I realized I haven't checked my logs on my new server ( bad me ). But I figured I wouldn't find anything, it's only my personal server. I checked the logs today to find thousands of login attempts. Most tried to brute my root password, though I don't have a root user. There were a bunch of user name attempts for what looked like a name dictionary attack. Some were from busness static ip's and there were even some from perdu.edu
Now for my questions. What should I look for to find out if they actually got in? Parse the auth log for those ip's for a successfull login? I also run a web server on that machine, is there something I can look for to see If they got into that? Also is there any recourse I have? Or should I just let it go and harden my server even more? Sent from my iPhone _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
