linux是否被入侵 - 【 Linux/Unix 】 - 我是网管论坛

love-life

衰哥霉女

UID 581622
精华 0
积分 -1
帖子 84
MST币 80 点
BST币 -1 点赚取
阅读权限 0
注册 2007-9-12
状态在线

#1

大中小

[ 使用道具 ]

发表于 2007-12-24 13:03 [ 资料 ] [ 博客 ] [ 短消息 ] [ 加为好友 ]

爱琴思邮件系统iGENUS V5.0

linux是否被入侵

本帖发表在我是网管论坛，帖子地址：http://bbs.54master.com/222029,1,1

[root@localhost /]# last -n 20 -f  /var/log/btmp
root    tty1                         Mon Dec 24 10:28 gone - no logout
init 6 tty1                         Mon Dec 24 10:28 - 10:28  (00:00)
root    :0                         Mon Dec 24 10:26 gone - no logout
root    tty1                         Mon Dec 24 10:21 - 10:28  (00:06)
workshop ssh:notty 211.155.234.15 Sun Dec 23 20:42 gone - no logout
desktop  ssh:notty 211.155.234.15 Sun Dec 23 20:41 - 20:42  (00:00)
aptproxy ssh:notty 211.155.234.15 Sun Dec 23 20:41 - 20:41  (00:00)
popa3d ssh:notty 211.155.234.15 Sun Dec 23 20:41 - 20:41  (00:00)
divine ssh:notty 211.155.234.15 Sun Dec 23 20:41 - 20:41  (00:00)
harrypot ssh:notty 211.155.234.15 Sun Dec 23 20:41 - 20:41  (00:00)
radiomai ssh:notty 211.155.234.15 Sun Dec 23 20:41 - 20:41  (00:00)
snort ssh:notty 211.155.234.15 Sun Dec 23 20:41 - 20:41  (00:00)
james ssh:notty 211.155.234.15 Sun Dec 23 20:41 - 20:41  (00:00)
dan    ssh:notty 211.155.234.15 Sun Dec 23 20:41 - 20:41  (00:00)
frank ssh:notty 211.155.234.15 Sun Dec 23 20:41 - 20:41  (00:00)
zzz    ssh:notty 211.155.234.15 Sun Dec 23 20:41 - 20:41  (00:00)
sys    ssh:notty 211.155.234.15 Sun Dec 23 20:41 - 20:41  (00:00)
proxy ssh:notty 211.155.234.15 Sun Dec 23 20:41 - 20:41  (00:00)
eleve ssh:notty 211.155.234.15 Sun Dec 23 20:41 - 20:41  (00:00)
list    ssh:notty 211.155.234.15 Sun Dec 23 20:41 - 20:41  (00:00)

请大家帮我看一下，是否被入侵了
以下几句是什么意思啊
oot    tty1                         Mon Dec 24 10:28 gone - no logout
init 6 tty1                         Mon Dec 24 10:28 - 10:28  (00:00)
root    :0                         Mon Dec 24 10:26 gone - no logout
root    tty1                         Mon Dec 24 10:21 - 10:28  (00:06)
workshop ssh:notty 211.155.234.15 Sun Dec 23 20:42 gone - no logout
desktop  ssh:notty 211.155.234.15 Sun Dec 23 20:41 - 20:42  (00:00)

[root@localhost /]# [root@localhost /]# last -n 20 -f  /var/log/btmp
-bash: [root@localhost: command not found
[root@localhost /]# root    tty1                         Mon Dec 24 10:28 gone - no logout
aptproxy ssh:notty 211.155.234.15 Sun Dec 23 20:41 - 20:41  (00:00)
popa3d ssh:notty 211.155.234.15 Sun Dec 23 20:41 - 20:41  (00:00)
-bash: root: command not found
[root@localhost /]# init 6 tty1                         Mon Dec 24 10:28 - 10:28  (00:00)
james ssh:notty 211.155.234.15 Sun Dec 23 20:41 - 20:41  (00:00)
-bash: syntax error near unexpected token `('
[root@localhost /]# root    :0                         Mon Dec 24 10:26 gone - no logout
-bash: root: command not found
[root@localhost /]# root    tty1                         Mon Dec 24 10:21 - 10:28  (00:06)
-bash: syntax error near unexpected token `('
[root@localhost /]# workshop ssh:notty 211.155.234.15 Sun Dec 23 20:42 gone - no logout
-bash: workshop: command not found
[root@localhost /]# desktop  ssh:notty 211.155.234.15 Sun Dec 23 20:41 - 20:42  (00:00)
-bash: syntax error near unexpected token `('
[root@localhost /]# aptproxy ssh:notty 211.155.234.15 Sun Dec 23 20:41 - 20:41  (00:00)
-bash: syntax error near unexpected token `('
[root@localhost /]# popa3d ssh:notty 211.155.234.15 Sun Dec 23 20:41 - 20:41  (00:00)
-bash: syntax error near unexpected token `('
[root@localhost /]# divine ssh:notty 211.155.234.15 Sun Dec 23 20:41 - 20:41  (00:00)
-bash: syntax error near unexpected token `('
[root@localhost /]# harrypot ssh:notty 211.155.234.15 Sun Dec 23 20:41 - 20:41  (00:00)
-bash: syntax error near unexpected token `('
[root@localhost /]# radiomai ssh:notty 211.155.234.15 Sun Dec 23 20:41 - 20:41  (00:00)
-bash: syntax error near unexpected token `('
[root@localhost /]# snort ssh:notty 211.155.234.15 Sun Dec 23 20:41 - 20:41  (00:00)
-bash: syntax error near unexpected token `('
[root@localhost /]# james ssh:notty 211.155.234.15 Sun Dec 23 20:41 - 20:41  (00:00)
-bash: syntax error near unexpected token `('
[root@localhost /]# dan    ssh:notty 211.155.234.15 Sun Dec 23 20:41 - 20:41  (00:00)
-bash: syntax error near unexpected token `('
[root@localhost /]# frank ssh:notty 211.155.234.15 Sun Dec 23 20:41 - 20:41  (00:00)
-bash: syntax error near unexpected token `('
[root@localhost /]# zzz    ssh:notty 211.155.234.15 Sun Dec 23 20:41 - 20:41  (00:00)
-bash: syntax error near unexpected token `('
[root@localhost /]# sys    ssh:notty 211.155.234.15 Sun Dec 23 20:41 - 20:41  (00:00)
-bash: syntax error near unexpected token `('
[root@localhost /]# proxy ssh:notty 211.155.234.15 Sun Dec 23 20:41 - 20:41  (00:00)
-bash: syntax error near unexpected token `('
[root@localhost /]# eleve ssh:notty 211.155.234.15 Sun Dec 23 20:41 - 20:41  (00:00)
-bash: syntax error near unexpected token `('
[root@localhost /]# list    ssh:notty 211.155.234.15 Sun Dec 23 20:41 - 20:41  (00:00)
-bash: syntax error near unexpected token `('

还有这个  其中211.155.234.15我查了
ip138.com IP查询(搜索IP地址的地理位置)
您查询的IP:211.155.234.15

* 本站主数据：浙江省杭州市世导科技
* 查询结果2：浙江省杭州市世导科技
* 查询结果3：浙江省电信IDC机房

[ 点这里复制网址，推荐给你QQ/MSN上的好友们! ]

本站声明：以上内容由网友 love-life 提供，与54master立场无关！

[ 顶部 ]

jsjzhang

版主

Linux/Unix

UID 442836
精华 1
积分 665
帖子 1524
MST币 20028 点
BST币 665 点赚取
阅读权限 180
注册 2006-9-28
来自 --
状态离线

#2

大中小

[ 使用道具 ]

发表于 2007-12-24 17:04 [ 资料 ] [ 博客 ] [ 短消息 ] [ 加为好友 ]

[Copy to clipboard] [ - ]

CODE:

workshop ssh:notty 211.155.234.15 Sun Dec 23 20:42 gone - no logout
desktop  ssh:notty 211.155.234.15 Sun Dec 23 20:41 - 20:42  (00:00)
aptproxy ssh:notty 211.155.234.15 Sun Dec 23 20:41 - 20:41  (00:00)
popa3d ssh:notty 211.155.234.15 Sun Dec 23 20:41 - 20:41  (00:00)
divine ssh:notty 211.155.234.15 Sun Dec 23 20:41 - 20:41  (00:00)
harrypot ssh:notty 211.155.234.15 Sun Dec 23 20:41 - 20:41  (00:00)
radiomai ssh:notty 211.155.234.15 Sun Dec 23 20:41 - 20:41  (00:00)
snort ssh:notty 211.155.234.15 Sun Dec 23 20:41 - 20:41  (00:00)
james ssh:notty 211.155.234.15 Sun Dec 23 20:41 - 20:41  (00:00)
dan    ssh:notty 211.155.234.15 Sun Dec 23 20:41 - 20:41  (00:00)
frank ssh:notty 211.155.234.15 Sun Dec 23 20:41 - 20:41  (00:00)
zzz    ssh:notty 211.155.234.15 Sun Dec 23 20:41 - 20:41  (00:00)
sys    ssh:notty 211.155.234.15 Sun Dec 23 20:41 - 20:41  (00:00)
proxy ssh:notty 211.155.234.15 Sun Dec 23 20:41 - 20:41  (00:00)
eleve ssh:notty 211.155.234.15 Sun Dec 23 20:41 - 20:41  (00:00)
list    ssh:notty 211.155.234.15 Sun Dec 23 20:41 - 20:41  (00:00)

你的系统中你有没有建立过这些用户你不知道？

本站声明：以上内容由网友 jsjzhang 提供，与54master立场无关！

[ 顶部 ]