Hi
I receive this log by mail from my server but
dont understand
In my /etc/hosts.deny i have :
--------------------------------------------
ALL:ALL:spawn (safe_finger -l @%h | mail -s %u-%c
root) &:banners /usr/local/etc/banners/deny portmap: ALL
This is a mail from my serveur :
--------------------------------------------
[212.184.103.11] Login:
operator Name:
operator Directory:
/root
Shell: /bin/sh On since Mon Jan 22 08:56 (CET) on pts/0 from
212.93.151.66 41 minutes 26 seconds idle No
mail. No Plan.
--------------------------------------------
That this mean ? I have a back door in my serveur
?
it's simple ;-)
someone have tryed some services on your server and
your server have
replied fingering this person and mailing you with the
data fingered from 212.184.103.11
no backdoor
That can i do ?
nothing, it's normal, if you don't want receive the mail, change
the first line
of your hosts.deny with ALL: ALL
--- ;---+---; bye | bye |hor
|