawn (safe_finger -l @%h | mail -s %u-%c root) &:banners /usr/local/etc/banners/deny
portmap: ALL
 
This is a mail from my serveur :
--------------------------------------------
 
[212.184.103.11]
 Login: operator       Name: operator
 Directory: /root                    Shell: /bin/sh
 On since Mon Jan 22 08:56 (CET) on pts/0 from 212.93.151.66
    41 minutes 26 seconds idle
 No mail.
 No Plan.
 
--------------------------------------------
 
That this mean ? I have a back door in my serveur ?
 
it's simple ;-)
someone have tryed some services on your server and your server have
replied fingering this person and mailing you with the data fingered from 212.184.103.11
no backdoor
 
That can i do ?
 
nothing, it's normal, if you don't want receive the mail, change the first line
of your hosts.deny with ALL: ALL
 
---
;---+---;
bye |
bye |hor
 

Reply to: