2 Mar
2021
2 Mar
'21
21:12
On 02/03/2021 21.56, James Knott wrote:
On 2021-03-02 3:54 p.m., Carlos E. R. wrote:
Apparently. According to what I saw about that site, they try lots of passwords and there were lots of attemps. And what user did they get in, root or test?
Test.
Ok, so the user did exist and had actually a password and they guessed it, via ssh and many attempts. Ok, that's the important information to know. They did not make "root", so the machine probably was not compromised. Check "crontab -e" (uses vi by default) to see if he created a cronjob. -- Cheers / Saludos, Carlos E. R. (from 15.2 x86_64 at Telcontar)