On 11/20/05, Steven T. Hatton
On Sunday 20 November 2005 08:05 am, Anders Johansson wrote:
You still provide us with an astonishing lack of information.
I'm not sure why you find that "astonishing".
How are anybody supposed to help you if you don't give any info? For instance, some extracts from your logs that shows the accepted ssh login. The history of commands that the user executed after login. Then you can see what they did and if it were a cracker or not. I am not a security expert, but those are the first places I would start to look to see what is happening. Not sure if this helps -- Andre Truter | Software Engineer | Registered Linux user #185282 ICQ #40935899 | AIM: trusoftzaf | http://www.trusoft.za.org ~ A dinosaur is a salamander designed to Mil Spec ~