Mailinglist Archive: opensuse (3637 mails)

< Previous Next >
Re: [SLE] hacked?
  • From: "Geordon VanTassle" <gvantass@xxxxxxxxxxxxxxxx>
  • Date: Wed, 2 May 2001 09:52:07 -0500
  • Message-id: <003201c0d317$757b5760$0801a8c0@xxxxxxxxxxxxxxxx>

----- Original Message -----
From: <elicker@xxxxxxxxx>
To: "SLE" <suse-linux-e@xxxxxxxx>
Sent: Wednesday, May 02, 2001 9:30 AM
Subject: [SLE] hacked?


> I never bothered to look /var/log/messages file until now.

May I suggest that you install something like Logwatcher by Psionic?
RElatively easy to set up and very helpful.

> Just by curiosity I was browsing the file and I see the excerpt that
> follows.
>
> It seems that someone at 200.204.201.138 was trying to break in into my
> computer.

Sure looks like it. Did you by chance run HARDEN_SUSE on this box?

> My box is a minimal SuSE 6.4 with KDE2, apache and samba added. No
> special security measures was taken.

Whoops, probably no HArden_SuSE run, huh?

> As I know nothing about security I am looking for some advice.
>
> Does this guy at 200.204.201.138 succeed? Was I hacked?

It doesn't appear so. HOwever, you can never be sure, unless you keep an
eye on security all the time.

> What is "popper"? AFAIK there is nothing in my box with this name.

"Popper" is the POP mail server.

> Thanks a lot for any advice.
>
>
> Claudio


Good luck.
Geordon


< Previous Next >
Follow Ups
References