Re: pam problem
On Sat, 19 May 2012 15:04:28 -0600, Glenn English wrote:
> On May 19, 2012, at 2:35 PM, Camaleón wrote:
>
>> You can also run rkhunter to scan your system.
>
> Done. It says:
>
> File properties checks...
> Files checked: 128
> Suspect files: 0
>
> Rootkit checks...
> Rootkits checked : 110
> Possible rootkits: 0
>
> Applications checks...
> Applications checked: 6
> Suspect applications: 0
>
> Next?? :-)
It seems clean :-)
Next I'll do is:
1/ Monitor the Fail2ban logs to check if the attack is still in place.
2/ Try to find out the IP source of the machine(s) that is generating
this just to confirm this is a common dictionary attack and nothing more
serious or from a different nature.
And there's no much you can do, sadly this is a usual situation for every
service (web server, ftp, ssh, smtp, pop3/imap...) that is connected to
Internet: once you are online you'll be fried ;-(
Greetings,
--
Camaleón
Reply to: