well, are any of the users or computers called james or elite3?? if not , I would start worrying and check your firewall is one and whats open and look for trojans and backdoors on all windows box's and the linux box as well.
do you run ftp or telnet? is it accessable to the world at large? If so, that may be a cause of your compromise if you have one. rgds Frank -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Colin Jenkins Sent: Friday, 9 November 2001 2:39 PM To: linux-newbi group Subject: [newbie] intruder? Hi all, Just had a problem when reebooting (lm8) lots of failures including X. did a du and found my drive was full... it turned out to be a 1.5G log file in /var/log/samba .. the file was logging my sons win98 box. I deleted the file and managed to boot up ok, except I seem to have lost kde and gnome (only have ice now) when I checked the log file had been recreated (log.elendil.old) and was rapidly growing. I deleted it a few times and things seem to have settled down... then I noticed 2 other log file for unknown user ..log.james and log .elite3 does this sound like an intruder or some other problem? ================================================================ Colin Jenkins ICQ: 650611 registered linux user 223862 If you can keep your head when all about you are losing theirs, obviously you have no conception of the magnitude of the problem. ================================================================
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com