Hi all. I'm on SuSE 7.1. That dialin.net address looked familiar: ------------- Sep 10 00:54:56 tdscom1 ftpd[23742]: ACCESS DENIED (not in any class) TO pD9553692.dip.t-dialin.net [217.85.54.146] Sep 10 00:54:56 tdscom1 ftpd[23742]: FTP LOGIN REFUSED (access denied) FROM pD9553692.dip.t-dialin.net [217.85.54.146], anonymous Sep 11 21:52:40 tdscom1 ftpd[9539]: ACCESS DENIED (not in any class) TO p3EE2182D.dip.t-dialin.net [62.226.24.45] Sep 11 21:52:40 tdscom1 ftpd[9539]: FTP LOGIN REFUSED (access denied) FROM p3EE2182D.dip.t-dialin.net [62.226.24.45], anonymous ------------- Coincidence? Michael B. Sziede Lead Programmer/Analyst TRX Data Services 1477 Chain Bridge Rd., Ste 201 McLean, VA 22101 USA Office: 703-748-3162 x210 Fax: 703-748-3167 email: michael.sziede@trx.com -----Original Message----- From: Gero Lindenblatt [mailto:gerol@web.de] Sent: Wednesday, September 19, 2001 10:01 AM To: suse-security@suse.com Subject: [suse-security] hacker attack ? Hi, my system is SuSE 7.2. i was shocked today when i saw a file in my homedir called MDACSET.log. It's content is : ------- Lets get out of here. 2.1 already instlled. ------ In my /var/log/messages i could read --- Sep 4 15:55:42 pam proftpd[4981]: pam.[mydomain] (pD9E2C451.dip.t-dialin.net[217.226.196.81]) - Complex path, will rename /.in.MDACSET.log. to /MDACSET.log. --- is this a backdoor or something or just a file from a windows system which was ftped onto my server ? _I_ never puhsed this file up... thanks a lot Gero _______________________________________________________________________ 1.000.000 DM gewinnen - kostenlos tippen - http://millionenklick.web.de IhrName@web.de, 8MB Speicher, Verschluesselung - http://freemail.web.de -- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com