Check the log review checklist at HTTP://chuvakin.blogspot.com Brett <[email protected]> wrote:
>I realized I haven't checked my logs on my new server ( bad me ). But >I figured I wouldn't find anything, it's only my personal server. I >checked the logs today to find thousands of login attempts. Most tried >to brute my root password, though I don't have a root user. There were >a bunch of user name attempts for what looked like a name dictionary >attack. Some were from busness static ip's and there were even some >from perdu.edu > >Now for my questions. What should I look for to find out if they >actually got in? Parse the auth log for those ip's for a successfull >login? I also run a web server on that machine, is there something I >can look for to see If they got into that? Also is there any recourse >I have? Or should I just let it go and harden my server even more? > >Sent from my iPhone >_______________________________________________ >Pauldotcom mailing list >[email protected] >http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
