2 Mar
2021
2 Mar
'21
21:14
On 2021-03-02 4:12 p.m., Carlos E. R. wrote:
Ok, so the user did exist and had actually a password and they guessed it, via ssh and many attempts. Ok, that's the important information to know. They did not make "root", so the machine probably was not compromised.
Check "crontab -e" (uses vi by default) to see if he created a cronjob.
Nothing there.