以前一直没注意过,直到十一假期,忽然感觉不对。上log一看,才发现有麻烦了。之后,就跟着网上一些资料处理了一下。无非就是删除一些帐号,设置一下防火墙之类,但似乎作用不大。今天看log居然有是一对连接信息。我将log部分内容贴出来,请高手帮忙看看。这里谢谢先!
这个是Message里的信息:
Oct 8 00:08:56 localhost pppd[4501]: No response to 3 echo-requests
Oct 8 00:08:56 localhost pppd[4501]: Serial link appears to be disconnected.
Oct 8 00:08:56 localhost pppd[4501]: Connect time 42.7 minutes.
Oct 8 00:08:56 localhost pppd[4501]: Sent 239601 bytes, received 635054 bytes.
Oct 8 00:08:56 localhost ntpd[2045]: sendto(222.73.214.1) (fd=24): Invalid argument
Oct 8 00:08:57 localhost dnsmasq[2158]: reading /etc/resolv.conf
Oct 8 00:08:57 localhost dnsmasq[2158]: using nameserver 218.30.19.40#53
Oct 8 00:08:57 localhost dnsmasq[2158]: using nameserver 61.134.1.4#53
Oct 8 00:09:01 localhost NET[4914]: /etc/sysconfig/network-scripts/ifdown-post : updated /etc/resolv.conf
Oct 8 00:09:02 localhost pppd[4501]: Connection terminated.
Oct 8 00:09:02 localhost pppd[4501]: Modem hangup
Oct 8 00:09:03 localhost pppoe[4502]: read (asyncReadFromPPP): Session 8505: Input/output error
Oct 8 00:09:03 localhost pppoe[4502]: Sent PADT
Oct 8 00:09:03 localhost pppd[4501]: Exit.
Oct 8 00:09:04 localhost pppoe-connect: PPPoE connection lost; attempting re-connection.
Oct 8 00:09:10 localhost pppd[4931]: Warning: can't open options file /root/.ppprc: Permission denied
Oct 8 00:09:10 localhost pppd[4931]: pppd 2.4.4 started by root, uid 0
Oct 8 00:09:10 localhost pppd[4931]: Using interface ppp0
Oct 8 00:09:10 localhost pppd[4931]: Connect: ppp0 <--> /dev/pts/1
Oct 8 00:09:41 localhost pppd[4931]: LCP: timeout sending Config-Requests
Oct 8 00:09:41 localhost pppd[4931]: Connection terminated.
Oct 8 00:09:41 localhost pppd[4931]: Modem hangup
Oct 8 00:09:46 localhost pppoe[4932]: Timeout waiting for PADO packets
Oct 8 00:09:46 localhost pppd[4931]: Exit.
Oct 8 00:09:46 localhost pppoe-connect: PPPoE connection lost; attempting re-connection.
Oct 8 00:09:51 localhost pppd[4952]: Warning: can't open options file /root/.ppprc: Permission denied
Oct 8 00:09:51 localhost pppd[4952]: pppd 2.4.4 started by root, uid 0
Oct 8 00:09:51 localhost pppd[4952]: Using interface ppp0
Oct 8 00:09:51 localhost pppd[4952]: Connect: ppp0 <--> /dev/pts/1
Oct 8 00:09:51 localhost pppoe[4953]: PPP session is 1596 (0x63c)
Oct 8 00:09:54 localhost pppd[4952]: CHAP authentication succeeded: Authentication success,Welcome!
Oct 8 00:09:54 localhost pppd[4952]: CHAP authentication succeeded
Oct 8 00:09:55 localhost pppd[4952]: local IP address 124.116.113.170
Oct 8 00:09:55 localhost pppd[4952]: remote IP address 124.116.112.1
Oct 8 00:09:55 localhost pppd[4952]: primary DNS address 61.134.1.4
Oct 8 00:09:55 localhost pppd[4952]: secondary DNS address 218.30.19.40
Oct 8 00:09:55 localhost dnsmasq[2158]: no servers found in /etc/resolv.conf, will retry
Oct 8 00:09:56 localhost NET[4994]: /etc/sysconfig/network-scripts/ifup-post : updated /etc/resolv.conf
Oct 8 00:10:15 localhost ntpd[2045]: sendto(222.73.214.125) (fd=24): Invalid argument
Oct 8 00:10:34 localhost ntpd[2045]: sendto(61.129.66.79) (fd=24): Invalid argument
Oct 8 00:11:05 localhost ntpd[2045]: sendto(222.73.214.1) (fd=24): Invalid argument
Oct 8 00:11:40 localhost ntpd[2045]: Listening on interface #12 ppp0, 124.116.113.170#123 Enabled
Oct 8 00:11:40 localhost ntpd[2045]: Deleting interface #11 ppp0, 124.116.115.166#123, interface stats: received=33, sent=43, dropped=4, active_time=2700 secs
Oct 8 00:12:22 localhost ntpd[2045]: synchronized to 222.73.214.125, stratum 2
这个是secure里的信息:
[color="Red"]Oct 3 03:07:37 localhost su: pam_unix(su:session): session closed for user root
Oct 3 03:47:24 localhost sshd[9419]: Did not receive identification string from 202.99.122.136
Oct 3 04:06:48 localhost su: pam_unix(su:session): session closed for user root
Oct 3 04:07:24 localhost sshd[2050]: Received signal 15; terminating.
Oct 3 11:25:45 localhost sshd[2075]: Server listening on :: port 22.
Oct 3 11:25:45 localhost sshd[2075]: Server listening on 0.0.0.0 port 22.
Oct 3 11:26:38 localhost gdm-session-worker[2514]: pam_unix(gdm:session): session opened for user Jet.Z by (uid=0)
Oct 3 11:31:18 localhost userhelper[3060]: pam_timestamp(yumex:session): updated timestamp file `/var/run/sudo/Jet.Z/unknown:root'
Oct 3 11:31:18 localhost userhelper[3065]: running '/usr/share/yumex/yumex ' with root privileges on behalf of 'Jet.Z'
Oct 3 11:43:37 localhost su: pam_unix(su:session): session opened for user root by Jet.Z(uid=500)
Oct 3 11:43:57 localhost sshd[3382]: Did not receive identification string from 221.238.248.55
Oct 3 11:46:28 localhost sshd[3388]: Invalid user admin from 221.238.248.55
Oct 3 11:46:28 localhost sshd[3389]: input_userauth_request: invalid user admin
Oct 3 11:46:28 localhost sshd[3388]: pam_unix(sshd:auth): check pass; user unknown
Oct 3 11:46:28 localhost sshd[3388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.238.248.55
Oct 3 11:46:28 localhost sshd[3388]: pam_succeed_if(sshd:auth): error retrieving information about user admin
Oct 3 11:46:30 localhost sshd[3388]: Failed password for invalid user admin from 221.238.248.55 port 15070 ssh2
Oct 3 11:46:30 localhost sshd[3389]: Received disconnect from 221.238.248.55: 11: Bye Bye |
IP卡
狗仔卡
发表于 2008-10-8 00:38:08
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
显身卡
楼主