Wei Jiang wrote:
> Hi all
> I had an interesting finding about the anacron program. This is what
> happened.
>
> When I was sanning through the log file, I found the following suspicous
> entries
> ------------------------------------------------------------
> Apr 9 03:45:29 raw login[836]: FAILED LOGIN SESSION FROM
> usw-sf-fw2.sourceforge.net FOR alan, Authentication failure
> Apr 9 03:45:45 raw login[836]: FAILED LOGIN SESSION FROM
> usw-sf-fw2.sourceforge.net FOR jinjin, Authentication failure
> ......
>
> There are more entries like this that follow. The first thing that came to
> my mind is that someone was attempting to break into these account
> accounts from usw-sf-fw2.sourceforge.net. And then at the end of these
> entries, I found this one:
>
> Apr 9 04:02:00 raw anacron[847]: Updated timestamp for job `cron.daily'
> to 2001-04-09
>
> The interesting thing is, I went to sourceforge.net/projects.anacron
> and found that anacron is actually listed as one of the projects from this
> site.
> Now somebody please tell me what this is all about? Is this a coincidence?
> Or someone is using sourceforge.net to hack my system? I don't remember
> installing anacron myself, or does it come with redhat6.2 and installed by
> default??
> Any prompt suggestion will be appreciated. We might have a case here!!
I get the Updated timestamp messages but never had alan or anyone else from
sourceforge try to log in. Sounds suspicious. I would contact sourceforge.
They may have had a machine compromised.
Bret
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
