![](https://seccdn.libravatar.org/avatar/d2a0d5a09630cf03ecf07ce428c3f365.jpg?s=120&d=mm&r=g)
5 Aug
1999
5 Aug
'99
23:25
In article <19990805131654.A28605@willamette.edu>,
Seth R Arnold
Jan, it looks like you have been compromised. wu-ftpd is a popular source of breakins, if what I have read is correct.
What makes you think that Jan have been compromised?
According to his logfiles ...
| Aug 4 21:16:22 www wu.ftpd[25329]: connect from root@212.160.104.141
| Aug 5 02:49:53 www wu.ftpd[25641]: connect from root@212.160.104.141
... he got a connect from someone that is root on the *remote*
machine. Now he wonders why root on this machine uses ftp or if this
other machine have been hacked. I can't read any hint in his mail,
that anyone got root access on his machine.
--
Rolf Krahl