You are not logged in.
- Topics: Active | Unanswered
#1 2010-08-15 13:54:16
- kokoko3k
- Member
- Registered: 2008-11-14
- Posts: 2,394
[SOLVED] Strange "last" output (!)
Gozer ~ # last
root pts/6 93.44.85.156 Sun Aug 15 15:49 still logged in
root 0***$;***4** :1001 Sun Aug 15 13:48 gone - no logout
root *8**$;***4** :1001 Sun Aug 15 13:13 gone - no logout
root *@p@ :1001 Sun Aug 15 12:41 gone - no logout
root pts/1 93.44.85.156 Sun Aug 15 12:40 - 13:24 (00:43)
root pts/1 93.44.85.156 Sun Aug 15 10:23 - 10:24 (00:00)
root pts/1 93.44.85.156 Sat Aug 14 13:45 - 13:45 (00:00)
root pts/1 93.44.85.156 Sat Aug 14 10:25 - 10:37 (00:12)
root pts/1 93.44.85.156 Fri Aug 13 21:06 - 23:13 (02:06)
root *@p@ :1001 Fri Aug 13 19:39 - 12:41 (1+17:02)
root pts/2 93.44.85.156 Fri Aug 13 19:02 - 20:49 (01:47)
root pts/3 93.44.85.156 Fri Aug 13 18:14 - 20:49 (02:35)
root *@p@ :1000 Fri Aug 13 16:55 - 19:39 (02:44)
root pts/1 93.44.85.156 Fri Aug 13 11:47 - 11:47 (00:00)
root pts/1 93.44.85.156 Fri Aug 13 11:45 - 11:46 (00:00)
root pts/2 93.44.85.156 Thu Aug 12 19:30 - 19:43 (00:13)
root pts/2 93.44.85.156 Thu Aug 12 17:31 - 17:38 (00:06)
root *@p@ :1000 Thu Aug 12 17:23 - 16:55 (23:32)
root pts/5 93.44.91.188 Thu Aug 12 11:21 - 11:50 (00:29)
root **V*$******* :1000 Thu Aug 12 11:00 gone - no logout
root *@p@ :1000 Thu Aug 12 10:55 - 17:23 (06:27)
root pts/1 93.44.85.156 Thu Aug 12 08:25 - 08:28 (00:03)
root pts/1 93.44.85.156 Wed Aug 11 18:45 - 19:46 (01:01)
root pts/1 93.44.85.156 Wed Aug 11 17:51 - 17:51 (00:00)
root pts/1 78.13.221.143 Sun Aug 8 14:00 - 15:02 (01:01)
root *@p@ :0.0 Fri Aug 6 17:14 - 10:55 (5+17:40)
root B***M****$** :0.0 Fri Aug 6 17:10 gone - no logout
root B***M****$** :0.0 Fri Aug 6 17:09 - 17:10 (00:01)
root *@p@ :0.0 Fri Aug 6 17:09 - 17:14 (00:05)
root *@p@ :0.0 Fri Aug 6 17:04 - 17:09 (00:04)
root *@p@ :0.0 Fri Aug 6 16:55 - 17:04 (00:08)
root pts/0 :0 Fri Aug 6 16:47 still logged in
root :0 Fri Aug 6 16:47 still logged in
root tty2 Fri Aug 6 16:46 - 16:47 (00:00)
root tty2 Fri Aug 6 16:46 - 16:46 (00:00)
root tty1 Fri Aug 6 16:45 - 16:47 (00:01)
root tty1 Fri Aug 6 16:45 - 16:45 (00:00)
root B***M******* :0.0 Fri Aug 6 16:08 - down (00:33)
root *@p@ :0.0 Fri Aug 6 16:01 - down (00:39)
root B***M******* :0.0 Fri Aug 6 15:26 - 16:08 (00:42)
root *@p@ :0.0 Fri Aug 6 15:24 - 16:01 (00:37)
root B***M******* :0.0 Fri Aug 6 15:20 - 15:26 (00:05)
root B***M******* :0.0 Fri Aug 6 15:20 - 15:20 (00:00)
root *@p@ :0.0 Fri Aug 6 15:19 - 15:24 (00:05)
root pts/0 :0 Fri Aug 6 15:18 - down (01:23)
root :0 Fri Aug 6 15:18 - down (01:23)
root tty1 Fri Aug 6 15:17 - down (01:24)
root tty1 Fri Aug 6 15:17 - 15:17 (00:00)
root BS**MV***d** :0.0 Fri Aug 6 15:07 - down (00:03)
root :0.0 Fri Aug 6 14:00 - down (01:10)
root BS**MV***d** :0.0 Fri Aug 6 13:21 - 15:07 (01:46)
root :0.0 Fri Aug 6 13:14 - down (01:56)
root :0.0 Fri Aug 6 12:52 - down (02:18)
root :0.0 Fri Aug 6 12:52 - down (02:19)
root BS**MV***d** :0.0 Fri Aug 6 12:10 - 13:21 (01:11)
root :0.0 Thu Aug 5 14:24 - down (1+00:46)
root pts/6 93.44.78.206 Wed Aug 4 15:42 - 15:51 (00:09)
root :0.0 Wed Aug 4 08:01 - down (2+07:09)
root pts/6 93.44.86.224 Mon Aug 2 18:51 - 18:52 (00:01)
root :0.0 Mon Aug 2 15:20 - down (3+23:50)
root pts/5 192.168.117.5 Mon Aug 2 14:03 - 14:04 (00:00)
root :0.0 Mon Aug 2 11:20 - down (4+03:50)Don't shoot me, i use that linux box with root account.
Has anyone an idea about the means of those strange strings like BS**MV***d** and so on?
Last edited by kokoko3k (2010-08-16 06:38:49)
Help me to improve ssh-rdp !
Retroarch User? Try my koko-aio shader !
Offline
#2 2010-08-15 14:54:51
- valium97582
- Member
- Registered: 2010-06-19
- Posts: 126
Re: [SOLVED] Strange "last" output (!)
Hmm, it seems that you are hacked...
Check those IP addresses in the list. Unless you use your box with ssh too...
Now, I do not know what this strings do mean, you will have to wait until someone helps you.
I'm also known as zmv on IRC.
Offline
#3 2010-08-15 15:34:08
- kokoko3k
- Member
- Registered: 2008-11-14
- Posts: 2,394
Re: [SOLVED] Strange "last" output (!)
Those are all mine ip addresses, it's really strange...
Help me to improve ssh-rdp !
Retroarch User? Try my koko-aio shader !
Offline
#4 2010-08-15 15:44:13
- .:B:.
- Forum Fellow
- Registered: 2006-11-26
- Posts: 5,819
- Website
Re: [SOLVED] Strange "last" output (!)
It surely looks bizarre, but someone would need local access to that box... Every entry points to local access (no IP in front of the colon). Doesn't necessarily mean he got hacked.
Got Leenucks? :: Arch: Power in simplicity :: Get Counted! Registered Linux User #392717 :: Blog thingy
Offline
#5 2010-08-15 18:16:06
- kokoko3k
- Member
- Registered: 2008-11-14
- Posts: 2,394
Re: [SOLVED] Strange "last" output (!)
For the record, i use that box locally too.
When i connect remotely, usually i use Nxclient or "ssh -Y", maybe this is relevant ?
Help me to improve ssh-rdp !
Retroarch User? Try my koko-aio shader !
Offline
#6 2010-08-15 20:39:06
- R00KIE
- Forum Fellow
- From: Between a computer and a chair
- Registered: 2008-09-14
- Posts: 4,734
Re: [SOLVED] Strange "last" output (!)
Are you using just 'last' or are you using any options?
I've seen last output some nonsense when using some options. Also you can test that theory about nx leaving strange entries there, just login with nx and look at the first line of the output.
R00KIE
Tm90aGluZyB0byBzZWUgaGVyZSwgbW92ZSBhbG9uZy4K
Offline
#7 2010-08-16 06:38:27
- kokoko3k
- Member
- Registered: 2008-11-14
- Posts: 2,394
Re: [SOLVED] Strange "last" output (!)
Confirmed, it has to be an NX thing, after some tries, it seems to happen randomly when i use it in floating window mode (without loading a full environment like gnome or kde),
Thank you, i'm adding 'solved' to the thread, at least the cause is clear now.
-edit-
(no options given to last, btw)
Last edited by kokoko3k (2010-08-16 06:39:27)
Help me to improve ssh-rdp !
Retroarch User? Try my koko-aio shader !
Offline